January 2, 2013 at 4:07 am
Hi
Seen lots of stuff about how to enable remote DAC, but I can't find anything regarding the implications of enabling.
Are there any security or resource implications?
SQL Server 2005, Enterprise Edition.
Thanks
January 2, 2013 at 5:35 am
The fact that it allows a remote connection to the server may raise eyebrows in some organisations. You do have to connect as a member of the sysadmin role so it's not completely wide open.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
January 2, 2013 at 1:57 pm
Some scenarios where enabling remote DAC might be plausible:
- you are in a shop where the DBAs do not have Remote Desktop access to the server hosting SQL Server (rare in my experience, but the situation does exist)
- you do not install SSMS on the server and are not comfortable using sqlcmd.exe for troubleshooting so want to be able to connect to the DAC using SSMS from your own machine
- you are worried about a server being so busy that it cannot support a Remote Desktop session so you want to be able to connect to the DAC from anywhere
These restrictions on DAC still apply even when remote connections are enabled:
- you have to be in the sysadmin Fixed Server Role
- only one person can be connected to the DAC at a time regardless of whether it is a local or a remote connection
There are likely other scenarios you could come up with to help justify enabling remote connections to the DAC.
One reason not to enable remote DAC connections is that if someone connects and leave the connection open you could be out of luck when the server becomes otherwise unusable. You can kill the session using the DAC, but if you cannot initiate a session without using DAC in the first place that might be difficult. The same could be said of local DAC sessions if opened in a Remote Desktop session and that session were disconnected and left there indefinitely.
Personally I do not have a problem with allowing remote DAC connections but opinions may vary.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply