02-07-2013 03:43 PM
i am wondering what kind authentication would be good for SQL server db connection, Windows Active Directory Authentication or SQL Server Login credential?
02-08-2013 08:59 AM
Hmm. I guess I thought that was a binary choice for the designer of the SQL database; I've never been given a choice of which to use. I've also never seen any difference in performance between the two methods.
There have been big arguments in the SQL Server community over the years about which to use. You may find that it is a better question there.
02-08-2013 09:15 AM
I'd say depending which role you are playing. If you are an individual user, there probably is not much of difference. If you are a SAS Admin, then I would suggest you opt for SQL Sign-on. We have a service account for SQL server (password never expired), and we include users who have been granted access into that group. It is a lot easier to manage comparing to IWA. For one, the security. Users have to go through metadata to access SQL server, as they don't actually have SQL signon by themselves. For two, it is less complicated if there is a problem, you only need to talk to SQL DBA, while if using IWA, you also need to include Windows Security team.
Just my 2 cents,
02-08-2013 10:53 PM
If you can get your multi-hop IWA config working, I'd suggest continuing IWA all the way to the database. It means that your SAS platform users will present their own identity to SQL Server which provides better auditability and access control options for your SQL Server DBA's.