MS SQL Server (DataDirect - Dynamic Port)

Configure an MS SQL Server DataDirect - dynamic port datasource on your Guardium® system.

The MS SQL Server DataDirect - dynamic port datasource can be used to connect dynamically to an MS SQL Server database when the dynamic function is enabled in the MS SQL Server database server. It can also be used to connect dynamically when a client does not have a defined port value.

Supported Authentication Methods

Authentication Supported
Local user Yes
LDAP Yes
Kerberos No
SSL Yes
Mutual SSL No

Parameters

Field Description
Host Name/IP Required. The hostname or IP address of the datasource.
Instance name The name of the instance to which you want to connect on the server.
Database The name of the database.
Connection property Properties that must be included in the JDBC URL to establish a JDBC connection with the datasource. The required format is property1=value;property2=value, where each property and value pair is separated by a semicolon.
For examples, refer to the database vendor's JDBC documentation.

Example: domain=domain_name;AuthenticationMethod=authentication_method; encryptionMethod=encryption_method;validateServerCertificate=true_or_false.

Custom URL The connection string to the datasource. When the custom URL is not provided, the datasource connection is made by using properties such as the hostname and port number.

Adding custom properties for classification

To improve the performance of Guardium classification scans, you can add the following custom properties for Microsoft SQL Server.
Note: This feature requires Guardium patch 11.0p451.
  • LARGE-TEXT-DATA-TYPE-MAX-LENGTH - By default, when scanning large data types like XML or VARCHAR(MAX), the classifier only samples the first 3000 characters. Use the LARGE-TEXT-DATA-TYPE-MAX-LENGTH property to define a custom length in the range of 0 - 2147483647 characters.
  • MAXDOP - The MAXDOP property defines how many processors MS SQL Server uses for parallel plan execution. The default setting of 0 allows MS SQL Server to use all available processors (up to a maximum of 64). Setting MAXDOP to 1 prevents parallel plan generation. Allowed values are 0 - 32,767.

    For more information, see Set the Max Degree of Parallelism Option in the Microsoft SQL Docs.

  • TRANSACTION-ISOLATION-LEVEL - When you add this property with READ-UNCOMMITTED, the classier reads all rows (including uncommitted rows). READ-UNCOMMITTED is the only value currently supported for the TRANSACTION-ISOLATION-LEVEL property, and the value must be uppercase and include the hyphen.

    For more information, see SET TRANSACTION ISOLATION LEVEL in the Microsoft SQL Docs.

You can add or change custom properties from either the Guardium UI or by using GRDAPI commands. After you add the custom properties, the information displays in the Details for datasource output. For more information about adding custom properties from the UI, see Configuring custom properties for your datasources.

You can use GRDAPIs to manage custom properties. For example, use the following to create MAXDOP and TRANSACTON-ISOLATION-LEVEL custom properties:
grdapi create_datasource_custom_property name=MAXDOP values=1
grdapi create_datasource_custom_property name="TRANSACTION-ISOLATION-LEVEL" values="READ-UNCOMMITTED"
Use the following to add the MAXDOP and TRANSACTION-ISOLATION-LEVEL properties to a MS SQL Server datasource:
grdapi add_custom_property_to_datasource_by_name customProps="TRANSACTION-ISOLATION-LEVEL=READ-UNCOMMITTED" name="yourmssqlserverdatabasename"
grdapi add_custom_property_to_datasource_by_name customProps=MAXDOP=1 name="yourmssqlserverdatabasename"
Use the following to add additional MAXDOP values (where 2,4 indicates the list of values added):
grdapi update_datasource_custom_property name=MAXDOP addValues=2,4

For more information about the custom property APIs, see Datasource custom property APIs.

For more information about classification, see Discover Sensitive Data.

CAS (Configuration Auditing System) database instance

If you are a CAS user, configure the CAS database instance.

Field Description
Account The name of the account owner.Required if Windows Authentication is used.
Directory The name of the installation directory.
To use the datasource for Vulnerability Assessments, enter the path to your database instance home directory, for example,
  • MSSQL2014, default instance

    C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL

  • MSSQL2016, Name instance

    C:\Program Files\Microsoft SQL Server\MSSQL13.SQL2016\MSSQL

  • Oracle 2019

    C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL

To use the datasource for other tests such as CAS file monitoring, enter the path to the MS SQL Server directory, for example,

  • C:\Program Files (x86)\Microsoft SQL Server
  • C:\Program Files\Microsoft SQL Server