(imported topic written by cstoneba)
I’m trying to confirm which SQL authentication to a remote DB from the BigFix Server is better, and need some opinions/answers.
When an authentication type is selected during the BigFix Server installation, is that method (SQL vs NT) then set for the services and the ODBC connection, or just one?
if SQL authentication is used, can that account be disabled post installation?
Are there any obvious pros and cons of one versus the other?
(imported comment written by jeremy_spiegel91)
The method (SQL vs NT) is set for the ODBC data source, and the login information is associated with the services. For SQL authentication, we store off the SQL username and password for the services to use. For NT authentication, we set the services to log in as the user specified.
If SQL authentication is used, then yes that account can be disabled post installation. In that case, you would need to manually change the ODBC data source (bes_bfenterprise by default) to use NT authentication, and then set the services to log in using an account that has the appropriate access rights to the database.
Using NT authentication is considered more secure (see http://msdn.microsoft.com/en-us/library/aa905171(v=sql.80).aspx), though it requires that you have both your BES Server and the SQL Server attached to the same AD domain.
(imported comment written by cstoneba)
thanks Jeremy, this all arose from our upgrade to the most recent BES server version. I was running the upgrade, but the NT authentication failed becaues the Computer Browser service would not start on the BES server. This prevented up from using NT authentication during the upgrade and had to switch to SQL. Afterwards, we went in and reverted everything back to NT. This issue though is that within our org, the computer browser service is not supported (because it uses broadcast communications), so I’m trying to weigh out the pros and cons of each connection method.