Encrypt SMA network traffic

  • Article

Important

This version of Service Management Automation (SMA) has reached the end of support. We recommend you to upgrade to SMA 2022.

This article provides information about how to encrypt SMA Web Service to SQL connection by using Secure Socket Layer (SSL) and encrypt the network traffic between runbook worker and SQL database.

Encrypt SMA web service connection

Use the following procedure to securely connect SMA web service with the SQL server:

  1. Open an elevated PowerShell console.

  2. Navigate to your .NET Framework home directory (for example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319).

  3. Decrypt the config file section using the following command:

    .\aspnet_regiis.exe -pdf "connectionStrings" 'C:\inetpub\Service Management Automation'

    Screenshot of the Decrypt config file.

  4. Open the web.config file in Notepad from the path C:\inet\Service Management Automation and append the Connection String with “;encrypt=true;trustServerCertificate=true” as shown below:

    Screenshot of the Append connection.

  5. Encrypt the Config file section by running the following command:

    .\aspnet_regiis.exe -pef "connectionStrings" 'C:\inetpub\Service Management Automation'

    Screenshot of the Encrypt config file.

  6. Restart the SMA App Pool from Computer Management> Service and Applications > Internet Information Service(IIS) Manager.

Encrypt SMA Runbook worker connection

Use the following steps to secure the connection between Runbook worker and the SQL server.

Note

To encrypt the connection, you must run these steps on each of the Runbook worker computers.

  1. Navigate to the installation path of SMA and locate the Orchestrator.Settings.config file.

  2. Add the following under the (root) configuration key:

  <configuration>
  ...
    <connectionStrings>  
      <add name="OrchestratorStoreConnectionString"
           providerName="System.Data.SqlClient"
           connectionString="<explained-below>" />
    </connectionStrings>
  ...
  </configuration>

  1. The connectionString depends on your authentication settings:

    • If using Integrated Windows authentication (without an SQL user/password):

      Data Source=<database-server-hostname>;Database=<SMA-database-name>;Integrated Security=True;MultipleActiveResultSets=False;Encrypt=True;

    • If using SQL user/password:

      Data Source=<database-server-hostname>;Database=<SMA-database-name>;User ID=<username>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;

      For more information, see SqlClient Connection Strings.

  2. Append TrustServerCertificate=true; to connectionString in case the SSL certificate isn't installed on the worker computer.

Next steps

Manage runbooks.