Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Certificates Expand / Collapse
Author
Message
Posted Wednesday, January 7, 2009 12:05 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:00 PM
Points: 31,181, Visits: 15,627
Comments posted to this topic are about the item Certificates






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #631214
Posted Wednesday, January 7, 2009 7:42 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Friday, October 18, 2013 8:39 AM
Points: 1,219, Visits: 226
What about the following re securing clusters?

From SQL Server 2005 Books Online (search under clusters [SQL Server]\encryption):

Encryption on a Cluster
If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1. property box of SQL Server 2005 Network Configuration to configure your failover cluster for encryption.
Post #631463
Posted Wednesday, January 7, 2009 8:07 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 4:06 PM
Points: 3,360, Visits: 2,002
Maybe I am confused....

On MSDN it states in the article, "How to: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)":

"To use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster."

This would make it appear as though certificates can be used to secure a cluster. Am I missing something here?
Post #631487
Posted Wednesday, January 7, 2009 8:09 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:00 PM
Points: 31,181, Visits: 15,627
You are correct, clustering should be a valid answer. I shall correct this.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #631490
Posted Wednesday, January 7, 2009 8:10 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, October 16, 2014 4:22 AM
Points: 3,297, Visits: 1,313
Irish Flyer (1/7/2009)
What about the following re securing clusters?

From SQL Server 2005 Books Online (search under clusters [SQL Server]\encryption):

Encryption on a Cluster
If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1. property box of SQL Server 2005 Network Configuration to configure your failover cluster for encryption.

This only talks about the configuration that is specific to SQL clusters in order to use encryption. It doesn't secure a cluster specific feature.
Post #631492
Posted Wednesday, January 7, 2009 8:12 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, January 17, 2014 1:33 PM
Points: 327, Visits: 101
The mention above to the 2005 BOL is also in the 2008 BOL. Though the reference in books online refer to protocol encryption, it is under the section for setting up a cluster and is referred as a way to use encryption with a cluster. Actually it is in a sub section for 'before' setting up the cluster.

The debatable topic might be whether or not using encryption is part of securing a cluster.

Cheers!
Post #631496
Posted Wednesday, January 7, 2009 9:02 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:00 PM
Points: 31,181, Visits: 15,627
securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #631563
Posted Wednesday, January 7, 2009 9:20 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, October 16, 2014 4:22 AM
Points: 3,297, Visits: 1,313
Steve Jones - Editor (1/7/2009)
securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

For me there is a difference between "securing clustering" as in the question and "securing a cluster", but who cares. :D
Post #631592
Posted Tuesday, December 7, 2010 9:05 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 9:45 AM
Points: 7,804, Visits: 9,556
Mighty (1/7/2009)
Steve Jones - Editor (1/7/2009)
securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

For me there is a difference between "securing clustering" as in the question and "securing a cluster", but who cares. :D

Well, if my database is nice and secure - protected from attack - and making a failover cluster for it would open it to attack, I would class eliminating that vulnerability before creating the cluster as securing clustering - of course it's also securing the cluster, so in at least some cases the two things can mean the same.


Tom
Post #1031287
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse