RE: IPSec policy between webserver and a clustered db server(SQL20
From: Srini (Srini_at_discussions.microsoft.com)
Date: 07/29/04
- Next message: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Previous message: bhagya: "Re: Re SQL Resolution Service"
- In reply to: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Next in thread: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Reply: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jul 2004 15:25:17 -0700
Let us say, I enabled Protocol Encryption on both clustered servers this solves the problem of encrypting the data between the two cluster servers. But it will not allow me to configure some clients(application servers) with SSL and some other clients(application servers) without SSL. Did I understand it correctly or did I miss something?
In a nutshell - I am trying to have all the following configured at the same time.
Clustered server one - CLUST_SQL_SRV_A
Clustered server two - CLUST_SQL_SRV_B
Application server one - APP_SRV_A
Application server two - APP_SRV_B
1. APP_SRV_A connects to CLUST_SQL_SRV_A(communication is encrypted)
2. APP_SRV_B connects to CLUST_SQL_SRV_A(communication is not encrypted)
3. CLUST_SQL_SRV_A connects to CLUST_SQL_SRV_B (communication is encrypted)
Is this a possible scenario bu using SSL? Or is there any other way to achieve this?
Thank you for the information.
Srini
"Kevin McDonnell [MSFT]" wrote:
> Prev. Post.
>
> I would like to be able to encrypt the data comming out/in on the
> replication(between two SQL cluster servers -- I have two nodes on each
> cluster) also.
>
> ---Once you enable Protocol Encryption on the server it will encrypt all
> traffic to and from the SQL Cluster. It doesn't matter how many nodes you
> have. If you have two Clusters communicating , then one is the client and
> the other is acting as the server.
>
> If SSL is used, is there a way to encrypt the communication between certain
> clients (not all clients of the SQL cluster server) and the SQL cluster
> server only, and the communication between the two cluster SQL servers(as a
> result of replication, etc.).
>
> ---Yes. If you enable the protocol encryption on a particular client and
> not the server, then the traffic is encrypted between that client and
> server. But it is GLOBAL if you enable it on the client, so if the same
> client needed to connect to a server not using SSL, the connection would
> fail. The only way around this is to change the connection string in your
> application. This way you can control it per connection.
>
> This is explained in the kb articles:
> 276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
> Server
> http://support.microsoft.com/?id=276553
>
> 316898 HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft
> http://support.microsoft.com/?id=316898
>
> Please make sure you read this before setting this up on a Cluster though.
>
> 319349 BUG: Turning On the 'Force Protocol Encryption' Option Is
> Irreversible
> http://support.microsoft.com/?id=319349
>
>
> Thanks,
>
> Kevin McDonnell
> Microsoft Corporation
>
> This posting is provided AS IS with no warranties, and confers no rights.
>
>
>
>
- Next message: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Previous message: bhagya: "Re: Re SQL Resolution Service"
- In reply to: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Next in thread: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Reply: Kevin McDonnell [MSFT]: "RE: IPSec policy between webserver and a clustered db server(SQL20"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
