Secure connections

When you connect to a SAP Adaptive Server Enterprise (ASE) database over untrusted or restricted networks, protect credentials and traffic and keep the connection stable. Devart ODBC Driver for ASE supports several secure connection approaches, so you can match the setup to your network path and security rules.

Overview of secure connection methods

Method SSL (Secure Sockets Layer) SSH (Secure Shell) HTTP tunneling
Primary use case Direct encrypted connections with certificate-based authentication. Encrypted tunnel through an SSH server (jump host/bastion) to reach ASE. Reaching ASE from networks that allow only HTTP/HTTPS traffic.
Key features
  • Encrypts traffic between the client and the server.
  • Supports server identity validation via certificates.
  • Optional client certificate authentication (if required by your security policy).
  • Creates a secure tunnel to the target network through an SSH server.
  • Supports password-based and key-based authentication.
  • Encrypts traffic and validates integrity using standard SSH mechanisms.
  • Wraps database traffic into HTTP/HTTPS to pass strict firewalls.
  • Works with proxy servers and proxy authentication.
  • Supports standard HTTP authentication schemes such as Basic or Bearer tokens (when your tunnel endpoint requires them).
Typical scenarios
  • Production connections where ASE is reachable directly.
  • Cases where you need encryption but want minimal extra network hops.
  • Access through a bastion host or jump server.
  • Environments where SSH is already used for controlled remote access.
  • High-security setups that require an extra protective layer.
  • Corporate networks that block non-HTTP traffic.
  • Remote access from restricted networks (hotels, guest Wi-Fi, partner networks).
  • Routes that must pass multiple proxy layers.

Performance considerations

All secure methods add overhead due to encryption and extra routing. Consider the following when choosing a connection method:

  • SSL: Usually the fastest secure option because it keeps the connection direct.
  • SSH: Adds moderate overhead (encryption plus one more hop through the SSH server).
  • HTTP Tunneling: Usually the slowest option due to HTTP wrapping and proxy processing.

If direct access to ASE is available, use it. When security is required, pick the method that meets your policy with the smallest number of hops and the simplest network path.