January 9, 2009 at 3:28 pm
Hello all. I am relative noob to SQL Server (I support it but am not a DBA) and really new to replication. I have some questions about a scenraio that may seem basic.
We are looking to have field interviewers, using SQL Express, participate in Replication with a server which is located inside our firewall. They will have domain accounts set up in the domain that this SQL Server is located in. We don't think we can avoid this. However, we are attempting to limit, in any way possible, the access that these field interviewers have to any machines inside that firewall.
If we set up a server running the replication components in the DMZ, and the DMZ's domain trusts the domain that the internal SQL Server is in, and we have opened the necessary ports from the DMZ to the inside, will replication be able to take place? In other words, without direct communication between the client and the server housing the database, is replication possible, as long as they have an account that has rights to that database?
I appreciate any assistance with this.
January 13, 2009 at 7:44 am
Yes it is possible but you should ensure that the "inside" can get to the DMZ and NOT the other way around.
* Noel
January 13, 2009 at 8:01 am
But the DMZ has to have the correct ports open to reach the Publisher server. That's what I was saying (and may have worded poorly).
The client needs no direct access to the SQL Server inside the firewall, correct?
January 13, 2009 at 8:06 am
Yes, replication partners need to have a direct connection to each other. If you cannot arrange this through your DMZ, then I would suggest setting up another SQL Server actually IN the DMZ as a replication relay server.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
January 13, 2009 at 8:16 am
Yes, that's what I was thinking, that the Client, outside the firewall, and the Publisher server, inside the firewall, would be able to communicate as a result of the Distributor server being in the DMZ.
This is probably all very basic.
January 13, 2009 at 8:55 am
Private Gripweed (1/13/2009)
This is probably all very basic.
Not really. It is not the kind of thing that I would expect a junior DBA to be able to do without assistance.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
January 13, 2009 at 9:08 am
I agree with RBarryYoung. A "double" hop replication is the best way here. Merge replication does NOT uses the distributor except for "historic" information. It is definitely Doable but not "basic".
You need to know really well the ins-and-outs to get the republisher right.
* Noel
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply