General Information on Configuring Microsoft SQL Server Connections
This chapter provides information on how to configure a connection to a Microsoft SQL Server database.
Microsoft SQL Server Software Components
The following SQL components are required to establish a connection to a database:
oSQL server (not supplied by Schneider Electric):
oMicrosoft SQL Server 2014 Standard or
oMicrosoft SQL Server 2014 Express
oSQL client (not supplied by Schneider Electric)
oMicrosoft SQL Server 2014 Management Studio
oMicrosoft SQL Server database created with the SQL client
The following data types are supported for Microsoft SQL Server:
|
Category |
Data types |
|---|---|
|
Integer |
oBIGINT oSMALLINT oTINYINT oINT oBIT |
|
Real |
oFLOAT oREAL oDECIMAL oMONEY oNUMERIC oSMALLMONEY |
|
Text |
oCHAR oNCHAR oNTEXT oNVARCHAR oTEXT oVARCHAR |
|
Temporal |
oSMALLDATETIME oDATE oDATETIME oDATETIME2 oDATETIMEOFFSET oTIME |
|
Other |
oSQLVARIANT oUNIQUEIDENTIFIER |
Considerations Concerning Cybersecurity for Microsoft SQL Server Connections
For database connections, consider the following:
oSecured connections over TLS (Transport Layer Security) / SSL (Secure Socket Layer) are only supported between the SQL Gateway and the Microsoft SQL Server database. If you configure these connections properly, the database may be located outside your industrial network. Make sure to protect the TCP port of the SQL Gateway PC that is connected to the Internet by a firewall.
oCommunication must only be performed inside your industrial network, isolated from other networks inside your company and from the Internet.
NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
|
|
|
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION |
|
oEvaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. oLimit the number of devices connected to a network to the minimum necessary. oIsolate your industrial network from other networks inside your company. oProtect any network against unintended access by using firewalls, VPN, or other, proven security measures. oMonitor activities within your systems. oPrevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. oPrepare a recovery plan including backup of your system and process information. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
SQL Server supports two types of authentication:
oWindows authentication
oSQL Server authentication
Select the suitable Authentication Mode in the Configuration tab of the SQL Gateway.
Authentication Mode > Windows uses the login credentials of the logged in Windows user account for authentication at the database server.
NOTE: If you use the Windows authentication, make sure that the SQL Gateway service is running under the corresponding Windows user account as well. Adapt the settings of the SQL Gateway (service name: SchneiderElectric SqlGateway Service) in the Windows Service Control Manager, if necessary.
Authentication Mode > SQL Server uses User Name and Password that are defined for the SQL Server login in the Configuration tab of the SQL Gateway.
NOTE: If you use the SQL Server authentication, make sure that your SQL Server installation allows this mode. To achieve this, select the option Mixed Mode in the SQL Server setup Database Engine Configuration > Server Configuration > Authentication Mode.
