{
  "id": "configuration-guide",
  "title": "Write-behind configuration guide",
  "url": "https://redis.io/docs/latest/integrate/write-behind/configuration-guide/",
  "summary": "Configure write-behind to your database",
  "tags": [
    "docs",
    "integrate",
    "rs",
    "rdi"
  ],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "page_type": "content",
  "content_hash": "1e8d2e1454c40e2529eecd72e9088d9646a95ca6fa9ffcad812e1e1008aaa86b",
  "sections": [
    {
      "id": "overview",
      "title": "Overview",
      "role": "overview",
      "text": "This guide shows you how to configure write-behind target connections."
    },
    {
      "id": "overview",
      "title": "Overview",
      "role": "overview",
      "text": "Write-behind target connections are the connections established between a Write-behind instance and a target database in a\n[write-behind scenario]().\nWrite-behind is used to replicate changes captured in a Write-behind-enabled Redis Enterprise database to a target database. \nThe connections must be configured in the `config.yaml` before deploying any jobs and must follow one of the formats shown below. Multiple connections can be specified in the `connections` section."
    },
    {
      "id": "for-relational-datastores",
      "title": "For relational datastores",
      "role": "content",
      "text": "[code example]"
    },
    {
      "id": "for-non-relational-datastores",
      "title": "For non-relational datastores",
      "role": "content",
      "text": "[code example]"
    },
    {
      "id": "microsoft-sql-server",
      "title": "Microsoft SQL Server",
      "role": "content",
      "text": "Microsoft SQL Server supports different authentication mechanisms (SQL Server Authentication and Integrated Windows Authentication) and protocols (NTLM and Kerberos). Write-behind can use all of them. However, systems that use Kerberos may require some additional configuration."
    },
    {
      "id": "account-permissions",
      "title": "Account permissions",
      "role": "content",
      "text": "To enable Write-behind to work with a SQL Server database, check that the account you specify was assigned at least the `db_datawriter` role."
    },
    {
      "id": "sql-server-authentication",
      "title": "SQL Server authentication",
      "role": "content",
      "text": "To use SQL Server authentication mode, create a user with login credentials and then assign the necessary permissions for the target database to that user.\n\n[code example]"
    },
    {
      "id": "windows-authentication",
      "title": "Windows authentication",
      "role": "content",
      "text": "To use Windows authentication mode, you need to create a Windows or Active Directory account that has the necessary permissions to access the target database, and is able to log into SQL Server. The Linux machine hosting Write-behind can be configured to support the NTLM authentication protocol. \n\nFor NTLM:\n\n[code example]\n\n> Note: User must be specified with the domain name for Windows Authentication to work correctly.\n\nAfter you configure the Write-behind connection and deploy the write-behind job, run the following SQL query to have the operator check if Write-behind is using the expected authentication mechanism and protocol. Note: this operation may require the `sysadmin` role.\n\n[code example]\n\nThe results indicate which `auth_scheme` is used by each session and may take values `SQL`, `NTLM`, and `Kerberos`."
    }
  ],
  "examples": [
    {
      "id": "for-relational-datastores-ex0",
      "language": "yaml",
      "code": "connections:\n    my-sql-datastore:\n        type: <db-type>     # mysql | oracle | postgresql | sqlserver\n        host: <db-host>     # IP address or FQDN of a database host and instance\n        port: <db-port>     # database port\n        database: <db-name> # name of the database\n        user: <db-user>         # database user\n        password: <db-password> # database password\n        # connect_args:     # optional connection parameters passed to the driver - these are driver specific\n        # query_args:       # optional parameters for SQL query execution - typically not required for Write-behind operation",
      "section_id": "for-relational-datastores"
    },
    {
      "id": "for-non-relational-datastores-ex0",
      "language": "yaml",
      "code": "connections:\n    my-nosql-datastore:\n        type: <db-type>     # cassandra\n        hosts: <db-hosts>   # array of IP addresses or host names of a datastore nodes\n        port: <db-port>     # database port\n        database: <db-name> # name of the database\n        user: <db-user>         # database user\n        password: <db-password> # database password",
      "section_id": "for-non-relational-datastores"
    },
    {
      "id": "sql-server-authentication-ex0",
      "language": "yaml",
      "code": "connections:\n    mssql2019-sqlauth:\n        type: sqlserver\n        host: ip-10-0-0-5.internal\n        port: 1433\n        database: rdi_wb_database\n        user: rdi_user\n        password: secret",
      "section_id": "sql-server-authentication"
    },
    {
      "id": "windows-authentication-ex0",
      "language": "yaml",
      "code": "connections:\n    mssql2019-ntlm:\n        type: sqlserver\n        host: ip-10-0-0-5.internal\n        port: 1433\n        database: rdi_wb_database\n        user: MYDOMAIN\\rdi_service_account  # company-domain\\service-account\n        password: secret                    # NTLM requires to provide a password",
      "section_id": "windows-authentication"
    },
    {
      "id": "windows-authentication-ex1",
      "language": "sql",
      "code": "SELECT session_id, auth_scheme FROM sys.dm_exec_connections;",
      "section_id": "windows-authentication"
    }
  ]
}