February 9, 2016 at 1:21 pm
Hello Guys,
Is there any issue if SQL db and app servers are on separate domains? Any best practices to follow.
Many thanks!
February 9, 2016 at 1:26 pm
Never tried it....but one thing comes to mind is you shouldn't be able to have trusted connections. Unless the domains "talk" to each other and authenticate each other, one can't check logins against the other domain.
For example: If all are on domain ABC, then when ABC\SQLBill logs into any server, as long as that login has permission to access the server they can. The server will authenticate it against the domain controller and then the servers within the domain 'trust' it.
Going from ABC domain to XYZ domain....the trust doesn't exist, so you would have to always pass the login and password for every connection.
(At least that is my non-server admin understanding).
-SQLBill
February 9, 2016 at 1:40 pm
Thanks. If we are using just SQL authentication (APP-DB connection), will that elevate these sort of connection issues(DC authentication)?
February 9, 2016 at 1:45 pm
If you use SQL authentication, then the AD and domains don't matter. The name/password combo works for logging in.
February 9, 2016 at 1:52 pm
Thanks Steve!
February 10, 2016 at 4:39 am
Just remember that you'll have to poke holes through the firewall on both sides to allow communication through whatever port you have SQL Server running on (1433 by default).
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
February 10, 2016 at 5:18 am
Thanks Grant!
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply