December 23, 2009 at 2:04 pm
Hi,
I have a customer with SQL 2008 Standard as the database to a third party records management software application. The Database server is part of the company domain and was installed with windows and SQL authentication (mixed mode).
The customer now needs to add a Web Server into the equation. This will be internet facing and will interact with the SQL 2008 Standard via a web client produced by the third party records management software comapny.
While the web server could also be put on the domain my preference would be for it to be standalone. However as it would not be on the domain will it still be able to communicate with the sql server without domain authentication in the same way as an Exchange 2007 Edge Server can communicate with the other Exchange servers on the network?
Probably a basic question but this is the first SQL server I've worked on coming from a SBS background.
Thanks in advance
Neil
December 23, 2009 at 2:17 pm
Yes using SQL Server authentication. I assume the application can be configured in some way for a user and password to set up its connection strings.
Take the time to create a role (or roles) on the SQL server and assign only the necessary permissions to this role that the application needs to run. Then assign the user(s) to the role(s).
The probability of survival is inversely proportional to the angle of arrival.
December 23, 2009 at 3:19 pm
Hi,
Thanks for your reply. The application has a web server front end that uses IIS and a database front end that uses SQL. When external users access the web server they get asked for a username and password. Having seen this in action its normally a two letter username which I'm assuming is SQL authentication. Am I also right in doing it this way for security reasons?
Thanks again.
December 24, 2009 at 6:26 am
There is nothing inherently wrong with using SQL Server logins that way, for a smaller controlled group of users. You must manage all of the these users and their passwords within SQL Server. I highly recommend using roles as a part of managing these users if you go this route.
It might be better to decouple the web user (application) passwords from SQL server logins though and just have a single application login for SQL server. I would have to know more about the specifics of the application, the type of users and what sort of database access they would be doing before I could recommend one way over the other.
The probability of survival is inversely proportional to the angle of arrival.
December 24, 2009 at 8:44 am
Your IIS configuration will matter. Does the IIS pass through authentication requests to the user? You can manage users/pwds in SQL Server for the web users, but you'll need to set one up, manage the appropriate permissions in SQL Server and test it working across the web.
December 24, 2009 at 11:08 am
It seems the third party application handles the IIS & SQL config. The application is actually RS-SQL and RS-Webnet from http://www.oneilsoft.com. Having now seen I cannot use the SQL 2008 Standard for Small Business Currently on his domain my best option is to install two new servers, one to run Server 2008 Web Edition/IIS and the other to run Server 2008/SQL 2008 Standard with processor license. These cannot be joined to the SBS domain and will operate as stand alone servers with the SBS domain PC's accessing the SQL Server via SQL authentication. Do the domain PC's & external users need CAL's for accessing the Server 2008 that SQL will be installed on? I know that neither will need SQL CAL's as these are covered by the processor license and that the external users are covered by Server 2008 Web Edition but now unsure if the Server 2008 Std that SQL will be installed on needs CAL's for external and internal users!
Why do MS make this so confusing!?
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply