RE: IPSec policy between webserver and a clustered db server(SQL20

From: Kevin McDonnell [MSFT] (kevmc_at_online.microsoft.com)
Date: 07/28/04 

Date: Wed, 28 Jul 2004 21:15:37 GMT

Prev. Post.

I would like to be able to encrypt the data comming out/in on the
replication(between two SQL cluster servers -- I have two nodes on each
cluster) also.

---Once you enable Protocol Encryption on the server it will encrypt all
traffic to and from the SQL Cluster. It doesn't matter how many nodes you
have. If you have two Clusters communicating , then one is the client and
the other is acting as the server.

If SSL is used, is there a way to encrypt the communication between certain
clients (not all clients of the SQL cluster server) and the SQL cluster
server only, and the communication between the two cluster SQL servers(as a
result of replication, etc.).

---Yes. If you enable the protocol encryption on a particular client and
not the server, then the traffic is encrypted between that client and
server. But it is GLOBAL if you enable it on the client, so if the same
client needed to connect to a server not using SSL, the connection would
fail. The only way around this is to change the connection string in your
application. This way you can control it per connection.

This is explained in the kb articles:
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553

316898 HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft
http://support.microsoft.com/?id=316898

Please make sure you read this before setting this up on a Cluster though.

319349 BUG: Turning On the 'Force Protocol Encryption' Option Is
Irreversible
http://support.microsoft.com/?id=319349

Thanks,

Kevin McDonnell
Microsoft Corporation

This posting is provided AS IS with no warranties, and confers no rights.

Relevant Pages

  • Re: Socket Server with Encryption help
    ... Before the client ... Authentication protocols are fiercely difficult to get right. ... by Needham and Schroeder "Using encryption for authentication in large ... Client connects into Server and Server accepts the connection. ...
    (microsoft.public.dotnet.security)
  • Question on client/server application
    ... (one will act as a simple TCP server and the other will be a simple ... TCP client). ... What is the simplest way for me to implement a secure connection ... There are plenty of encryption libraries out ...
    (comp.lang.pascal.delphi.misc)
  • RE: Implementing RSACryptoServiceProvider *and* JavaScript
    ... JavaScript: hashing, synchronous encryption, and asynchronous ... This will enable me to ensure security between the client ... Send these back to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: RDP Data Encryption Error
    ... If we make a remote connection to the server at work and then RDP into one ... we get this "encryption error" after a few seconds. ... the client will drop the connection ...
    (microsoft.public.windows.terminal_services)
  • RE: Help Newbie..Upload file from SQL Server
    ... Enable SSL Encryption for SQL Server 2000 with Microsoft Management ... Steps to Use to Install a Certificate on a Server with Microsoft Management ... Steps to Enable Encryption for a Specific Client ...
    (microsoft.public.sqlserver.programming)