RE: force protocal encryption ?
From: Kevin McDonnell [MSFT] (kevmc_at_online.microsoft.com)
Date: 01/28/05
- Next message: Kevin McDonnell [MSFT]: "RE: SQL Server And windows authentication"
- Previous message: Kevin McDonnell [MSFT]: "Re: BuiltinAdministrator's not SysAdmin yet appear to have DBO on"
- In reply to: Frank: "force protocal encryption ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jan 2005 00:57:30 GMT
Hi Frank,
I'll try to address each concern:
1: how much extra resource it will take to do encryption?
-- there is some additional handshakes done to check the certificate during
the initial connection request.
You can see this via network trace. You could also use the SQL client
"Show CLient Statistics" to measure performance with and
without SSL in your environment.
2: What certificate should we use, must we use certicate from public
certification authority?
- The certificate is a Server cert issued to the FQDN of the server. It
has the same requirements a IIS server cert uses.
The subject name == FQDN and not the IP address of the server.
3: how will the client side affected after I turn on force protocal
encryption? should it be transparent to them if we install public
certificate on the server?
-- If you enable it on the Serverside, there is nothing needed on the
client.
4: Can client still connect to server using IP address, or must FQDN is
required?
-- No. You'll need to pass the netbios name or FQDN in the connection
string.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
- Next message: Kevin McDonnell [MSFT]: "RE: SQL Server And windows authentication"
- Previous message: Kevin McDonnell [MSFT]: "Re: BuiltinAdministrator's not SysAdmin yet appear to have DBO on"
- In reply to: Frank: "force protocal encryption ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
