Slate supports direct, native SQL Server connections that may be used from any client that supports connections to a SQL Server. These credentials may be directly provisioned within Slate and are restricted to a specific set of external IP addresses or subnets. The connections provide a read-only interface into your Slate database.
SQL Server clients include, among others:
- SQL Server Management Studio
- Crystal Reports
The direct SQL interfaces are provided on an "as is" basis and should be used for ad-hoc reporting only. Because SQL queries built and run outside of Slate cannot be tracked or managed, even minor changes to database schemas may break some of those scripts. For this reason, with Configurable Joins, all queries should and can be written using the standard query tool. This makes the query far more supportable by non-SQL users and has the added benefit of using standardized exports and filters. These standard exports and filters are routinely verified against schema changes and are much less fragile.
Direct SQL access for an organization may be discontinued at any time at the sole discretion of Technolutions if it impacts database or server performance. For example, disruptive activities would include copying all rows in a table or querying indiscriminately or too frequently. The direct SQL access is provided for ad hoc reporting and management only. Direct SQL access is not appropriate for automated, scheduled, or batch jobs, as these should be maintained within Slate as data exports or web services. Connections are automatically disconnected after 60 minutes of inactivity, and connections in excess of 3 concurrent connections may be terminated.
- Select Database on the top navigation bar and select User Permissions.
- Choose the user who will be granted access.
- Select Edit User.
- Select the Roles tab.
- Under the Exclusive Permissions section, select Direct SQL Access. A new section, named Direct SQL Access, appears.
- Select Reset Password to set the password for the first time, and record this password for future use. The password will not be displayed again after selecting Update. Record the cluster, database, and username as well, and use the table below to identify the appropriate port.
- Enter any IP addresses that require this connectivity. You may also use CIDR notation to authorize larger IP subnets.
For security purposes, limit the Allowed Networks to individual IP addresses and small subnets where possible.
Wait up to 60 minutes for any changes, including the provisioning of new accounts, to take effect, since the accounts and firewall rules are refreshed once per hour.
The host name follows the syntax of "sql.technolutions.net,1440," where the ",1440" indicates the custom port number. This enables routing to the appropriate database cluster and is necessary when using a non-standard port (the standard port is 1433). Although many protocols follow the standard ":port" syntax, SQL Server requires the ",port" syntax instead.
- ACIS: sql.ca-central-1.technolutions.net,1440
- ARES: sql.technolutions.net,1444
- EROS: sql.technolutions.net,1445
- LARA: sql.technolutions.net,1447
- LIMA: sql.technolutions.net,1448
- LUNA: sql.technolutions.net,1442
- MARS: sql.technolutions.net,1443
- MENA: sql.eu-west-1.technolutions.net,1440
- NONA: sql.technolutions.net,1440
- OPUS: sql.technolutions.net,1446
- ROMA: sql.technolutions.net,1441
If restricting the outbound traffic from your institution to Internet hosts, allow-list the following IP addresses based upon the assigned hostname:
If you are using SQL Server Management Studio, connect using the following settings, updating the values as needed for your particular database cluster, login name, and password. Other clients will provide similar options.
For added security, select Options and then select Encrypt connection, as shown below. If your client does not provide a user interface to enable encryption, you can pass a parameter of "Encrypt=yes" in the connection string to instruct the ODBC client to use an encrypted connection.
If you are unable to add the connection parameters as described, you may need to forego the use of an encrypted connection.