dbTalk Databases Forums  

SQL Clustering and Named Pipes

Go Back dbTalk Databases Forums Databases microsoft.public.sqlserver.clustering SQL Clustering and Named Pipes

microsoft.public.sqlserver.clustering microsoft.public.sqlserver.clustering


Discuss SQL Clustering and Named Pipes in the microsoft.public.sqlserver.clustering forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
Alex
 
Posts: n/a

Default SQL Clustering and Named Pipes - 01-05-2004 , 01:18 PM





Hi,

I need to disable named pipes in a SQL Cluster environment (Windows 2000 and
SQL 2000 latest SP). Here is the scenario:

Our security policy requires me to secure my production SQL Server (Virtual
SQL Cluster name=SQL01) by disabling any access to SQL Server except access
from application server. I implemented this security in UAT (Non clustered )
by creating an IPSEC filter and disabling Named Pipes on SQL Server. In one
IPSEC filter, All IP Traffic to port 1433 is blocked. In another filter,
traffic from application server IP Address is permitted. This configuration
worked fine in UAT.

When I promoted the same IPSEC policy to production (both nodes
active-passive), I noticed that I can't disable Named Pipes in cluster
environment. Is there any work around this?

Can I change default pipe for Named Pipe in order to block SQL connections
coming from default pipe?
Do you have any better suggestion to secure SQL Server?

Thanks




Reply With Quote
  #2  
Old   
Linchi Shea
 
Posts: n/a

Default SQL Clustering and Named Pipes - 01-05-2004 , 03:26 PM





First of all, I'd suggest you not to remove named pipes on
a clustered SQL instance.

Per KB KB article 831127, you can't disable the named pipe
support if you have applied SP3. Microsoft states that
there are problems with disabling named pipes on a
clustered SQL instance, though it's not explicit about
exactly what problems you may run into.

I have found out that, contrary to what the article says,
you can still disable the named pipe support (i.e.
preventing the clustered SQL instance from listening on
the named pipes) if you use the SQL Server Enterprise
Manager of an version older than 8.00.760.

However, again, I would STRONGLY recommend that you follow
the Microsoft recommendation in KB 831127 and avoid
disabling named pipes.

Linchi

Quote:
-----Original Message-----
Hi,

I need to disable named pipes in a SQL Cluster
environment (Windows 2000 and
SQL 2000 latest SP). Here is the scenario:

Our security policy requires me to secure my production
SQL Server (Virtual
SQL Cluster name=SQL01) by disabling any access to SQL
Server except access
from application server. I implemented this security in
UAT (Non clustered )
by creating an IPSEC filter and disabling Named Pipes on
SQL Server. In one
IPSEC filter, All IP Traffic to port 1433 is blocked. In
another filter,
traffic from application server IP Address is permitted.
This configuration
worked fine in UAT.

When I promoted the same IPSEC policy to production (both
nodes
active-passive), I noticed that I can't disable Named
Pipes in cluster
environment. Is there any work around this?

Can I change default pipe for Named Pipe in order to
block SQL connections
coming from default pipe?
Do you have any better suggestion to secure SQL Server?

Thanks



.

Reply With Quote
  #3  
Old   
Linchi Shea
 
Posts: n/a

Default Re: SQL Clustering and Named Pipes - 01-06-2004 , 04:13 PM


Just want to add that if you do use a pre-SP3 version of
Enterprise Manager to disable and re-enable named pipes on
a clustered SQL instance, the pipe name may get mangled
and you would have to edit the registry to correct the
pipe name. I ran into this problem while playing with
disabling/re-enabling named pipes on a test cluster. And
there might be other issues as the KB article 831127 has
warned you. So don't disable named pipes.

Linchi

Quote:
-----Original Message-----
First of all, I'd suggest you not to remove named pipes
on
a clustered SQL instance.

Per KB KB article 831127, you can't disable the named
pipe
support if you have applied SP3. Microsoft states that
there are problems with disabling named pipes on a
clustered SQL instance, though it's not explicit about
exactly what problems you may run into.

I have found out that, contrary to what the article says,
you can still disable the named pipe support (i.e.
preventing the clustered SQL instance from listening on
the named pipes) if you use the SQL Server Enterprise
Manager of an version older than 8.00.760.

However, again, I would STRONGLY recommend that you
follow
the Microsoft recommendation in KB 831127 and avoid
disabling named pipes.

Linchi

-----Original Message-----
Hi,

I need to disable named pipes in a SQL Cluster
environment (Windows 2000 and
SQL 2000 latest SP). Here is the scenario:

Our security policy requires me to secure my production
SQL Server (Virtual
SQL Cluster name=SQL01) by disabling any access to SQL
Server except access
from application server. I implemented this security in
UAT (Non clustered )
by creating an IPSEC filter and disabling Named Pipes on
SQL Server. In one
IPSEC filter, All IP Traffic to port 1433 is blocked. In
another filter,
traffic from application server IP Address is permitted.
This configuration
worked fine in UAT.

When I promoted the same IPSEC policy to production
(both
nodes
active-passive), I noticed that I can't disable Named
Pipes in cluster
environment. Is there any work around this?

Can I change default pipe for Named Pipe in order to
block SQL connections
coming from default pipe?
Do you have any better suggestion to secure SQL Server?

Thanks



.

.

Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top