Replication within a dmz

  • Hi Folks,

    I am stuck on this problem, just wondering if anyone can help me out. I am working in a large organization where security is a major issue. One thing that they are strict about is not allowing IIS on the same machine as SQL Server. This means that we have to isolate all the IIS boxes to DMZ's.

    One of the departments are introducing a new application to allow PDA access using sql server CE. This resides on the same box as IIS in the DMZ. The company that are supplying the SoftWare have claimed that you cannot setup a DSN for CE in the DMZ to send the data to database within the network.

    We finally came to a solution where I was going to implement Log shipping. Using MSDE in the DMZ we were going to dump the log files and then restore them onto the main database within the network. But unfortunately you need an enterprise version and we only have licences  for standard editions of SQL Server.

    I wanted then to setup transactional replication; but I cannot do this within the DMZ as it asks for the server and I cannot connect the servers to each other.

    I am thinking of writing my own active X script to do transactional replication every hour or so and then to send that via email to a mail box; write some add on to that where it will parse the mail extract the trn file and put it onto the network; where then the database on the live server can pick it up... replicate etc etc

    Has anyone any feedback on whether I should go along with this idea or am i just complicating matters?

    All help is greatly appreciated

    Thanks

    m

     

      

     

     

  • We replicate to our dmz all the time. On the internet facing side our firewall will not allow inbound connections, on the lan side it will. We can connect to our server and replicate to it using transactional replication with a push subscription.

    You don't need the enterprise edition for log shipping - you can roll your own method.

    You should also be able to connect to your subscriber. Did you create an alias using the Client Network Utility? are you using SQL Authentication or pass through authentication.

    You can cobble together something using transactional replication or log shipping like you suggest and send the data via email, but the fact you can send email to this server means that replication or log shipping could work.

    --

    Hilary Cotter

    Looking for a SQL Server replication book?

    http://www.nwsu.com/0974973602.html

    Looking for a FAQ on Indexing Services/SQL FTS

    http://www.indexserverfaq.com

     

     

  • Hi Hilary,

    And thanks for the reply, I have been searching for some resources on the web with reference to the same, and came across this document.

    Its a white paper on using SQl server replication over the web, would you reckon this is the best way to go about doing it or should I try and put something together

    In relation to your questions,

    I am going to use sql server authentication as within the DMZ I cannot map domain usernames. I havent created any aliases yet using the client network utility. Just to clarify as well, Our publisher will reside within the DMZ, so I have to create push subscriptions using http/ftp.

    Thanks again for the reply, all help is much appreciated.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply