We recently moved a SQL box into a DMZ but we still want to allow a Database
dump job to be allowed. What protocol and port needs to be opened for the
following job to run:
BACKUP DATABASE [Database1] TO DISK = N'\\server1\DBBACKUP\Database1' WITH
INIT , NOUNLOAD , NAME = N'Database1', NOSKIP , STATS = 10, NOFORMAT
Network file shares are accessed via the SMB (Server Message Block)
protocol. I have no clue what ports are used.
Geoff N. Hiten
Microsoft SQL Server MVP
Senior Database Administrator
Careerbuilder.com
I support the Professional Association for SQL Server
www.sqlpass.org
"Paul Cyr" <PaulCyr@.discussions.microsoft.com> wrote in message
news:AEF08916-1733-458F-AE03-C9C6BC771624@.microsoft.com...
> We recently moved a SQL box into a DMZ but we still want to allow a
Database
> dump job to be allowed. What protocol and port needs to be opened for the
> following job to run:
> BACKUP DATABASE [Database1] TO DISK = N'\\server1\DBBACKUP\Database1'
WITH
> INIT , NOUNLOAD , NAME = N'Database1', NOSKIP , STATS = 10, NOFORMAT
|||Hi
I would not let SQL Server "push" though the firewall. Dump the DB locally
to the SQL Server's drive and then have a task from behind the firewall come
and pick the file up.
If you push, and your box gets compromised, the hacker has access through to
your internal network as those ports are open to a supposedly "trusted"
server.
Regards
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Geoff N. Hiten" <SRDBA@.Careerbuilder.com> wrote in message
news:Odz5U609EHA.2552@.TK2MSFTNGP09.phx.gbl...[vbcol=seagreen]
> Network file shares are accessed via the SMB (Server Message Block)
> protocol. I have no clue what ports are used.
> --
> Geoff N. Hiten
> Microsoft SQL Server MVP
> Senior Database Administrator
> Careerbuilder.com
> I support the Professional Association for SQL Server
> www.sqlpass.org
> "Paul Cyr" <PaulCyr@.discussions.microsoft.com> wrote in message
> news:AEF08916-1733-458F-AE03-C9C6BC771624@.microsoft.com...
> Database
the[vbcol=seagreen]
> WITH
NOFORMAT
>
|||That is a great idea. Why didn't I think of that?
I'll try to setup a process that grabs the database on a regular basis after
it has dumped locally but I need to generate e-mail alerts if the dump fails
for any reason so I need to open it up to a certain extent anyway. Actually,
opening to SMTP traffic only seems much better then what I was trying to
accomplish previously.
Thanks again for the suggestion!
"Mike Epprecht (SQL MVP)" wrote:
> Hi
> I would not let SQL Server "push" though the firewall. Dump the DB locally
> to the SQL Server's drive and then have a task from behind the firewall come
> and pick the file up.
> If you push, and your box gets compromised, the hacker has access through to
> your internal network as those ports are open to a supposedly "trusted"
> server.
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "Geoff N. Hiten" <SRDBA@.Careerbuilder.com> wrote in message
> news:Odz5U609EHA.2552@.TK2MSFTNGP09.phx.gbl...
> the
> NOFORMAT
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment