https://dba.stackexchange.com/questions/75421
Does K2 support encryption in transit between the K2 application server (IIS) and the K2 SQL database server? How would we go about doing this?
Thanks
+7
Hello
Please a look at these resources:
Encrypting data in the K2 Database
https://community.k2.com/t5/K2-blackpearl-Articles/Encrypting-data-in-the-K2-Database/ta-p/88003
Authentication Modes
SQL Server Service
+6
Thanks but I am not referring to SQL Server service instances (although that is helpful!)
I am asking about the basic out-of-the-box connection between the K2 Windows service and the K2 SQL Server database (when they are on different servers obviously). How can this connection channel be encrypted?
Thanks
Good day
Will you please also check the following out:
PowerShell Commands to Encrypt and Decrypt Data: https://help.k2.com/kb002368,
SQL Server Always Encrypted feature explained: https://www.starwindsoftware.com/blog/sql-server-always-encrypted-feature-explained.
Best,
Sunrise
+7
Encrypting data in the K2 Database:
https://community.k2.com/t5/K2-blackpearl-Articles/Encrypting-data-in-the-K2-Database/ta-p/88003
Always Encrypted Feature on SQL:
+6
Sorry but I am NOT talking about encryption at rest in the SQL database, I am talking about encryption in transit. See the link in my original post. Where can we set this up in K2 installation/configuration so that network packets between the K2 application server and the K2 database server are encrypted? Even for legacy Blackpearl solutions that use the K2 .NET API and zero service instances.
Thanks
+7
Hello
For protecting data in transit, enterprises often choose to encrypt sensitive data prior to moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc) to protect the contents of data in transit. For protecting data at rest, enterprises can simply encrypt sensitive files prior to storing them and/or choose to encrypt the storage drive itself.
The most effective data protection methods for both data in transit and data at rest is data encryption.
- Is end-to-end secure transit used from the device to the web app (SSL/TLS)? SSL3.0, TLS1.0, TLS1.1 and TLS1.2 can be used for secure transit.
- What is the strength of protection of data in transit (e.g. AES etc.): It depends on the strength of the certificate implemented on the server. The K2 app uses the strongest encryption that the server supports. For K2 Cloud, the certificate uses the sha256WithRSAEncryption algorithm.
- Does K2 use certificates? If so, are they self signed or provided by a third party? Yes, if using SSL, these are self signed by you or purchased from a certificate authority (recommended)
- Allow access to Azure services – accept incoming traffic only from Azure IPs and subnets
- IP address whitelisting – requires a static IP address from us (K2 Cloud)
- VNet to VNet VPN – most secure according to this articlefrom MS
Configure SSL Certificate:
https://help.k2.com/onlinehelp/k2blackpearl/DevRef/4.7/default.htm#Configure_SSL.html
How K2 Cloud Secure Data Access Works
How do you protect your data in transit?
https://wa.aws.amazon.com/wat.question.SEC_10.en.html
All the best
+6
Sorry, but this still doesn't answer my question. Yes, the web browser to K2/IIS server uses HTTPS/TLS so it is encrypted and immune to packet sniffing
use encrypted connections (HTTPS, SSL, TLS, FTPS, etc) to protect the contents of data in transit.
My question is how can I encrypt the connection channel between the K2 application server and the K2 database server. All these servers are on-premises.
The above 2 links talk about this but I am not sure how to apply to K2 configuration.
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.