Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
SQL Server Surface Area Configuration Manager

SQL Server Surface Area Configuration Manager

|Views: 0|Likes:

More info:

Published by: కోనూరి దినేష్ on Aug 31, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





As part of Microsoft's secure computing initiative, manynew security featureswere added to SQLServer 2005. While features like encryption andgranular permissions control secure databases within a server, other features are dedicated tosecuring the "surface area" of the server. The surface area includes everything the network can seeup to the time login credentials are sent, such as TCP ports, HTTP endpoints and other network-facing services.Microsoft locked down these services in a fairly straightforward manner. Most are simply off bydefault. In a fresh installation of SQL Server 2005, many features are disabled until anadministrator manually turns them back on. And while this is intended to save less savvy usersfrom unintentionally creating hacker playgrounds, managing all of these services could have turnedinto a nightmare.
The Surface Area Configuration tool
 Luckily, Microsoft thwarted the worst-case management scenario. Shipping with SQL Server 2005is a simple tool with only one purpose: to manage SQL Server's surface area. Now a DBA has onlyone place to go any time he must enable or disable an externally facing feature.You'll find the aptly named SQL Server Surface Area Configuration tool in the ConfigurationTools subfolder of the Microsoft SQL Server 2005 Start Menu programs. Like many of the newSQL Server tools, the first thing you'll notice upon starting the Surface Area Configuration tool isthat it has a very simple, straightforward interface. As a matter of fact, it presents only two optionson the first screen: You can configure "Services and Connections" or "Features."
 Figure 1: Straightforward Surface Area Configuration tool interface
Managing Services and Connections
 Clicking on the Services and Connections option brings up a dialog with a list of all of the SQLServer-related services running on the server, such as the Database Engine service and SQL Server Agent service. This list even includes non-database engine services such as Notification Servicesand Integration Services. You will also find instances of SQL Server Express keeping with the goalof the tool -- managing all externally facing services. The tool even finds instances of SQL Server that it wasn't installed with.
 Figure 2: Managing Services and Connections
 Once a user selects a service from the list, the options are to start, stop, pause or resume theservice, in addition to an option to change the startup types -- Automatic, Manual or Disabled.Keep in mind that this tool is not the right place to change startup parameters for the service. To dothat, you'll have to bring up SQL Server's Configuration Manager tool, which is geared moretoward configuring services than making sure they're secure.DBAs will definitely want to familiarize themselves with the "Remote Connections" optionsavailable on some of the services, including Database Engine and Analysis Services. Theseoptions, turned off by default in many cases, allow remote computers to connect to the local SQLServer instance. If you have problems connecting to a SQL Server and you've already ensured thatthe service is up and running, this part of the Surface Area Configuration tool is probably the next place you should look.
 Figure 3: Remote Connections
Managing features
Clicking on the "Configuration for Features" option brings up a wider assortment of areas toconfigure. Within the dialog you can enable or disable such SQL Server features as CLR integration, XML Web services endpoints and the DAC (dedicated administrator connection).
 Figure 4: Configuration for Features
 The more important of these options are:
CLR Integration: Modifying this option will allow you to enable or disable SQLCLR routines for the entire SQL Server instance. If you're not quite sure whether you trust thisfeature, this is the place to go to make sure no one can exploit it.
DAC: The dedicated administrator connection is a special connection that can be used byDBAs in case of extreme server resource depletion. Even in cases when other users cannotconnect because there aren't enough resources, SQL Server will attempt to free resourcesfor the DAC. Use this option to enable or disable the DAC for remote access.
OLE Automation: Many SQL Server developers have had to implement workarounds for the lack of features, such as regular expressions in SQL Server. The easiest way to do so inthe past was to use the sp_OA* stored procedures. However, with the introduction of CLR integration, these stored procedures are no longer necessary. If you still need them for  backward compatibility, you can re-enable them here.
xp_cmdshell: Much like the OLE automation stored procedures, xp_cmdshell provided agreat workaround for SQL Server limitations in previous versions. However, it's really notrecommended for use in production systems because of security implications when openinga command shell. If you need this for legacy purposes, this is the place to re-enable it.Many of these features are disabled by default because they pose a possible security threat andhave been replaced with better, more secure alternatives. Before re-enabling them, make sure youneed the functionality and try to plan for deprecation as soon as possible. Once your applicationsare updated, return to the tool to disable any unneeded options.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->