Remote Access to SQL Server

  • I have a question about securely accessing a SQL Server installation at work from my home PC.

    We have a SQL Server set up for a small group (4 users), using Windows Authentication only.

    I would like to be able to connect to that server from my home office. I can log into my desktop via a VPN and go in that way, but I think it would be a lot more efficient to connect to the Databases through EM without incurring the VPN overhead. I have the Developer Edition installed here for that purpose, but so far have not tried it out because I'm not sure how to do it safely.

    Before I start changing things like firewall settings on our network, I want to be sure I am doing this securely.

    Is there a good reference, or set of references, that I can read to get this sorted out? I've skimmed through Books Online without finding anything that seems particularly useful yet. I'm not even sure what questions I need to ask?

    I realize this is a fairly wide topic, so I'm not looking for detailed step-by-step directions in this thread, but if there is someplace I can go to get started with the background info, I would very much appreciate it.

     

  • Google is always a good startingplace.

    Since you have windows authentication on the server, you need to somehow log into the domain (or your 'other' account need to have a login on the server)

    I've used VPN as a means to tunnel into the network, and then use EM or QA or whatever to connect to servers on the internal network. Worked just fine, and I can't really recall there was any significant overhead in that process.

    AFAIK, VPN is a method that is considered to be 'secure', most likely there are other alternatives too.

    I'm not any guru on the subject, though - just a plain user.

    So, bottom line becomes: if you have VPN available, why not use it?

    /Kenneth

  • Thank you for your response.

    Yes, what I need is a way to "somehow long into the domain" . That's exactly what I am looking for--references on how to manage that process. Anyplace in particular that you are aware of where I can find specific guidance on doing that? Google is a very large place. (It did bring me here, though, so that's a good start.)

    The whole point of using a VPN is that one ends up working directly on the desktop on the remote end.  That is different from being able to launch a local app on a PC in my home office (say, a MS  Access FE, or a VB app) which is linked to the remote server via TCP/IP. I may be wrong here, but my experience to this point says I'm going to get better performance if I'm only linking to the server. At least, I'd like to be able to test that hypothesis.

    So, if you have seen references on accomplishing what I am looking to do, I'd appreciate a pointer. Thanks.

     

    George

     

     

  • Well, not really. (again, though, don't take my sole word for it, but..)

    As I understand VPN.....

    The goal is to create a 'secure' means of communication over an 'unsecure/unknown' space (read: internet)

    What VPN gives you, is a tunnel that shields the traffic inside the tunnel from those outside, and also encrypts the traffic inside, so passwords etc passed along should be 'safer'.

    You connect from home, over a VPN to some place at your destination (usually 'the work'), the answering VPN server validates you against the internal network, and when done, you're 'in', so to speak.

    There's nothing that says you *have* to connect to your own 'in-office desktop' - what a VPN connection gives you, is simply a logon to the 'internal network' from 'somewhere outside' using 'the insecure internet void' for the actual connection. You could still connect from home without a VPN, though then it would have to be open for anyone, and that's not something anyone wants to do - open up the internal networks - hence VPN (or similar solutions) to provide the possibility in a secure way as possible.

    I'm not up to date, however, on which requirements that's generally needed for a VPN solution to work, but I do believe that it could be the thing you're looking for after all...

    ..at least, that's how I understand it

    =;o)

    /Kenneth

  • Thank you for your response.

     

     

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply