Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Certificates


Certificates

Author
Message
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40981 Visits: 18867
Comments posted to this topic are about the item Certificates

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Irish Flyer
Irish Flyer
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1243 Visits: 240
What about the following re securing clusters?

From SQL Server 2005 Books Online (search under clusters [SQL Server]\encryption):

Encryption on a Cluster
If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1. property box of SQL Server 2005 Network Configuration to configure your failover cluster for encryption.
Ken Wymore
Ken Wymore
SSCarpal Tunnel
SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)

Group: General Forum Members
Points: 4645 Visits: 2357
Maybe I am confused....

On MSDN it states in the article, "How to: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)":

"To use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster."

This would make it appear as though certificates can be used to secure a cluster. Am I missing something here?
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40981 Visits: 18867
You are correct, clustering should be a valid answer. I shall correct this.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Mighty
Mighty
SSCarpal Tunnel
SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)

Group: General Forum Members
Points: 4233 Visits: 1663
Irish Flyer (1/7/2009)
What about the following re securing clusters?

From SQL Server 2005 Books Online (search under clusters [SQL Server]\encryption):

Encryption on a Cluster
If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the virtual server on all nodes in the failover cluster. For example, if you have a two-node cluster, with nodes named test1. property box of SQL Server 2005 Network Configuration to configure your failover cluster for encryption.

This only talks about the configuration that is specific to SQL clusters in order to use encryption. It doesn't secure a cluster specific feature.
Jeff Kunkel-812485
Jeff Kunkel-812485
Old Hand
Old Hand (327 reputation)Old Hand (327 reputation)Old Hand (327 reputation)Old Hand (327 reputation)Old Hand (327 reputation)Old Hand (327 reputation)Old Hand (327 reputation)Old Hand (327 reputation)

Group: General Forum Members
Points: 327 Visits: 112
The mention above to the 2005 BOL is also in the 2008 BOL. Though the reference in books online refer to protocol encryption, it is under the section for setting up a cluster and is referred as a way to use encryption with a cluster. Actually it is in a sub section for 'before' setting up the cluster.

The debatable topic might be whether or not using encryption is part of securing a cluster.

Cheers!
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40981 Visits: 18867
securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Mighty
Mighty
SSCarpal Tunnel
SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)

Group: General Forum Members
Points: 4233 Visits: 1663
Steve Jones - Editor (1/7/2009)
securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

For me there is a difference between "securing clustering" as in the question and "securing a cluster", but who cares. BigGrin
TomThomson
TomThomson
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11397 Visits: 12091
Mighty (1/7/2009)
Steve Jones - Editor (1/7/2009)
securing a cluster can have multiple meanings, and encryption would be a valid one. So I think the question was misleading and have corrected that.

For me there is a difference between "securing clustering" as in the question and "securing a cluster", but who cares. BigGrin

Well, if my database is nice and secure - protected from attack - and making a failover cluster for it would open it to attack, I would class eliminating that vulnerability before creating the cluster as securing clustering - of course it's also securing the cluster, so in at least some cases the two things can mean the same.

Tom

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search