Video Screencast Help

SEPM 12.1 and SQL encryption

Created: 24 Aug 2011 | 3 comments

I have SEPM 12.1 installed using a SQL database and Windows Authentication. This works fine, but I need to encrypt the data that flows between the SEPM server and SQL server. SQL version is 2008 R2 (SP1) and both are running on Server 2008 R2 (SP1).

Comments 3 CommentsJump to latest comment

James-x's picture

Hello 458Italia,

The traffic between the SEPM and the SQL server is, by default, in not encrypted. For this reason, we recommend co-locating the SEPM and SQL server on their own secure subnet. (Page 85 of the Implementation Guide for SEP 12.1.)

If you want to encrypt the traffic between the two servers, you will need to look into using something like IPSEC. The SEPM cannot accomplish what you want by itself.

EDIT: This document looks promising: http://msdn.microsoft.com/en-us/library/ms189067.aspx

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

458Italia's picture

James,

Thank you for the quick reply. It does seem strange that communications cannot be configured for encryption. The SQL tools are required on the management server, so I would think the data can just be handed off to the Microsoft tools and let them handle it transparently. Another user of the forum posted that he solved the issue, but did not post the solution.

James-x's picture

Hello 485Italia,

I'm not a SQL admin, so I could be wrong about this, but I don't think that SQL itself can encrypt its own traffic. Microsoft expects you to utilize any number of other encryption methods to encrypt the traffic. I feel that this is a reasonable expectation, since there are so many encryption options out there that have been heavily tested and have high reliability.

I linked to this in my earlier post, but I'm going to link to it again: http://msdn.microsoft.com/en-us/library/ms189067.aspx

That Microsoft article should give you the information you need.

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!