Looking for a Security Solution

3

February 3, 2010 by Mike Hillwig

We have some pretty strict security policies in my company. That often means coming up with creative solutions to problems. Hopefully someone in the DBA community can help me.

We have a company that does some outside work for us. We have a database server at their location. We need to allow the database server to talk to our DB server in a network DMZ.  We’d use a linked server from the remote site to talk to our DMZ server. I’m okay setting up the username/password and the firewall ports. The problem is that we need to have the traffic between the two servers encrypted.

To further complicate this, we don’t want all of the traffic on these servers encrypted, just the traffic that goes across the internet.

I’m completely befuddled on how to do this properly. There is a very good chance that I’m making this harder than it needs to be, and I’d be thrilled if someone gave me a simple solution.

3 thoughts on “Looking for a Security Solution

  1. Tommy Bollhofer says:

    Have you considered in IPSec policy between the two machines to encapsulate the traffic?

    http://windowsitpro.com/article/articleid/96508/use-ipsec-to-encrypt-data.html

  2. Eric Singer says:

    I’m not a DBA, so take this with a grain of salt. What about utilizing either the SQL service broker or take SQL technology out of the picture and use something like a VPN?

    http://msdn.microsoft.com/en-us/library/ms345108%28SQL.90%29.aspx

  3. rav3n says:

    This might be a completely silly suggestion, but have you considered just opening up a VPN tunnel between the two sites? Even if your company absorbed the cost of the endpoint devices, you are looking at a few hundred dollars for a simple setup.

Leave a Reply

Your email address will not be published. Required fields are marked *