Share via


Securing database servers

Applies To: Forefront Client Security

Client Security uses two SQL Server databases:

  • Collection database

  • Reporting database

Depending on your deployment, these databases may reside on the same server or they may be on separate servers.

Securing SQL Server

Client Security requires no additional or special security configuration for SQL Server. It is recommended that you follow best practices for securing SQL Server. For more information about SQL Server security, see SQL Server 2005 – Security and Protection (https://go.microsoft.com/fwlink/?LinkId=65304).

Security for connections to database servers

It is recommended that you secure connections to the database servers used by Client Security. The following table describes the connections that may exist.

Component Connection to Topologies

Management server

Collection database

Four-server, five-server, and six-server

Reporting database

Collection database

Three-server, four-server, and six-server

Reporting server

Collection database

Four-server, five-server, and six-server

Reporting server

Reporting database

Three-server, five-server, and six-server

It is recommended that you use IPsec to secure database communications. For more information, see Internet Protocol Security for Microsoft Windows Server 2003 (https://go.microsoft.com/fwlink/?LinkId=32747).

You can also use SSL to secure communications. SQL Server 2005 provides the ability to encrypt connections using SSL. For more information, see SQL Server 2005 – Security and Protection (https://go.microsoft.com/fwlink/?LinkId=65304).