Alternative to IPSec? -- sql server clustering

RL Coppedge
2/27/2007 9:22:11 AM

The client I'm working with has a 2-node Failover cluster. Owing to their
environment, they have several machines accessing the many databases. For
cost reasons, they went with SQL standard.

As to securing the traffic. I understand that IPSec isn't supported for
failover cluster, owing to the recovery time (6 minutes, according to the
document).

But the recovery for SQL standard doesn't allow external connections until
all databases are recovered. If the server has a lot of databases (perhaps
50), there may already be a delay.

I guess the questions I'm asking are:

1>Outside of the time delay, is there any other reasons to avoid IPSec?

2>In an environment with a lot of potential clients, what are the
recommended alternatives?

Thanks for any insight!

Bob Coppedge
me (at) RLCoppedge (put a dot here) com

Anthony Thomas
2/28/2007 12:00:00 AM

IPSec can be processor intensive; so, offloading the encryption to an
outside engine would increase throughput. This could be through a support
NIC with these features, or a dedicated hardware appliance.

Short of that, you could use SSL encryption and/or HTTPS for communication.

Microsoft provides a good document on the subject through MSDN:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=055ff772-97fe-41b8-a58c-bf9c6593f25e

Good luck.

Sincerely,

Anthony Thomas

--

[quoted text, click to view]

sql server clustering : Alternative to IPSec?