Access to Third Party Companies

  • My company has a growing need to share some of our data with other companies on a daily basis. What would be the most secure way to do this with SQL 2005?

  • Well, this is a rather complex requirement... Let me take a shot at this. I am assuming you are looking for an integrated solution as opposed to a simple backup/restore scheme.

    > Option 1 - Replica

    One option is to replicate (or backup/restore) your databases into a secondary location (such as an isolated network) that is accessible through a VPN connection - in this case you are in complete control of access rights and communication is encrypted. It's a bit tedious but it works.

    > Option 2 - Direct Tunneling

    You could setup a tunneling configuration with SQL bridges that would allow the external company to connect to your databases directly and securely - here the key is to control user access by only allowing 1 database account (either a real account or a proxy account) to be used through the tunnel - this can be done by using database authentication solutions that proxy the actual authentication process and give you complete control over who can connect from a remote location.

    From a communication standpoint you can use a point-to-point bridge or a VPN connection. Both work equally well and use IPSec for encryption.

    Hope this helps,

    Regards

     

    Herve Roggero
    hroggero@pynlogic.com
    MCDBA, MCSE, MCSD
    SQL Server Database Proxy/Firewall and Auditing

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply