Post reply

Replication across WAN using ssh tunnel

  • December 11, 2007 at 5:09 am

    #179864

    Hi ,

    Just want to ask about replication on 2 SQL 2005 across WAN separated by firewall and openssh engine for windows is installed on one of the SQL machine. My questions are :

    1. Is it possible to do replication thru ssh tunnel within those two SQL 2005 machines ?

    2. If it is possible, which port(s) required to be forwarded thru the ssh tunnel ?

    3. If it is not possible do the replication thru ssh tunnel, what explicit firewall port(s) to be configured just to make the replication work and which direction should be allowed whether inbound or outbound or both ?

    4. If explicit firewall opening is opted, what is the best security method to apply , I read some articles about using certificate authentication to encrypt the traffic, is there step by step information to apply self sign certificate for both machines ? I'm also newbie on certificate / PKI. One of the article mentions about using makecert tools from MS but it doesn't clearly mention which certificate to generate and put in which store. Let's say server A FQDN named A.local, server B FQDN named B.local, whether should I generate two certificates from each machine and put them for each machine local computer store and trusted root CA store or should I just generate one of them ?

    5. If certificates are used , what are other settings on both SQL server to set to utilise the certificate.

    Thanks a lot for the explanation.

  • December 16, 2007 at 5:50 am

    #760581

    Hi,

    My suggestion:

    1. use push replication to make your life easier if you can.

    2. build an ssh tunnel from the distributor to the subscriber through which the distributor can reach the subscriber - that is, TCP 1433 by default. You can map it to any usused port on localhost, let's say TCP 14330.

    3. set up an alias to the localhost,14330 - let's say ServerB.

    4. on ServerA set a new push subscription to ServerB.

    5. enjoy your replication.

    For push replication you need TCP 1433 from the distributor to the subscriber.

    For pull replication you need TCP 1433 and (TCP and UDP 135, 137-139, 445 - depending on your OS settings for snapshot initialization) from the subscriber to the distributor.

    Let me know if you have more questions

    -- Erik http://blog.rollback.hu

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply