CHAPTER 11 SECURING REPORTSFigure 11-7. Network Monitor with encrypted packets
Securing Data Storage in SSRS
While it is important to ensure that network traffic is encrypted, this is only one aspect of maintaining a
secure environment. SSRS requires that sensitive data, such as account information used for data access,
be stored securely. Since these data are stored in different locations, such as database tables and
configuration files, SSRS uses a symmetrical key encryption process to securely store and access this
information. What this means is that the authentication information in the database and configuration
files is stored in an encrypted format, and SSRS uses the encryption keys it generates to decrypt the
information when needed.
As with many SSRS tasks in SQL Server, multiple tools are available to make configuration changes
to the report server. You can manage keys with the Reporting Services Configuration Manager as well as
a command-line utility called RSKeyMgmt. You can use either of these tools to back up the keys
associated with the report server instance so that if something were to occur that caused the server to
have to be rebuilt, you could reapply the keys to the installation. The encryption keys are generated
when SSRS is installed or joins a farm. Figure 11-8 shows a section of the RSReportServer.config file,