CSM Server and Browser Connection Options
When configuring browser and server connections during your CSM installation, specify a location for the database, the database login account credentials, administrative login options, connection pooling options, and additional advanced options.
Database Location Options
The following table describes database location options.
Option | Description | Notes |
---|---|---|
Database is on this machine | Connect to a local database. | Typically, this option is only for evaluation systems. |
Specific server | Connect to a database that is installed on a named server. | Provide the database server name, or select the name of the database server in the drop-down list. The list might take a few seconds to populate, and the desired server may not be listed. If installing on an alternative instance of SQL Server, specify the instance as part of the name: CSMDatabaseServer\Instance. |
IP Address | Connect to a database installed on a server referenced by an IP address. | Provide the database server IP address. |
Database Login Account Credentials
The database login account must have DBReader and DBWriter SQL permissions with rights to insert, update, and delete rows within tables. If you also plan to use this account for the administrative functions, the account must also have DBOwnerView Server State permissions (although these permissions are not recommended for production environments).
Option | Description | Notes |
---|---|---|
Windows authentication | Use the stored Windows credentials (user name and password) for authentication. | Not recommended for browser connections. |
User ID and Password | Select this option to log in by providing the user ID and password of SQL Server. | Recommended for browser connections. |
We strongly recommend that you use a SQL account with sufficient rights rather than Windows Authentication to connect to the CSM database for the following reasons:
- The database connection must work with the security options for Internet Information Sevices (IIS). When connecting using SQL credentials, a different connection is used so that the CSM browser applications can run inside IIS. However, when connecting using Windows Authentication, IIS must be specially configured to use a Windows account that has appropriate rights to the database.
- When using Windows Authentication credentials, the Windows account that must be authenticated against SQL Server is the account that is used by the IIS application pool running the CSM browser applications. This account is usually a special local account, which does not have rights beyond the machine, and usually does not have rights to SQL Server running on the same server. This impact to connection pooling may also impact performance.
Setting up Windows Authentication requires configuration of both IIS and SQL Server and is beyond the scope of this document.
When using SQL account credentials, note the following requirements:
- The View server state privilege must be set for the SQL database login account. In SQL Server Management Studio, this privilege is located on the Securables tab of the Login Properties window.
- SQL Server must be configured for mixed mode authentication to support the use of SQL credentials.
- The SQL account must have rights to insert, update, and delete rows in the database.
Administrative Login Options for Server Connection
Specify the account credentials that the administrative functions use to log in to the CSM database when the database is being modified during the publishing of a CSM Blueprint.
The administrative login account must have DBOwner permission and View Server State privileges with rights to create, drop, and alter tables, as well as insert, update, and delete rows within tables. When the CSM services use this connection, the account under which the service is running is the account whose credentials will be used to connect to the database. If the Cherwell Application Server is installed in the same domain as the database, and the service account has rights to the database, then you can use Windows Authentication to provide the credentials.
Option | Description | Notes |
---|---|---|
Same as standard login |
Select this option to use the same login options as the system. |
Not recommended for production environments. |
Windows authentication |
Select this option to use the stored Windows credentials (user name and password) for authentication. |
|
User ID and Password |
Select this option to login in using a specific user name and password. |
Provide the user ID and password. |
Connection Pooling and Advanced Options
The Connection Options page includes sections for connection pooling options and advanced settings.
Option | Description | Notes |
---|---|---|
Use default pooling options | Select this option to use the default pooling options. | This option is appropriate for most systems with 30 or fewer concurrent CSM licenses. |
Customize pooling options | Select this advanced option to specify custom pooling options. | Specify the pool sizes to customize the caching options. To improve performance, set the maximum pool size to three times the number of concurrent CSM licenses that are used in your organization. You may need to adjust this value, depending on usage of your system. |
SQL Server is configured as an AlwaysOn group | Sets the MultiSubnetFailover property on the connection string, which allows for a faster detection and connection to the active server. | In the instance of a failed server, instead of attempting to reconnect one IP address at a time sequentially, SQL attempts using all addresses simultaneously to re-establish the connection. |
Encrypt connection with SQL Server | This option sets the Encrypt property within the connection string. | In a server with a certificate installed, the property gets or sets a Boolean value. In turn, the value informs SQL whether to use the SSL encryption when sending and receiving data between the client and server application. |
Always trust SQL Server's SSL certificates | This option sets the TrustServerCertificate property on the connection string. | This option is enabled when Encrypt connection option is selected. When this property is selected, the transport layer uses the SSL to encrypt (to the level specified by the server) the channel. The channel bypasses going through the certificate chain to validate trust. |
Change Connection Packet Size | Allows users to specify the packet size of the connection. |