Post reply

Manual Logshipping - How to encrypt the transaction log file while tranmitting over the network?

  • July 15, 2005 at 11:16 am

    #86854

    The scanario is like that,

      Database "DB1" on the Production Server  ( Prod1 ) in Sydney has to maintain the standby database "DB2" on Standby Server (Prod2) in Brisbane.

      Proposed solution is to setup manual logshipping by copying of transaction

    log files from the Production server to Standby Server. 

       The reason why I amgoing for the manual log shipping over the LogShipping feature available in SQLSever 2000 to comply with our security auditing recuirments.

         Since the SQL Server log shipping the transaction log file is not encrypted. Hence while transferring of the transaction log file over the network would lead to security risk.

         The questions is.,

        Since the data are confidential. How to encrypt the transaction log file while tranmitting over the network?  

     

     

     

     

     

    Sivaprasad S - [ SIVA ][/url]http://sivasql.blogspot.com/[/url]

  • July 15, 2005 at 11:19 am

    #574963

    Backup using a product like SQLBackup (Red Gate) or Litespeed (Imceda). they support encrpytion

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • July 18, 2005 at 7:36 am

    #575178

    Hello,

    It would seem to me that if your goal is to "encrypt while transmitting over the network" then the solution could be either as Steve Jones suggests, or to use some type of encryption at the network layer.  I have used LiteSpeed with excellent results, but I don't know anything about the Red Gate product.

    If your security concern is limited to WAN traffic, then it would be appropriate to encrypt between the WAN routers.  If you are concerned about encryption all the way from Server A to Server B then you could create tunnel endpoints on the two servers using a variety of encryption providers available to the O/S

    jg

     

  • July 18, 2005 at 3:17 pm

    #575341

    If you are a glutton for punishment, you could implement IPSec between your SQL Servers (not just the AH - Authentication Header stuff ...).

    Or set up something like a secure tunnel between the SQL Servers participating in the logshipping with something like secure shell (SSH). If a product is what you seek to help you do this, check out VanDyke's Vshell. Or you could use Services for UNIX (I believe it still contains an SSH server), or my favorite Cygwin, or some other SSH implementation.

    I have found it to be much easier to setup and maintain secure tunnels with this method as opposed to using IPSec. However, IPSec is not all that bad, once you understand it.

    Oh and if you seek encryption on the SQL Server itself, you could always store your t-log backups to an encrypted filesystem on your Windows servers .....

    Hope that this helps.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply