Security Considerations for SQL Server Databases used by Windows HPC Server 2008 R2
Updated: January 2011
Applies To: Windows HPC Server 2008 R2
Any database that contains important data and supports important functions for an organization should be reviewed and provided with protections, as part of an overall security plan. The databases that are used by all HPC clusters running Windows HPC Server 2008 R2 (which uses SQL Server 2008), are no exception. This topic is designed to help you to review the range of security options that are available for SQL Server 2008, choose appropriate options for your HPC cluster, and find more information as needed.
In this topic
Security considerations for SQL Server databases (local or remote) that support an HPC cluster
Specific security considerations for remote SQL Server databases (databases that are not on the head node)
Information about access to the HPC reporting database
Security considerations for SQL Server databases (local or remote) that support an HPC cluster
You can choose from a variety of security options that are available for SQL Server 2008 to help protect the SQL Server databases that support your HPC cluster. For example, choose the authentication method for your SQL server that best fit your organization’s requirements. The following links provide more information.
Overall security considerations for SQL Server
Security Considerations for a SQL Server Installation (https://go.microsoft.com/fwlink/?LinkId=208468)
Security and Protection (Database Engine) (https://go.microsoft.com/fwlink/?LinkId=208474)
Threat and Vulnerability Mitigation (Database Engine) (https://go.microsoft.com/fwlink/?LinkId=208475)
SQL Server Overview (https://go.microsoft.com/fwlink/?LinkId=208476)
(This topic provides links to security topics, such as security checklists.)
SQL Server authentication modes
SQL Server auditing
Auditing (Database Engine) (https://go.microsoft.com/fwlink/?LinkId=208601)
Understanding SQL Server Audit (https://go.microsoft.com/fwlink/?LinkId=208469)
Auditing in SQL Server 2008 (https://go.microsoft.com/fwlink/?LinkId=208471)
Transparent Data Encryption (an encryption option provided by SQL Server 2008)
Files and folders to secure on a server running SQL Server 2008:
File Locations for Default and Named Instances of SQL Server (https://go.microsoft.com/fwlink/?LinkId=208477)
Securing Data and Log Files (https://go.microsoft.com/fwlink/?LinkId=208478)
Specific security considerations for remote SQL Server databases (databases that are not on the head node)
If you have configured remote SQL Server databases for your HPC cluster, also review the overall security of your SQL server as described in Security considerations for SQL Server databases (local or remote) that support an HPC cluster, earlier in this topic. In addition, review the methods you are using to protect the network connections to the SQL server. We recommend that you use Transport Layer Security/Secure Sockets Layer (TLS/SSL), which provides authentication and symmetric-key encryption. For more information, see Encrypting Connections to SQL Server (https://go.microsoft.com/fwlink/?LinkId=208479).
.gif) Important |
|---|
| Although Transparent Data Encryption (TDE) provides encryption on the SQL server, TDE does not provide encryption across communication channels. For information about how to encrypt data across communication channels, see the link in the previous paragraph. |
The following list describes some types of information that you can help secure by using TLS/SSL for connections to a remote SQL server:
Job information being transmitted across the network, including information about who is running a particular job, what jobs have completed, and so on.
Necessary communication between the HPC Reporting service and the corresponding database (by default, the database is named HPCReporting).
Communication with the SQL Server database that you initiate through HPC Manager, custom software tools, or HPC PowerShell commands.
The overall security of the network, which is important in helping you protect against a variety of attacks, including flooding and denial of service (DoS) attacks.
There are four databases on a remote SQL Server that supports an HPC cluster: the cluster management database, the job scheduling database, the reporting database, and the diagnostics database. For more information about these databases, see the following links:
Deploying a Windows HPC Server 2008 R2 Cluster with Remote Databases Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=208473)
Step 1: Prepare the Remote Database Servers (https://go.microsoft.com/fwlink/?LinkID=182600)
Information about access to the HPC reporting database
Windows HPC Server 2008 R2 is designed to provide specific, controlled types of access to the database that provides reporting information. For example, one type of access is provided through cmdlets in HPC PowerShell. Another type is provided through reporting views that are built into the database that supports HPC reporting. As part of reviewing security for your HPC cluster, you might want to become familiar with these types of access. The following topics provide more information:
Reporting Features in Windows HPC Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkId=208495)
Reporting Extensibility in Windows HPC Server 2008 R2 Guide (https://go.microsoft.com/fwlink/?LinkId=208496)
Reporting Views (Windows) (https://go.microsoft.com/fwlink/?LinkId=208497)