Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: 
SQL Server 
Azure SQL Database
Azure Synapse Analytics
Analytics Platform System (PDW)
Display or changes the global configuration settings for PolyBase network encryption. This configuration option controls whether PolyBase encrypts the communication channels between the SQL Server instance and the PolyBase Engine, which runs in the same server.
The possible values are described in the following table:
| Value | Meaning |
|---|---|
0 |
Disabled |
1 (default) |
Enabled |
Enabled is the default setting in SQL Server versions for security compliance.
When enabled, the communication between SQL Server and PolyBase components is encrypted.
Beginning with SQL Server 2025 (17.x) Preview, a valid certificate is required to encrypt the communication between PolyBase services and SQL Server.
When disabled:
- Communication isn't encrypted
- No certificate or extra checks are required.
Disabled encryption configuration can be suitable for environments that are fully trusted, isolated or when no certificate can be provided.
This change takes effect immediately.
Enable network encryption
The following example enables this setting.
EXECUTE sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXECUTE sp_configure 'polybase network encryption', 1;
GO
RECONFIGURE;
GO
Disable network encryption
The following example disables this setting.
EXECUTE sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXECUTE sp_configure 'polybase network encryption', 0;
GO
RECONFIGURE;
GO
Additional configuration requirement
Beginning with SQL Server 2025 (17.x) Preview, a valid certificate is required for secure connections.
To encrypt the communication between PolyBase components and SQL Server, you need:
- The certificate must be signed by a trusted Certificate Authority (CA).
- Its Subject Name or Subject Alternative Name should match the SQL Server's Fully Qualified Domain Name (FQDN).
After the certificate is installed on the server, update the SQL Server instance as follows.
Add the certificate to the PolyBase configuration table.
To add the certificate to the configuration table, update the following example for your instance run the query:
UPDATE DWConfiguration.[dbo].[configuration_properties] SET value = '<CertificateSerialNumber>' WHERE [key] = '<CertificateSerialNumber>' AND [id] = `<Server Name>`Enable PolyBase Network Encryption through
sp_configure.Restart the SQL Services.
Permissions
All users can execute sp_configure with no parameters or the @configname parameter.
Requires ALTER SETTINGS server-level permission or membership in the sysadmin fixed server role to change a configuration value or to run RECONFIGURE.
SQL Server 2025 Preview RC 0 known issue
SQL Server 2025 (17.x) Preview RC 0 has the following known PolyBase issues:
- PolyBase services on SQL Server 2025 (17.x) Preview won't work unless there's a trusted certificate, or if PolyBase network encryption is set to
0. - SQL Server on Linux currently only supports PolyBase network encryption set to
0.