October 9, 2007 at 8:26 pm
Hi all
Please excuse me, as I am not a Database Engineer. At the moment we have intranet RS generated from our SQL 2000 server located inside network, my goal is now put RS for external users (Internet) and that is reason why I'd like to put the RS in DMZ area. So Idealy
SQL server --> Firewall -- RS (DMZ)---> Internet
if you all could tell me how to achieve this goal or the resources/ instruciton or anything that could help me. That would be very much appreciated.
Cheers
October 13, 2007 at 7:09 pm
There are two items you need to look at:
1. Reporting Services needs to properly authenticate web user. How you maintain this depends on how authentication was handled originally as an internal server. If you used Active Directory, you can maintain this through an open port in the firewall (may or may not be recommended - ask your Network team). If you used local accounts on the box, this should remain the same.
2. Reporting Services needs to connect to its own config database and to reporting datasources. For the config database, you'll need a firewall port opened. This could be 1433 (default) or whatever other port is used (for named instance, cluster, etc). Same with the datasources.
That should get you moving in the right direction. If you have other questions or want more detail, let us know.
Hope this helps,
Scott Thornburg
October 14, 2007 at 6:12 pm
Hi Scott
Thanks a lot for your helpful direction.
The authentication, I am not quite sure if the database Eng. used AD or not, but at the moment it seems everyone (internal) can open this report via http://dbs01/reports/pages/folder.aspx.
The second point is more interesting since I am focusing on how to get the report up and running in DMZ physically, like what Software/ services installed on the DMZ host (Web Server), how to communicate with the SQL server located inside the network securely, as you mentioned the port, thank you for that, how the RS works in DMZ, and we want the RS up-to-date so how the RS extract the database from SQL server etc..
So if you could tell me step-by-step to make it happen or point me the website or anything. That would be appreciated.
Cheers
October 15, 2007 at 11:58 am
This isn't quite step by step but should get you going in the right direction...
October 15, 2007 at 5:04 pm
Thanks for your link Luke. I am reading it, looks like very complicated to me, since I don't want to re-build the existing RS because I am not a database engineer, but network eng. see how I go.
Cheers
October 15, 2007 at 5:13 pm
basically what I'm saying is that you don't need to rebuild the entire thing. All you need to do is open the appropriate ports in your firewall to allow the second RS instance to talk to the first.
What I would suggest is that you setup the second server on the inside and make sure it all works, then lock it down, move it to your DMZ and see what doesn't work. I'd suggest being very granular with your firewall rules as you don't want to open any ports you don't need to.
-Luke.
October 15, 2007 at 7:32 pm
Luke L (10/15/2007)
basically what I'm saying is that you don't need to rebuild the entire thing. All you need to do is open the appropriate ports in your firewall to allow the second RS instance to talk to the first.What I would suggest is that you setup the second server on the inside and make sure it all works, then lock it down, move it to your DMZ and see what doesn't work. I'd suggest being very granular with your firewall rules as you don't want to open any ports you don't need to.
-Luke.
Thanks a lot for this suggestion. That sounds fantastic to me.
Cheers
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply