Securing database servers
Applies To: Forefront Client Security
Client Security uses two SQL Server databases:
Collection database
Reporting database
Depending on your deployment, these databases may reside on the same server or they may be on separate servers.
Securing SQL Server
Client Security requires no additional or special security configuration for SQL Server. It is recommended that you follow best practices for securing SQL Server. For more information about SQL Server security, see SQL Server 2005 – Security and Protection (https://go.microsoft.com/fwlink/?LinkId=65304).
Security for connections to database servers
It is recommended that you secure connections to the database servers used by Client Security. The following table describes the connections that may exist.
| Component | Connection to | Topologies |
|---|---|---|
Management server |
Collection database |
Four-server, five-server, and six-server |
Reporting database |
Collection database |
Three-server, four-server, and six-server |
Reporting server |
Collection database |
Four-server, five-server, and six-server |
Reporting server |
Reporting database |
Three-server, five-server, and six-server |
It is recommended that you use IPsec to secure database communications. For more information, see Internet Protocol Security for Microsoft Windows Server 2003 (https://go.microsoft.com/fwlink/?LinkId=32747).
You can also use SSL to secure communications. SQL Server 2005 provides the ability to encrypt connections using SSL. For more information, see SQL Server 2005 – Security and Protection (https://go.microsoft.com/fwlink/?LinkId=65304).