The SAP SQL Anywhere, on-demand edition installation is designed so that minimal security configuration is required.
By default, cloud communications are secure and stored files, such as tenant databases, are isolated within the cloud. The following is a list of built-in security features and security considerations when setting up and running your cloud.
Tenant databases running in the cloud are isolated from other tenant databases, including tenant databases running on the same cloud server and/or host, which increases data security because application programming errors cannot accidentally expose data from one tenant database to another. Only users with designated cloud permissions can perform cloud administration.
Certain system procedures and functions operate differently when they are called from a tenant database running in the cloud than when called from a SQL Anywhere database that is running outside the cloud. For example, system procedures and functions that normally return information about all databases running on a specific database server only return information about the current tenant database when called in the cloud.
To enforce strict tenant database isolation, the cloud server disables all secure features except backup.
The secure feature key is set when the cloud is created. To change the set of secure features, or the secure feature key for all cloud servers, use the AlterCloud task.
If a tenant database connection needs to use a secure feature, it can temporarily set the secure feature key by executing the following statement within the sp_login_environment system procedure:
SET TEMPORARY OPTION secure_feature_key='securekey';
The secure feature key is restricted to 7-bit ASCII characters and it must have a length between 6 and 128 characters. Secure feature keys cannot:
The cloud connects to a tenant database using a secure method that includes a user ID for the database, but not the password. If the database is encrypted, the cloud also uses the database encryption key. The cloud continues to use this user ID to connect to the database to perform such administrative tasks as backing up the database and restoring backups. Do not delete this user from the database. You can change or drop the user password in the database.
Host installs are stored in the cloud and can only be accessed using an executable provided by the cloud along with a cloud user name and password. To prevent unwanted hosts from being added to the cloud, create a single-use host install that specifies the machine name of the host being added to the cloud. The single-use install is deleted immediately after the host is added. If you are using a multiple-host install, specify the names and/or IP addresses of the machines being added to the cloud and specify a short expiry period for the host install. By default the host install is deleted seven days after it is created.
You do not need to modify the robots.txt protocol to prevent cloud resources from being discovered by search engines or web crawlers. The cloud software is programmed to automatically prevent such access to cloud resources.
Enable FIPS-certified encryption for your cloud by checking the FIPS encryption option when creating the cloud. When FIPS-certified encryption is enabled, all cloud servers are automatically started with the -fips server option.
For more information about database server limitations when FIPS encryption is enabled, see the -fips server option in SQL Anywhere Server--Database Administration: http://dcx.sybase.com/index.html#sa160/en/dbadmin/dbadmin16.html.
The cloud uses certificates to secure communication between cloud servers and with the Cloud Console. Unsigned certificates can cause certificate warnings in your browser when you attempt to access the Cloud Console. It is safe to ignore these warnings in a development environment. However, for increased security in your production environment, consider using a signed certificate instead.
The cloud uses Transport Layer Security (TLS) to secure all cloud communication. By default, all TLS connections use the certificate provided at the time of cloud creation. For example: C:\Users\Public\Documents\SQL Anywhere on-demand 1.0\saccertificate\root-id.pem. However, you can customize your own TLS certificate by supplying your own identity file and password. Unsigned certificates can cause certificate warnings in your browser when you attempt to access the Cloud Console. It is safe to ignore these warnings in a development environment. However, for increased security in your production environment, consider using a signed certificate instead.
To connect to the cloud from a non-cloud host, you must copy the root-cert.pem file to the non-cloud host, and then specify its location when connecting to the cloud.
For more information about transport layer security, see SQL Anywhere Server--Database Administration: http://dcx.sybase.com/index.html#sa160/en/dbadmin/dbadmin16.html.
All cloud events, including those relevant to security, are automatically logged by the cloud. View this log either in the Cloud Console, or by using the Event Trace Data (ETD) File Management utility (dbmanageetd).
The sa_cloud_cookie used by the Cloud Console contains only previously used cloud search strings.
Cloud user passwords are converted to UTF-format and hashed.
All tasks in the cloud have privileges associated with them. To run a task in the cloud, you must have the required privilege for the task.
Administer your cloud from either the browser-based Cloud Console, or on the command line using the Cloud Command utility (dbcloudcmd).