Encrypt SMA network traffic
Important
This version of Service Management Automation (SMA) has reached the end of support. We recommend you to upgrade to SMA 2022.
This article provides information about how to encrypt SMA Web Service to SQL connection by using Secure Socket Layer (SSL) and encrypt the network traffic between runbook worker and SQL database.
Encrypt SMA web service connection
Use the following procedure to securely connect SMA web service with the SQL server:
Open an elevated PowerShell console.
Navigate to your .NET Framework home directory (for example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319).
Decrypt the config file section using the following command:
.\aspnet_regiis.exe -pdf "connectionStrings" 'C:\inetpub\Service Management Automation'
Open the web.config file in Notepad from the path C:\inet\Service Management Automation and append the Connection String with “;encrypt=true;trustServerCertificate=true” as shown below:
Encrypt the Config file section by running the following command:
.\aspnet_regiis.exe -pef "connectionStrings" 'C:\inetpub\Service Management Automation'
Restart the SMA App Pool from Computer Management> Service and Applications > Internet Information Service(IIS) Manager.
Encrypt SMA Runbook worker connection
Use the following steps to secure the connection between Runbook worker and the SQL server.
Note
To encrypt the connection, you must run these steps on each of the Runbook worker computers.
Navigate to the installation path of SMA and locate the
Orchestrator.Settings.config
file.Add the following under the (root)
configuration
key:
<configuration>
...
<connectionStrings>
<add name="OrchestratorStoreConnectionString"
providerName="System.Data.SqlClient"
connectionString="<explained-below>" />
</connectionStrings>
...
</configuration>
The
connectionString
depends on your authentication settings:If using Integrated Windows authentication (without an SQL user/password):
Data Source=<database-server-hostname>;Database=<SMA-database-name>;Integrated Security=True;MultipleActiveResultSets=False;Encrypt=True;
If using SQL user/password:
Data Source=<database-server-hostname>;Database=<SMA-database-name>;User ID=<username>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;
For more information, see SqlClient Connection Strings.
Append
TrustServerCertificate=true;
toconnectionString
in case the SSL certificate isn't installed on the worker computer.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for