I'm adding new nodes to an existing SQL Cluster Win2k SP1 SQL 2000 Ent.
SP3a.
Was wondering if I am going to have a problem since the IP addresses of the
new nodes are on a different VLAN.
Old node, Cluster IP & Virtual SQL IP are on 10.28.1 The new nodes are on
10.28.17. These IP addresses are on two different VLANs. Same domain.
I've had so many problems with getting the new nodes to join the cluster and
failover, I wanted to check this out in advance.
Pat Hall wrote:
> I'm adding new nodes to an existing SQL Cluster Win2k SP1 SQL 2000 Ent.
> SP3a.
> Was wondering if I am going to have a problem since the IP addresses of the
> new nodes are on a different VLAN.
> Old node, Cluster IP & Virtual SQL IP are on 10.28.1 The new nodes are on
> 10.28.17. These IP addresses are on two different VLANs. Same domain.
> I've had so many problems with getting the new nodes to join the cluster and
> failover, I wanted to check this out in advance.
There is a long technical explanation for why this can't work without
some serious reconfiguration of your system (router, switch & node
hardware), but the short answer is that the Cluster IP and the SQL IP
are static addresses. They cannot exist on a foreign network any more
than if you had separate physical networks instead of using VLAN tagging.
Save yourself (and your network admins) a boatload of trouble and make
sure that the nodes, cluster & SQL addresses are all on the same IP network.
Showing posts with label sp1. Show all posts
Showing posts with label sp1. Show all posts
Friday, March 9, 2012
Wednesday, March 7, 2012
Question on encryption/ keys/ certificates/ etc.
SQL2K5
SP1
I was able to sucessfully create a Master Key, create a Certificate, create
a Symmetric Key and assign it to the Certificate, insert encrypted data, and
then decrypt/ read that data. Pretty cool stuff. But Im reading up on the
topic and Im under the impression that I should also have needed too:
Set Force Encryption to Yes.
Configure the DB engine to use a Cert.
Reboot the box.
But I didn't have to do any of that. I just went and verified the settings
and thats not how SQL is configured. Im obviosuly missing something pretty
big here, can someone please assist?
TIA, ChrisRThat's 2 different things, what you've been doing is encrypting data stored
in the database. The other stuff you are talking about is encrypting traffic
from clients to SQL Server and vice versa. If you don't have that
requirement then don't worry about it. In SQL 2005, standard SQL logins are
encrypted anyway by a self generated certificate however general traffic
to/from the server (batches/results etc) are not. They are 2 completely
different and separate things.
--
HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
"ChrisR" <NotAChance@.ms.com> wrote in message
news:esEA%23%23AtGHA.1876@.TK2MSFTNGP06.phx.gbl...
> SQL2K5
> SP1
> I was able to sucessfully create a Master Key, create a Certificate,
> create
> a Symmetric Key and assign it to the Certificate, insert encrypted data,
> and
> then decrypt/ read that data. Pretty cool stuff. But Im reading up on the
> topic and Im under the impression that I should also have needed too:
> Set Force Encryption to Yes.
> Configure the DB engine to use a Cert.
> Reboot the box.
> But I didn't have to do any of that. I just went and verified the settings
> and thats not how SQL is configured. Im obviosuly missing something pretty
> big here, can someone please assist?
> TIA, ChrisR
>|||As mentioned, I was missing something pretty big. ;-)
Thanks Jasper.
"Jasper Smith" <jasper_smith9@.hotmail.com> wrote in message
news:eaL$0QCtGHA.4784@.TK2MSFTNGP04.phx.gbl...
> That's 2 different things, what you've been doing is encrypting data
stored
> in the database. The other stuff you are talking about is encrypting
traffic
> from clients to SQL Server and vice versa. If you don't have that
> requirement then don't worry about it. In SQL 2005, standard SQL logins
are
> encrypted anyway by a self generated certificate however general traffic
> to/from the server (batches/results etc) are not. They are 2 completely
> different and separate things.
> --
> HTH,
> Jasper Smith (SQL Server MVP)
> http://www.sqldbatips.com
>
> "ChrisR" <NotAChance@.ms.com> wrote in message
> news:esEA%23%23AtGHA.1876@.TK2MSFTNGP06.phx.gbl...
> > SQL2K5
> > SP1
> >
> > I was able to sucessfully create a Master Key, create a Certificate,
> > create
> > a Symmetric Key and assign it to the Certificate, insert encrypted data,
> > and
> > then decrypt/ read that data. Pretty cool stuff. But Im reading up on
the
> > topic and Im under the impression that I should also have needed too:
> >
> > Set Force Encryption to Yes.
> > Configure the DB engine to use a Cert.
> > Reboot the box.
> >
> > But I didn't have to do any of that. I just went and verified the
settings
> > and thats not how SQL is configured. Im obviosuly missing something
pretty
> > big here, can someone please assist?
> >
> > TIA, ChrisR
> >
> >
>
SP1
I was able to sucessfully create a Master Key, create a Certificate, create
a Symmetric Key and assign it to the Certificate, insert encrypted data, and
then decrypt/ read that data. Pretty cool stuff. But Im reading up on the
topic and Im under the impression that I should also have needed too:
Set Force Encryption to Yes.
Configure the DB engine to use a Cert.
Reboot the box.
But I didn't have to do any of that. I just went and verified the settings
and thats not how SQL is configured. Im obviosuly missing something pretty
big here, can someone please assist?
TIA, ChrisRThat's 2 different things, what you've been doing is encrypting data stored
in the database. The other stuff you are talking about is encrypting traffic
from clients to SQL Server and vice versa. If you don't have that
requirement then don't worry about it. In SQL 2005, standard SQL logins are
encrypted anyway by a self generated certificate however general traffic
to/from the server (batches/results etc) are not. They are 2 completely
different and separate things.
--
HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
"ChrisR" <NotAChance@.ms.com> wrote in message
news:esEA%23%23AtGHA.1876@.TK2MSFTNGP06.phx.gbl...
> SQL2K5
> SP1
> I was able to sucessfully create a Master Key, create a Certificate,
> create
> a Symmetric Key and assign it to the Certificate, insert encrypted data,
> and
> then decrypt/ read that data. Pretty cool stuff. But Im reading up on the
> topic and Im under the impression that I should also have needed too:
> Set Force Encryption to Yes.
> Configure the DB engine to use a Cert.
> Reboot the box.
> But I didn't have to do any of that. I just went and verified the settings
> and thats not how SQL is configured. Im obviosuly missing something pretty
> big here, can someone please assist?
> TIA, ChrisR
>|||As mentioned, I was missing something pretty big. ;-)
Thanks Jasper.
"Jasper Smith" <jasper_smith9@.hotmail.com> wrote in message
news:eaL$0QCtGHA.4784@.TK2MSFTNGP04.phx.gbl...
> That's 2 different things, what you've been doing is encrypting data
stored
> in the database. The other stuff you are talking about is encrypting
traffic
> from clients to SQL Server and vice versa. If you don't have that
> requirement then don't worry about it. In SQL 2005, standard SQL logins
are
> encrypted anyway by a self generated certificate however general traffic
> to/from the server (batches/results etc) are not. They are 2 completely
> different and separate things.
> --
> HTH,
> Jasper Smith (SQL Server MVP)
> http://www.sqldbatips.com
>
> "ChrisR" <NotAChance@.ms.com> wrote in message
> news:esEA%23%23AtGHA.1876@.TK2MSFTNGP06.phx.gbl...
> > SQL2K5
> > SP1
> >
> > I was able to sucessfully create a Master Key, create a Certificate,
> > create
> > a Symmetric Key and assign it to the Certificate, insert encrypted data,
> > and
> > then decrypt/ read that data. Pretty cool stuff. But Im reading up on
the
> > topic and Im under the impression that I should also have needed too:
> >
> > Set Force Encryption to Yes.
> > Configure the DB engine to use a Cert.
> > Reboot the box.
> >
> > But I didn't have to do any of that. I just went and verified the
settings
> > and thats not how SQL is configured. Im obviosuly missing something
pretty
> > big here, can someone please assist?
> >
> > TIA, ChrisR
> >
> >
>
Subscribe to:
Posts (Atom)