It would be nice to have an encryption option for the data in the repository. A basic master password that could be type in at the server or in the client would be fine but a full PKE implementation would be cool.
If the encryption/decryption was handled by the client then all data across any wire (even unswitched LAN) would be encrypted. If a server or server HD was stolen or goes bad and sent for RMA then there are no worries about the data. Backup devices/tapes/media as well would contain encrypted data. Using something like drivecrypt/bestcrypt container for working folders keeps local machines HD's protected (bestcrypt can also encrypt the swap file).
Encryption Option
Moderator: SourceGear
You can already do this with Vault.
1) Server database - use SQL Server 2005's built in encryption functionality to encrypt the database. Also, I would recommend not storing the database on the Operating System disk subsystem. So if a disk is RMA'd somewhere and you are using a striped RAID set, not only will the database be encrypted, but the manufacturer would only receive a disk from a partial set.
2) Server database to Vault server - Create a certificate and modify the SQL Connection parameters to encrypt communications between the Vault Server and SQL Server.
3) Vault Server to Vault Client - Create a certificate and only allow SSL communications to the Vault server.
4) Vault Client storage - store all working folders on an encrypted harddrive partition with NTFS' encryption option, a third party encryption driver, or encrypting the device for an ext3 file system.
1) Server database - use SQL Server 2005's built in encryption functionality to encrypt the database. Also, I would recommend not storing the database on the Operating System disk subsystem. So if a disk is RMA'd somewhere and you are using a striped RAID set, not only will the database be encrypted, but the manufacturer would only receive a disk from a partial set.
2) Server database to Vault server - Create a certificate and modify the SQL Connection parameters to encrypt communications between the Vault Server and SQL Server.
3) Vault Server to Vault Client - Create a certificate and only allow SSL communications to the Vault server.
4) Vault Client storage - store all working folders on an encrypted harddrive partition with NTFS' encryption option, a third party encryption driver, or encrypting the device for an ext3 file system.
Jeff Clausius
SourceGear
SourceGear
Basically, you create certificates or keys within SQL Server, then instruct SQL Server to use that for native database encryption. Note, I haven't tried this out, so there may be some "gotchas" or a mis-understanding on my part. In that case, you could configure SQL Server to store the database files on an encrypted partition.1 - I have SQL 2005 Express installed for one reason - Vault. How do I setup the encryption in SQL for the Vault Database?
Some helpful references -
SQL Server 2005 Books Online- Encryption Hierarchy
You'll need to get a certificate into SQL Server. Then using the client configuration tool, you instruct the connection to be made using SSL.2 - They are both on the same server so I think this isn't needed. If it is, how do I do that?
How to enable SSL encryption for SQL Server 2000 or SQL Server 2005 if you have a valid Certificate Server
This is done within IIS. You'll need to generate a certificate, import it into IIS, and then modify IIS' web site properties to use SSL.3 - Where do I force SSL only (the admin)?
An example using Microsoft's Certificate Server-
How To Configure SSL in a Windows 2000 IIS 5.0 Test Environment by Using Certificate Server 2.0