Certificates

  • Comments posted to this topic are about the item Certificates

  • What about the following re securing clusters?

    From SQL Server 2005 Books Online (search under clusters [SQL Server]\encryption):

    Encryption on a Cluster

    If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1. property box of SQL Server 2005 Network Configuration to configure your failover cluster for encryption.

  • Maybe I am confused....

    On MSDN it states in the article, "How to: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)":

    "To use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster."

    This would make it appear as though certificates can be used to secure a cluster. Am I missing something here?

  • You are correct, clustering should be a valid answer. I shall correct this.

  • Irish Flyer (1/7/2009)


    What about the following re securing clusters?

    From SQL Server 2005 Books Online (search under clusters [SQL Server]\encryption):

    Encryption on a Cluster

    If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1. property box of SQL Server 2005 Network Configuration to configure your failover cluster for encryption.

    This only talks about the configuration that is specific to SQL clusters in order to use encryption. It doesn't secure a cluster specific feature.

  • The mention above to the 2005 BOL is also in the 2008 BOL. Though the reference in books online refer to protocol encryption, it is under the section for setting up a cluster and is referred as a way to use encryption with a cluster. Actually it is in a sub section for 'before' setting up the cluster.

    The debatable topic might be whether or not using encryption is part of securing a cluster.

    Cheers!

  • securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

  • Steve Jones - Editor (1/7/2009)


    securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

    For me there is a difference between "securing clustering" as in the question and "securing a cluster", but who cares. 😀

  • Mighty (1/7/2009)


    Steve Jones - Editor (1/7/2009)


    securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

    For me there is a difference between "securing clustering" as in the question and "securing a cluster", but who cares. 😀

    Well, if my database is nice and secure - protected from attack - and making a failover cluster for it would open it to attack, I would class eliminating that vulnerability before creating the cluster as securing clustering - of course it's also securing the cluster, so in at least some cases the two things can mean the same.

    Tom

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply