Sage 100

I've been touting SQL as a better alternative for larger sites who are also concerned about security.

I typically would say that SQL protects the MAS_XXX so a user couldn't drop to Windows Explorer and delete or copy off company data files. In most cases that feature itself is enough justification to migrate.

It also helps that 100cloud users can move to SQL without paying any additional fee.. 

Are there other security-related benefits that SQL/Premium brings that I should mention?

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

I compiled the list below from information posted on the 90 Minds socialcast group a couple of years ago:

Advantages of SQL

• More efficient processing of large data sets.
• Better integration with third-party SQL-based applications.
• Easier to query. Availability of SQL data for queries and other manipulation using traditional SQL tools.
• Reports run a lot faster.
• Can be configured to restore to a specific point in time, and can write and schedule back end SQL queries to generate reports.
• Has better data integrity. Keyed file and date formatting errors that occur in ProvideX are not possible in SQL.
• No premium for premium (a true benefit of Sage 100cloud)
• External reports based on SOTAMAS90 pretty easy to convert to Premium
• Customers notice a speed increase in external reporting (finally some true value added)
• Virtually all 3rd party ISV solutions work with Premium
• Reporting via external tools/connections is faster
• Pretty straightforward to setup
• The prior penalty for SQL speeds in native Sage screens seems mostly gone
• DFDM goes away but you can DL free DSD SQL DFDM
• Skilled users can use SQL tools for query/changes (recommend locking customer out of this)

Disadvantages of SQL

• Customer needs to be comfortable setting up a SQL server
• Some customers reluctant to invest in a new server to maintain (especially if they don't have on-staff IT person)
• Sage has poor info about how to configure the SQL server and cannot answer basic "how to" questions
• Easy to use SQL tools to change data without Sage 100cloud which could result in lost data if not performed by a qualified person
• MRP users can't use Premium yet
• Tricks you may do with PVX such as swapping in or out single data files are difficult/impossible with Premium

------------------------------
Doug Higgs
Assistant Technical Support / Building Maintenance Specialist
Midwest Commerce Solutions, Inc
------------------------------

Providex files have no security at all, with Sage security through the programming (not through Providex features).  Even with ODBC security turned on, with a copy of the M4T anyone can see everything (except for hashed values like passwords / PII...).  SQL files are protected by SQL with full security features (as long as the raw database files are protected... with no requirement by Sage that everyone has full control over them).
Of course I wouldn't advertise widely that Providex files are so vulnerable...
Workstation Crypto can technically encrypt M4T's but properly configured SQL is protected unless the server itself is infected.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------

I haven't widely advertised the vulnerability though I did point out that with Sage 100 Standard/Advanced the Sage users need full rights to the data folder which opens the system up to someone deleting/copying or replacing a file or files. 

I think the availability of SQL at no added subscription is one of the bigger benefits for security conscious Sage 100cloud customers.

I do wonder whether Sage will someday close that loophole

I'm waiting for Sage to:

1. Go with named vs concurrent users
2. Charge for SQL
3. Charge for the number of integrations

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

Original Message:
Sent: 07-12-2019 09:42
From: Kevin Moyes
Subject: How does Sage 100 Premium Increase Security over Standard/Advanced?

Providex files have no security at all, with Sage security through the programming (not through Providex features).  Even with ODBC security turned on, with a copy of the M4T anyone can see everything (except for hashed values like passwords / PII...).  SQL files are protected by SQL with full security features (as long as the raw database files are protected... with no requirement by Sage that everyone has full control over them).
Of course I wouldn't advertise widely that Providex files are so vulnerable...
Workstation Crypto can technically encrypt M4T's but properly configured SQL is protected unless the server itself is infected.

------------------------------
Kevin Moyes
Technical Systems Analyst
Munjal White Consulting Co.
Toronto ON
------------------------------