We have an application that requires bi-directional data transfer between 2
SQL servers. To ensure the data transfer is encrypted, we
are considering to use SQL server SSL encryption. However, the
problem is for this case, each machine is acting as both client and
server for SSL encryption. So is there any way to do this? As far as
I know, we can turn on this "enforce protocle encryption" option
on either client or server, but not both. Besides, will this mean
we need to install certificate on every machine?
If this is not possible in SQL server, is there any other way
to achieve the same goal?
Thanks.I suggest you look into ipsec (IPSecurity protocol).
--
Tunji Ogundeji
mcdba, ocp
www.geniant.com
"Yuh-MIng Shyy" <yshyy@.imedica.com> wrote in message
news:Wydic.2$C02.1637@.news.nyc.globix.net...
> We have an application that requires bi-directional data transfer between
2
> SQL servers. To ensure the data transfer is encrypted, we
> are considering to use SQL server SSL encryption. However, the
> problem is for this case, each machine is acting as both client and
> server for SSL encryption. So is there any way to do this? As far as
> I know, we can turn on this "enforce protocle encryption" option
> on either client or server, but not both. Besides, will this mean
> we need to install certificate on every machine?
> If this is not possible in SQL server, is there any other way
> to achieve the same goal?
> Thanks.
>
>|||Hi Yuh-Mlng,
From your description, I understand that you would like to know something
about SSL encryption and connection between two machines.
Based on my knowledge, authentication is provided through the use of a
digital signature. This digital signature takes the form of a certificate
which is administered from a Certificate Authority. For more information,
there is a good blurb in article q205698, "Submit a certificate request to
this CA using a form." Another good article is q245152, "How Secure
Sockets Layer Works."
SQL server 2000 implements SSL. There are two main setup procedures to
implement SSL:
Enable SSL on the SQL Server - following this procedure results in all
client
connections to SQL Server implementing SSL. This requires two steps:
1. Create a valid certificate from a Certificate Authority on the SQL
Server
2. Enable Force protocol encryption in the SQL Server Network Utility.
Enable SSL on individual clients - following this procedure results in
implenting secure connections between SQL Server and only those clients
configured for secure connections. Example - you have approx 100 clients
that connect to SQL 2000 server, but you only require two connections be
secure. This is a good example of where client configured secure sockets
may be arguably a better, more efficient implementation. To set up client
SSL to SQL Server:
1. Create a valid certificate from a Certificate Authority on the SQL
Server
2. Set up client with Trusted Root CA certificate - basically
certificate so
that client trusts the CA that gave SQL Server its certificate.
3. On the client, enable "Force protocol encryption in the SQL Server
Client
Network Utility.
NOTICE that force protocol encryption may have some performance impact on
your SQL Server in some cases.
Moreover, you could have a look at
INF: How SQL Server Uses a Certificate When the Force Protocol Encryption
Option is Set On
http://support.microsoft.com/?id=318605
HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server
http://support.microsoft.com/?id=276553
HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft Management
Console
http://support.microsoft.com/?id=316898
In addition, if you are unfamiliar with PKI, I would like to recommand the
documents below
An Introduction to the Windows 2000 Public-Key Infrastructure
http://www.microsoft.com/technet/archive/windows2000serv/evaluate/featfunc/p
kiintro.mspx
which will give you a brief introduction for Windows 2000 PKI
Hope this helps and if you have any questions or concerns, don't hesitate
to let me know. We are here to be of assistance!
Sincerely yours,
Michael Cheng
Microsoft Online Support
***********************************************************
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment