In this article we will show how to configure VMware vRealize Orchestrator (vRO) to use an SSL connection when communicating with a Microsoft SQL Server database.
- Lab Environment
- Enabling SSL on the SQL Server
- Trusting the SSL Certificate Chain on the vRO
- Enabling SSL for the vRO Databse Connection
- Final Step
The logical design of this lab can be seen HERE.
Microsoft SQL Server can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application.
SSL can be used for server validation when a client connection requests encryption. If the instance of SQL
Server is running on a computer that has been assigned a certificate from a public certification authority, identity of the computer and the instance of SQL Server is vouched for by the chain of certificates that lead to the trusted root authority. Such server validation requires that the computer on which the client application is running be configured to trust the root authority of the certificate that is used by the server.
The client application that will be configured with encrypted connection to the database In this article we be VMware vRealize Orchestrator (vRO). I wlll guide you how to configure vRO Appliance to use an SSL connection when communicating with a Microsoft SQL Server database.
Enabling SSL on the SQL Server
Before we can connect vRO to a SQL Server database using SSL, we need to configure the SQL Server to accept SSL connections.
Go to the SQL Server and start the SQL Server Configuration Manager
Navigate to SQL Server Network Configuration and select the database instance for which you want to configure SSL Communication.
Right click on Protocols for <Instance_name> and click Properties.
On the Flags tab, under Force Encryption select Yes.
On the Certificates tab, select the certificate you want to use for SSL communication and click OK
Trusting the SSL Certificate Chain on the vRO
The following screenshots show the certificate that was used in the previous step to force encryption in the SQL Server Configuration Manager.
As you can see the certificate is issued by a Certificate Authority (CA) called RootCA.
This is the certificate the server will present to any client application trying to establish a secure connection. The client application must be configured to trust the root authority of the certificate that is used by the server. In this example, the client application is vRO and the RootCA Certificate Authority certificate is the certificate that vRO must trust.
In order for vRO to trust the RootCA Certificate Authority certificate, we need to import it in the Trusted Certificates store in vRO.
Open vRO Control Center and navigate to Certificates, Trusted Certificates.
Import the RootCA Certificate Authority certificate.
In this example the CA Certificate chain consisted only of one CA, RootCA. If you have Intermediate CA, you should also import the Intermediate CA certificate into the Trusted Certificates store in vRO.
Enabling SSL for the vRO Databse Connection
Now let’s configure vRO to utilize encrypted connection to the database.
Open vRO Control Center and navigate to the Configure Database tab .
Fill in the Database information , select Use SSL, and click Save Changes.
Go to the Startup Options tab and restart the vRO Server Service.
We have not successfully configure vRO to utilize encrypted SSL connection to a Microsoft SQL Server database server.
If all went well, go grab a beer.
include_once TEMPLATEPATH."/../../../itBlogDisclaimer.php"; ?>