Select a data source type – small teams

This article is intended primarly for small teams of up to 15 users who use the features provided by our Team edition.

To assist with selecting the appropriate data source, here is a set of concerns and the list of data sources that can serve in such a context.

When choosing a non-on-premises data source, it is important to account for the security of data both at rest and in transit. It is strongly recommended to further encrypt data using a master key for file-based solutions or a security provider for advanced data sources, ensuring that only authorized parties can access the data.

For enhanced security features such as encryption at rest and in transit, restricted database access, and zero-knowledge encryption, consider our enterprise data sources.

Concern SQL Server SQL Azure
Unaccessible database to end users Note 1
Note 2
Note 1
AD accounts used for authentication  
Data stored on-premises  
Activity logs
Data accessible globally Note 3
Optional local cache of connections

Notes

Note 1

Administrators can create end-user accounts without sharing passwords by importing a locked data source definition for each user. However, this process involves significant manual effort by the administrator.

Note 2

Integrated security is a Microsoft technology that allows access to a SQL Server instance without transmitting credentials, relying on the authentication token from the Windows environment. This allows users to connect directly to the database using other tools, but it should not be used if preventing direct database access is required.

Our SQL Server data source provides a third authentication option, Custom (Devolutions), which allows user impersonation without revealing the credentials used to connect to the database. For more information, refer to User management.

Note 3

It is possible to expose a database to the Internet, but SSL/TLS encryption is necessary to secure the traffic and mitigate risks like DDoS attacks. Cloud services, such as Azure, prioritize this concern. The default firewall settings should block all traffic initially, with exceptions and rules added as needed. Additionally, open only the essential ports, add them to the exception list, and filter incoming requests based on their origin.

Devolutions Forum logo Give us Feedback