Welcome to IDERA Virtual Education for SQL Secure. SQL Secure is a valuable tool for analyzing risks that may exist around your SQL Server enterprise environment as well as permission reporting as part of its analysis. It will take snapshots of all of the different objects that make up your SQL Server environment and also gather all of the permissions. So many times questions come up about: What is the architecture? and: How does SQL Secure actually perform these snapshots? So here is the architecture. It is a very simple product to install. There is no service associated with SQL Secure. There is basically the SQL Secure console that you use to manage the product. And there is a security model that goes along with the tool. So you can secure different team members. To see what they need to see. Or do what they need to do. There is also the back end SQL Server data database repository. It is the SQL Secure repository. And so that gets installed directly on the SQL Server instance. And there is no specific service associated with SQL Secure. It leverages the SQL Server agent to be able to schedule the snapshot process. And through the SQL Server agent jobs that it creates tied to individual instances. It will run on a regular basis. And reach out. And gather all of the objects and permissions and configuration details. So obviously because of that SQL Server Express is not supported with respect to this particular tool. So switching over to my machine here. We have SQL Secure up and running. Here is the console component that you use to manage SQL Secure. As far as the architecture goes again there are no services. However, within the SQL Server agent, you will find some jobs that are labeled appropriately. And you can see SQL Secure collector job for my instance IDERA prod VM. I also have a collector job for IDERA prod VM prod 2014. And we also have the grooming job that is relevant to the process of clearing out or cleaning out snapshots that get older than x number of days. And you can hold on to those snapshots as long as you require for audit purposes. So to schedule these jobs to run is very simple. We will go into the console. Select the instance that we want to set up the scheduling for snapshots. Choose the properties. And then within the different tabs that we see within the properties, this is where we can define credentials. Any filters on different objects that are not relevant to what we want to capture permissions against. Any additional folders above and beyond SQL Server related folders and files that we want to gather permissions. And we also have the scheduling option. So this is where we will set up the daily, the weekly, the monthly scheduling. Certain days of the week, or even certain times of the day that the snapshot will take place. And by defining the schedule an actual job gets created on the SQL Server agent. And it will run on a regular basis. And when it runs it is going to reach out remotely. There again there is no agent on the remote instance. So it will remotely gather the data connecting either through the common the standard SQL Server port 1433 or a custom SQL Server port. Whatever you have defined for that SQL Server instance. And for file system, registry key, and service configuration information of course. That has going to be more of information technology (IT) related to remote procedure call (RPC) connectivity. So we will want to make sure that we have the firewall ports open for 135 to get those objects if required for audit purposes. So again just to reiterate: The architecture is very simple. You have the console. You have the database on Microsoft SQL Server back end. And it leverages the SQL Server agent to reach out and gather the snapshot data. For configuration risk assessment and all of the objects with their permissions across the different databases, tables, views, stored procedures, and functions. All to be stored in a central in within that centrally located SQL Secure repository. So that concludes my explanation of the architecture. If you have any additional questions, feel free to reach out to us. You can also download SQL Secure from There are also different resources available out on our community site. Feel free to access that at And other than that, have a great day.

Topics : Database Compliance,Database Security,

Products : SQL Secure,

An Overview of SQL Secure Architecture

IDERA SQL Secure is a security analysis solution that identifies SQL Server security violations and ensures security policies are enforced. SQL Secure allows DBAs to view the permission settings of their individual users, roles, and objects, at a particular point in time. It also enables DBAs to audit all users and object permissions on SQL Server instances that have been registered with SQL Secure.

In SQL Secure, DBAs can grant or deny permissions to a user, group, or role for a particular server or database object. The explore permissions view in SQL Secure enables DBAs to review the security information on three levels of Enterprise level, SQL Server level, and Individual user. Learn More →

Contact IDERA: