Configuring SQL Server workspace data connections

During workspace creation, under Connection Type, click SQL Server.

Connecting to the source database

In the Source Settings section, provide the details about the source database.

Providing the source database connection details

To provide the connection details for the source database:

1. In the Server field, provide the server where the database is located.

2. In the Database field, provide the name of the database.

3. In the Port field, provide the port to use to connect to the database.

4. In the Username field, provide the username for the account to use to connect to the database.

5. For the user password, you can either specify the password manually, or you can select a secret name from a secrets manager. The selected secret must store a password. The secrets manager option only displays if at least one secrets manager is configured. For information about configuring the available secrets managers, go to Configuring secrets managers for database connections. To enter the password manually:

   1. Click Provide Password.

   2. In the password field, enter the password.

   To use a secret name from a secrets manager:

   1. Click Use Secrets Manager.

   2. From the secrets manager dropdown list, select the secrets manager. Structural connects to the secrets manager and retrieves a list of available secret names.

   3. From the secret name dropdown list, select the secret name.

6. To test the connection to the source data, click Test Source Connection.

Ensuring encryption of source database authentication

The Enable SSL/TLS setting indicates whether to encrypt source database authentication.

By default, the toggle is in the on position. We strongly recommend that you do not turn off this setting.

Using Kerberos or NTLM authentication

To use Kerberos or NTLM authentication:

1. Toggle Integrated Security to the on position.

2. For Kerberos authentication, in the Kerberos Domain field, provide the Kerberos domain. For NTLM authentication, leave the field empty.

Trusting the server certificate

To indicate that Tonic Structural should trust the server certificate, toggle Trust Server Certificate to the on position.

Connecting through an SSH bastion

For additional security, to connect through an SSH bastion :

1. Toggle Enable SSH Tunnel to the on position.

2. In the SSH Host field, provide the host for the SSH bastion.

3. In the SSH Port field, provide the port for the SSH bastion.

4. In the SSH User field, provide the name of the user to use to connect to the SSH bastion.

5. If you do not use a private key, then in the SSH Passphrase field, provide the passphrase to use for authentication.

6. If you do use a private key, then in the SSH Private Key field, provide the private key. If the private key uses a passphrase, then in the SSH Passphrase field, provide the passphrase for the private key.

Enabling MultiSubnetFailover for the source database

Blocking data generation on all schema changes

By default, data generation is not blocked for schema changes that do not conflict with your workspace configuration.

To block data generation when there are any schema changes, regardless of whether they conflict with your workspace configuration, toggle Block data generation on schema changes to the on position.

Connecting to the intermediate database for upsert

SQL Server supports the upsert process. When you enable upsert for the workspace, the data generation process initially writes the transformed data to an intermediate database.

After the initial data generation is complete, the upsert job writes new records to the destination database, and updates existing records in the destination database. It does not touch any other records that are in the destination database.

If the intermediate database is in the same location as the source database, then you can copy the connection and authentication details from the source database.

Copying the connection and authentication details from the source database

To copy the connection and authentication details from the source database:

1. Click Copy Settings from Source.

2. For the user password, you can either specify the password manually, or you can select a secret name from a secrets manager. The selected secret must store a password. The secrets manager option only displays if at least one secrets manager is configured. For information about configuring the available secrets managers, go to Configuring secrets managers for database connections. To enter the password manually:

   1. Click Provide Password.

   2. In the password field, enter the password.

   To use a secret name from a secrets manager:

   1. Click Use Secrets Manager.

   2. From the secrets manager dropdown list, select the secrets manager. Structural connects to the secrets manager and retrieves a list of available secret names.

   3. From the secret name dropdown list, select the secret name.

3. To test the connection to the intermediate database, click Test Intermediate Connection.

Providing the intermediate database connection details

To provide the connection details for the intermediate database:

1. In the Server field, provide the server where the database is located.

2. In the Database field, provide the name of the database.

3. In the Port field, provide the port to use to connect to the database.

4. In the Username field, provide the username for the account to use to connect to the database.

5. For the user password, you can either specify the password manually, or you can select a secret name from a secrets manager. The selected secret must store a password. The secrets manager option only displays if at least one secrets manager is configured. For information about configuring the available secrets managers, go to Configuring secrets managers for database connections. To enter the password manually:

   1. Click Provide Password.

   2. In the password field, enter the password.

   To use a secret name from a secrets manager:

   1. Click Use Secrets Manager.

   2. From the secrets manager dropdown list, select the secrets manager. Structural connects to the secrets manager and retrieves a list of available secret names.

   3. From the secret name dropdown list, select the secret name.

6. To test the connection to the source data, click Test Intermediate Connection.

Ensuring encryption of intermediate database authentication

The Enable SSL/TLS setting indicates whether to encrypt intermediate database authentication.

By default, the toggle is in the on position. We strongly recommend that you do not turn off this setting.

Using Kerberos or NTLM authentication

To use Kerberos or NTLM authentication:

1. Toggle Integrated Security to the on position.

2. For Kerberos authentication, in the Kerberos Domain field, provide the Kerberos domain. For NTLM authentication, leave the field empty.

Trusting the server certificate

To indicate that Structural should trust the server certificate, toggle Trust Server Certificate to the on position.

Connecting through an SSH bastion

For additional security, to connect through an SSH bastion:

1. Toggle Enable SSH Tunnel to the on position.

2. In the SSH Host field, provide the host for the SSH bastion.

3. In the SSH Port field, provide the port for the SSH bastion.

4. In the SSH User field, provide the name of the user to use to connect to the SSH bastion.

5. If you do not use a private key, then in the SSH Passphrase field, provide the passphrase to use for authentication.

6. If you do use a private key, then in the SSH Private Key field, provide the private key. If the private key uses a passphrase, then in the SSH Passphrase field, provide the passphrase for the private key.

Enabling MultiSubnetFailover for the intermediate database

Connecting to the destination database

For a SQL Server workspace, you can write the destination data to either:

• A destination database server.

• A Tonic Ephemeral snapshot. For more information, go to Writing output to Tonic Ephemeral.

• A container repository, for more information, go to Writing output to a container repository.

Under Destination Settings, to write the transformed data to a destination database on a database server, click Database Server.

Copying source connection and authentication details

To copy the connection and authentication details from the source database:

1. Click Copy Settings from Source.

2. For the user password, you can either specify the password manually, or you can select a secret name from a secrets manager. The selected secret must store a password. The secrets manager option only displays if at least one secrets manager is configured. For information about configuring the available secrets managers, go to Configuring secrets managers for database connections. To enter the password manually:

   1. Click Provide Password.

   2. In the password field, enter the password.

   To use a secret name from a secrets manager:

   1. Click Use Secrets Manager.

   2. From the secrets manager dropdown list, select the secrets manager. Structural connects to the secrets manager and retrieves a list of available secret names.

   3. From the secret name dropdown list, select the secret name.

3. To test the connection to the destination database, click Test Destination Connection.

Providing destination database connection details

If you do not copy the source connection details, then to configure the connection to the destination database:

1. In the Server field, provide the server where the database is located.

2. In the Database field, provide the name of the database.

3. In the Port field, provide the port to use to connect to the database.

4. In the Username field, provide the username for the account to use to connect to the database.

5. For the user password, you can either specify the password manually, or you can select a secret name from a secrets manager. The selected secret must store a password. The secrets manager option only displays if at least one secrets manager is configured. For information about configuring the available secrets managers, go to Configuring secrets managers for database connections. To enter the password manually:

   1. Click Provide Password.

   2. In the password field, enter the password.

   To use a secret name from a secrets manager:

   1. Click Use Secrets Manager.

   2. From the secrets manager dropdown list, select the secrets manager. Structural connects to the secrets manager and retrieves a list of available secret names.

   3. From the secret name dropdown list, select the secret name.

6. To test the connection to the destination data, click Test Destination Connection.

Ensuring encryption of the destination database authentication

The Enable SSL/TLS setting indicates whether to encrypt destination database authentication.

By default, the toggle is in the on position. We strongly recommend that you do not turn off this setting.

Using Kerberos or NTLM authentication

To use Kerberos or NTLM authentication:

1. Toggle Integrated Security to the on position.

2. For Kerberos authentication, in the Kerberos Domain field, provide the name of the Kerberos domain. For NTLM authentication, leave the field empty.

Trusting the server certificate

To indicate that Structural should trust the server certificate, toggle Trust Server Certificate to the on position.

Connecting through an SSH bastion

For additional security, to connect to an SSH bastion:

1. Toggle Enable SSH Tunnel to the on position.

2. In the SSH Host field, provide the host for the SSH bastion.

3. In the SSH Port field, provide the port for the SSH bastion.

4. In the SSH User field, provide the name of the user to use to connect to the SSH bastion.

5. If you do not use a private key, then in the SSH Passphrase field, provide the passphrase to use for authentication.

6. If you do use a private key, then in the SSH Private Key field, provide the private key. If the private key uses a passphrase, then in the SSH Passphrase field, provide the passphrase for the private key.

Enabling MultiSubnetFailover for the destination database