GlobalConnectionOptions Configuration : Aeries Software

Overview

The 10.25.9.30 release (and later) includes enhanced security features and new configuration options for database connections.

Default Option Changes

Encrypt

The system will automatically default to strict if not otherwise configured.

Check here for more information about this new default encryption setting to ensure your servers are configured to support this: https://learn.microsoft.com/en-us/sql/relational-databases/security/networking/tds-8
Other available options are "false", "optional", and "mandatory"

Workstation ID

The system will automatically transmit your web server or reporting server's machine name on each SQL connection as the Workstation ID for improved connection tracking and auditing.

New Configuration Options

The AeriesReportingConfig file now supports additional connection string options under the <GlobalConnectionOptions> section.

Important Configuration Settings:

Setting	Description	Example Value
Application Name	Identifies your application in SQL Server sessions	AeriesSandbox
Encrypt	Connection encryption requirement	Mandatory
TrustServerCertificate	Trust server certificate without validation	True

Configuration Example

Add the following section to your AeriesReportingConfig files to customize connection settings:

Note: Remember your AeriesReportingConfig files exist in your web servers' "appsettings" folders and your AeriesReporting/Service folder.

xml

<GlobalConnectionOptions>
    <ApplicationName>AeriesProduction</ApplicationName>
    <Encrypt>Mandatory</Encrypt>
    <TrustServerCertificate>false</TrustServerCertificate>
</GlobalConnectionOptions>

Windows Authentication Support

Integrated Security Configuration

When the UserName and/or Password fields in AeriesNetConnections are left blank or omitted, the system will automatically enable Integrated Security. This allows Aeries to authenticate using the Application Pool Identity.

Setup Requirements for Windows Authentication:

Leave the UserName and Password fields empty in AeriesNetConnections
Add the Application Pool Identity user as a login on your SQL Server
Grant appropriate database permissions to this user for accessing your Aeries database

Notes

All settings in GlobalConnectionOptions are optional, with the caveat that your servers support encrypt being set as the new default value strict (requires Windows Server 2022+ and SQL Server 2022+)
If not specified, SQL Server default values will be used
These settings apply globally to all Aeries database connections
Changes require a service restart to take effect
When installing Aeries Updates, IIS will lock the Microsoft.Data.SqlClient.SNI.dll. Be sure to stop IIS before installing this or any future Aeries Update.

For additional assistance with configuration, please contact Aeries Support.

Advanced Options

Do not attempt to configure these unless you have fully tested them in production-like test environments and are fully aware of their impacts.

Setting	Description	Example Value
AttestationProtocol	Enclave attestation protocol	None
Authentication	Authentication method	ActiveDirectoryServicePrincipal
ColumnEncryptionSetting	Column-level encryption configuration	Disabled
CommandTimeout	Command execution timeout (seconds)	120
ConnectRetryCount	Number of connection retry attempts	3
ConnectRetryInterval	Delay between retry attempts (seconds)	10
ConnectTimeout	Connection timeout (seconds)	`30`
EnclaveAttestationUrl	URL for enclave attestation	'https://attestationprovider.domain.net'
IPAddressPreference	IP version preference	IPv4First
LoadBalanceTimeout	Load balance timeout (seconds)	0
MaxPoolSize	Maximum connection pool size	100
MinPoolSize	Minimum connection pool size	0
MultipleActiveResultSets	Enable MARS	True
PacketSize	Network packet size (bytes)	8000
PoolBlockingPeriod	Connection pool blocking behavior	Auto
Pooling	Enable connection pooling	True
TransparentNetworkIPResolution	Enable transparent network IP resolution	True

GlobalConnectionOptions Configuration Print