• I know this is an older thread but it is the BEST article I have found that somewhat covers what I'm attempting to do. Now I freely admit I am NOT a SQL expert so I am coming to those that are for some help. And if there is a book or something out there that would help me I am more than willing to purchase it.

    Scenario: Platform with multiple web/app servers. Two SQL Servers that host multiple SQL instances (one per web/app server). Direct RDP access to the SQL Servers is restricted even within the network (so Admins have access but regular Support folks will use SSMS from the web/app servers if they need to get in to the application's databases).

    What I want to do is restrict each instance so it is accessible only from its associated web/app server and from the localhost (ie. someone from one web/app server cannot use SSMS to connect to a SQL instance that doesn't belong to that web/app server). They will need to be able to use 3 accounts from each web/app server to reach the SQL Server instance - SA and two specific user accounts (although I could eliminate SA use - it would be really unnecessary in this scenario as they could use the two SQL user accounts).

    Restricting at the vLAN firewall, between the web/app and SQL vLANs, is not an option (vCloud makes that too difficult) so it will need to be at the SQL level. I would like to use the whitelist option with an IP address table because it sounds like that will be the best option (not necessarily the easiest - but security is the goal not ease of use).

    I'm hoping to get a specific example of how to do this as time is of the essence (the platform is almost ready for go-live and deployment and I want to have this in place before then if possible). Any assistance is VERY much appreciated!!

    Chris