Security and Replication Over the Internet

SQL Replication

previous page next page
Replication

Security and Replication Over the Internet

Different types of replication over the Internet have different security levels. Additionally, when transferring replication files using FTP sites, precautions must be taken to secure the site and still make it accessible to replication agents.

Virtual Private Network

Using a Virtual Private Network (VPN) is the most secure option for implementing replication over the Internet. VPNs include client software so that computers connect over the Internet (or in special cases, even an intranet) to software in a dedicated computer or a server. Optionally, encryption at both ends as well as user authentication methods keep data safe. The VPN connection over the Internet logically operates as a Wide Area Network (WAN) link between the sites.

A VPN connects the components of one network over another network. This is achieved by allowing the user to tunnel through the Internet or another public network (using a protocol such as Microsoft Point-to-Point Tunneling Protocol (PPTP) available with the Microsoft® Windows NT® version 4.0 or Microsoft Windows® 2000 operating system, or Layer Two Tunneling Protocol (L2TP) available with the Windows 2000 operating system). This process provides the same security and features previously available only in a private network.

For more information, see Virtual Private Networks in the Windows 2000 documentation or Publishing Data Over the Internet Using VPN.

Microsoft Proxy Server

Integrating Microsoft SQL Server™ 2000 replication with Microsoft Proxy Server allows for replication over the Internet with security configured on the Microsoft Windows NT version 4.0 or Microsoft Windows 2000 Server operating systems, Proxy Server, and SQL Server 2000.

For replicating data over the Internet when a firewall is present, configuring replication with Microsoft Proxy Server provides security so that so that unauthorized Internet users cannot gain access to internal network resources, and the Subscriber can connect to a port on the Proxy Server that limits Subscriber access only to the services where permission is been granted.

For more information, search for the "Configuring Proxy Server for SQL Server Replication" white paper at Microsoft Web site.

TCP/IP and File Transfer Protocol

For replication over the Internet where a firewall is not a concern, or for transferring snapshot files, you can use TCP/IP and File Transfer Protocol (FTP).

If you use FTP to download the snapshot files, define the FTP site without Write access. Although this is the default setting for many services, confirm that the setting has not been changed after installation.

Caution  When a Subscriber completes applies the initial snapshot files from an FTP site, the files transmitted using FTP are left on the Subscriber disk. The files are visible to at least all other logins that can access the computer. The files are accessible to any users logged into the same computer. To prevent this, set the cache retention settings low and/or purge Microsoft Internet Explorer cache after applying snapshots.

For more information, see Publishing Data Over the Internet Using TCP/IP and FTP.

previous page start next page