An interface requires security credentials configuration to access the databases. There are some best practices to follow to ensure the interface remains viable and will continue to provide access to the data. Here are some recommendations:
- Avoid using workgroups. Use a Windows domain authentication wherever possible. Using workgroups in a corporate scenario adds to the number of identities that need to be managed. It is better to set up Local groups in Active Directory or in a security group on the Web server.
- Avoid using IP addresses. Use DNS or FQDN names wherever possible. IP addresses change all the time; domain names can be changed more easily without having to make changes to each interface.
- Never use an individual user account for authentication. If the individual leaves the organization, the removal of the account will break the interface. Also, most passwords require changes every several months and it is a maintenance burden to change the password setting.
- Instead, use a service account with network service. This requires permission on the remote server as domain\webservername$. A custom service account will also require permissions and service rights.
- A Group-managed service account is ideal because it allows central management of rights and access.