共用方式為


Security Considerations for SQL Server Databases used by Windows HPC Server 2008 R2

Updated: January 2011

Applies To: Windows HPC Server 2008 R2

Any database that contains important data and supports important functions for an organization should be reviewed and provided with protections, as part of an overall security plan. The databases that are used by all HPC clusters running Windows HPC Server 2008 R2 (which uses SQL Server 2008), are no exception. This topic is designed to help you to review the range of security options that are available for SQL Server 2008, choose appropriate options for your HPC cluster, and find more information as needed.

In this topic

Security considerations for SQL Server databases (local or remote) that support an HPC cluster

Specific security considerations for remote SQL Server databases (databases that are not on the head node)

Information about access to the HPC reporting database

Security considerations for SQL Server databases (local or remote) that support an HPC cluster

You can choose from a variety of security options that are available for SQL Server 2008 to help protect the SQL Server databases that support your HPC cluster. For example, choose the authentication method for your SQL server that best fit your organization’s requirements. The following links provide more information.

Overall security considerations for SQL Server

SQL Server authentication modes

SQL Server auditing

Transparent Data Encryption (an encryption option provided by SQL Server 2008)

Files and folders to secure on a server running SQL Server 2008:

Specific security considerations for remote SQL Server databases (databases that are not on the head node)

If you have configured remote SQL Server databases for your HPC cluster, also review the overall security of your SQL server as described in Security considerations for SQL Server databases (local or remote) that support an HPC cluster, earlier in this topic. In addition, review the methods you are using to protect the network connections to the SQL server. We recommend that you use Transport Layer Security/Secure Sockets Layer (TLS/SSL), which provides authentication and symmetric-key encryption. For more information, see Encrypting Connections to SQL Server (https://go.microsoft.com/fwlink/?LinkId=208479).

Important
Although Transparent Data Encryption (TDE) provides encryption on the SQL server, TDE does not provide encryption across communication channels. For information about how to encrypt data across communication channels, see the link in the previous paragraph.

The following list describes some types of information that you can help secure by using TLS/SSL for connections to a remote SQL server:

  • Job information being transmitted across the network, including information about who is running a particular job, what jobs have completed, and so on.

  • Necessary communication between the HPC Reporting service and the corresponding database (by default, the database is named HPCReporting).

  • Communication with the SQL Server database that you initiate through HPC Manager, custom software tools, or HPC PowerShell commands.

  • The overall security of the network, which is important in helping you protect against a variety of attacks, including flooding and denial of service (DoS) attacks.

There are four databases on a remote SQL Server that supports an HPC cluster: the cluster management database, the job scheduling database, the reporting database, and the diagnostics database. For more information about these databases, see the following links:

Information about access to the HPC reporting database

Windows HPC Server 2008 R2 is designed to provide specific, controlled types of access to the database that provides reporting information. For example, one type of access is provided through cmdlets in HPC PowerShell. Another type is provided through reporting views that are built into the database that supports HPC reporting. As part of reviewing security for your HPC cluster, you might want to become familiar with these types of access. The following topics provide more information:

Additional references