September 19, 2018 at 2:50 am
Hi, just after some input on some issues I have on a customer site.
We struggle with access from our laptops via SQL management Studio and end up logging on to the server direct which I want to stop as its not best practice. This is due to various firewall rules. We are meant to use “jump boxes” which is an extra step but not consistent across the estate.
Then we get logged off automatically after 15 minutes of logging on if no activity, regardless of what we are in the middle of, patches, running scripts or whatever and have to start from scratch which is at best frustrating and potentially could cause damage to a database. The nature of the job is to investigate an issue, then go and google it, then go back and sort it out. We can be logged on to a group of severs with stuff pasted in and running, get distracted, go for lunch and then back to square one and then need time to get back to where we were, so this is quite inefficient.
Apparently these rules are down to the security department but surely with modern firewalls the traffic from SSMS on a laptop can be identified and secured ?
I prefer to not log on via RDP on as that produces a resource demand on the server and introduces the potential for errors.
So, any pointers for my upcoming discussion with the security guys when I ask to allow SSMS traffic through direct.
We are also looking at monitoring tools and none will work unless they have an open port.
We used named instances and non standard fixed ports.
September 19, 2018 at 5:31 am
I gather from your post that you would prefer to just connect with SSMS directly to your SQL Server(s). No jumping to another box via RDP as a 'middle ground'. With that assumption, if it was me this is what I would bring to the security team:
1. IP Address of MSSQL Server
2. List of Ports you're requesting to be open (instance name shouldn't matter).
3. List of Subnets you want to connect from (including if you want to work over a VPN).
4. Reasons why the RDP "Jump Boxes" are not sufficient due to the 15 minute log out.
** More experienced gurus here correct me if I'm off base with any of this. 🙂
I have our SQL Server set up so only about 5 subnets can connect to it.
Good luck with your argument!
-Mark
MSSQL 2019 Standard, Azure Hosted. Techie/Sysadmin by trade; Three years as a "DBA" now.
September 19, 2018 at 5:45 am
usererror - Wednesday, September 19, 2018 5:31 AMI gather from your post that you would prefer to just connect with SSMS directly to your SQL Server(s). No jumping to another box via RDP as a 'middle ground'. With that assumption, if it was me this is what I would bring to the security team:
1. IP Address of MSSQL Server
2. List of Ports you're requesting to be open (instance name shouldn't matter).
3. List of Subnets you want to connect from (including if you want to work over a VPN).
4. Reasons why the RDP "Jump Boxes" are not sufficient due to the 15 minute log out.** More experienced gurus here correct me if I'm off base with any of this. 🙂
I have our SQL Server set up so only about 5 subnets can connect to it.
Good luck with your argument!
Cheers Mark, thats a good summary.
Will see what happens.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply