Clustered instances and security

Question

Post reply

Clustered instances and security

sqlmunkee

SSCommitted

Points: 1949
More actions
January 5, 2015 at 5:40 am

#313336

Hi,

Is it possible for a clustered instance of SQL2012 to have 2 network names ?

Reason: I need to segregate admin access to a clustered instance so that the admins and SSMS connect via a different IP address than the application. I know I can block SSMS access via application-level firewalls, but ideally the application would connect to CLUSTER1\INSTANCE01 on , say, 10.192.5.5, and the admins would connect to CLUSTER1ADMIN\INSTANCE01 on 172.168.2.2, and they'd be the same instance, just using different names and IPs

There is a wish NOT to use a jump-station for this.

Any pointers greatly appreciated 🙂 Apols if I'm being thick.

[font="Courier New"]sqlmunkee[/font]
[font="Courier New"]Bringing joy and happiness via SQL Server since 1998[/font]

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply

Grant Fritchey SSC Guru Points: 397721 More actions · Answer 1

To my knowledge, no, you can't do this. The instance is exposed as a single IP, especially across the cluster. I've never seen anyone set up different IP addresses for admins. I have seen different AD groups set up and different AD logins created so that the standard login to the network where you get your email, etc., does not have access to the production machines. To get that access, you need to either log in under a different user or use Run As to get that other user.

----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software