What’s the best way to secure merge replication over the internet? The cl
ient is running MSDE and could be a home user with broadband. If it’s usi
ng a VPN would this be SSL or IPSec?Either would secure the traffic from MSDE to the Publisher.
VPN would allow the client to use other corporate resources as well and
authenticate using Windows
Authentication.
At a minimum put a server certificates on the Publisher and update the
Trusted Root Authority
on the Subscriber (MSDE) and use SSL.
316898 HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft
http://support.microsoft.com/?id=316898
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553
If you have an ISA Server, you could publish the SQL resource as well.
Here's some docs on using ISA.
http://www.microsoft.com/technet/pr...tain/proxy.mspx
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Thanks Kevin - I left out some important details. Actually, the client side
would be the Publisher (MSDE). We would like to use replication to backup
the database with our application for our customers.
"Kevin McDonnell [MSFT]" wrote:
> Either would secure the traffic from MSDE to the Publisher.
> VPN would allow the client to use other corporate resources as well and
> authenticate using Windows
> Authentication.
> At a minimum put a server certificates on the Publisher and update the
> Trusted Root Authority
> on the Subscriber (MSDE) and use SSL.
> 316898 HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft
> http://support.microsoft.com/?id=316898
> 276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
> Server
> http://support.microsoft.com/?id=276553
> If you have an ISA Server, you could publish the SQL resource as well.
> Here's some docs on using ISA.
> http://www.microsoft.com/technet/pr...tain/proxy.mspx
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.
>
>|||Thanks Kevin - I left out some important details. Actually, the client side
(MSDE) would be the publisher. We would like to use replication to backup
the databases with our application for our customers.
"Kevin McDonnell [MSFT]" wrote:
> Either would secure the traffic from MSDE to the Publisher.
> VPN would allow the client to use other corporate resources as well and
> authenticate using Windows
> Authentication.
> At a minimum put a server certificates on the Publisher and update the
> Trusted Root Authority
> on the Subscriber (MSDE) and use SSL.
> 316898 HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft
> http://support.microsoft.com/?id=316898
> 276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
> Server
> http://support.microsoft.com/?id=276553
> If you have an ISA Server, you could publish the SQL resource as well.
> Here's some docs on using ISA.
> http://www.microsoft.com/technet/pr...tain/proxy.mspx
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.
>
>|||OK. Then the MSDE machine (Publisher) would require the server certificate
then.
Also, SQL Replication is not really a backup strategy... Many customers use
Transactional Replication
to provide a warm standby for their Published database, but you should also
have a good backup strategy in place in case there
are hardware failures, that require complete recovery.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Kevin,
I'm working on a similar situation (trying to implement SSL between 2
MSSQL 2000 boxes for replication).
Is there any way to implement the envryption (SSL) for the connections
used during the replication, other than the "force encryption" options
in the client and/or server network utility?
TIA.
Mike
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!|||Hi Mike,
In SQL 2000 we use protocol encryption to enable SSL. If you are using
Default instances of SQL for Replication you can also use the older network
library called MultiProtocol.
164667 INF: Replication Setup Over a Firewall
http://support.microsoft.com/?id=164667
Other options are: IPSec between the two machines or a VPN connection
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment