December 16, 2009 at 7:45 am
Hello,
I've looked at Microsoft's Log Shipping documentation and have seen no mention of whether the data is secured between the endpoints involved in a log shipping configuration. I found a document that says if you're using Transparent Data Encryption, then the communication is concealed in transmission over the network, but if we're not using TDE, I don't know if this is still the case or if I have to set up something to take care of this on my own. This database contains HIPAA data, so we want to make sure that the transmission from primary to standby is encrypted. Any information related to the implementation of Log Shipping and/or ideas about how to secure this data would be much appreciated.
Thanks!
Vanessa
December 16, 2009 at 7:54 am
Since TDE is not available in SQL Server 2005 and I am not familiar with log shipping as we aren't using it. Here is my two cents. If the source and destination are local to each other, not sure if there is much threat during transit (but I may be wrong). If the source and destination are geographically dispersed, then I'd look at setting up a VPN connection between the two for the transfer of the log files. This would protect the data in transfer. You could also look at this locally, but not sure if the overhead there is needed.
December 16, 2009 at 8:53 am
Log shipping is strictly a
- log backup
- network file copy
- log restore
While SQL Server can secure communications, it doesn't secure the file copy. That's a windows function. You'd need to ensure network communications at the windows level.
If you have a 3rd party product that could encrypt the log backup, that might satisfy your requirement, but I think in that case you now have to manually handle log shipping. I'd have to check if they support helping you with log shipping.
December 16, 2009 at 9:10 am
Brain Dead. IIRC, Quest LiteSpeed, Redgate SQL Backup, etc support log shipping and they can encrypt the files. Also, HyperBac can also encrypt the backups, and since it works behind the scenes, it should also work with the native log shipping. You would just configure HyperBac to compress/encrypt the *.bak and *.trn files. SQL Server would not really see any differences.
December 16, 2009 at 9:34 am
Thanks to you both. I was having a brain dead moment myself and forgot the point that Steve mentioned that log shipping is simply copying the files between the two systems via Windows and I've already asked the Sys Admin responsible for this project to look into securing that process. I considered doing a manual file encrypt/copy/decrypt procedure, but I'd prefer not to do that if I can avoid it.
Thanks again!
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply