Wednesday, March 28, 2012

Log shipping through firewall

I attempted to set up log shipping where the standby server is in the DMZ
and the master server is on the internal network. Both are MSSQL 2000 server
s.
I used the Maintenance Plan Wizard in order to set it up.
My problem is that the standby server does not appear in the list of servers
available to choose from when choosing a destination server. I would expect
that list to contain all servers found via broadcast on the local network,
as well as servers registered in EM, but the latter does not seem to be the
case.
The standby server is registered in the master servers EM, and port 1433
is open through the firewall, so the server can be managed. However, the
server still does not appear in the list of "destination servers" to choose
from.
What are the requirements for a server to appear in that list? Would opening
the RPC ports make a difference? (that is what's next on the agenda - as
file transfer uses the RPC).Hi
Have your read
http://support.microsoft.com/defaul...kb;en-us;287932
For most locations where you require to name a server, even if the server
does not appear you can usually type in the name.
John
"Inge" <inge@.norway.net> wrote in message
news:36b19dde6ba838c7d29534d97760@.news.microsoft.com...
>I attempted to set up log shipping where the standby server is in the DMZ
>and the master server is on the internal network. Both are MSSQL 2000
>servers. I used the Maintenance Plan Wizard in order to set it up.
> My problem is that the standby server does not appear in the list of
> servers available to choose from when choosing a destination server. I
> would expect that list to contain all servers found via broadcast on the
> local network, as well as servers registered in EM, but the latter does
> not seem to be the case.
> The standby server is registered in the master servers EM, and port 1433
> is open through the firewall, so the server can be managed. However, the
> server still does not appear in the list of "destination servers" to
> choose from.
> What are the requirements for a server to appear in that list? Would
> opening the RPC ports make a difference? (that is what's next on the
> agenda - as file transfer uses the RPC).
>|||Thank you for your quick reply!
I can successfully communicate through the port 1433 as per the article.
with EM on one side of the firewall, I can administer the server on the othe
r
side, no problem.
Unfortunately, the dialog box with regards to Log Shipping does not allow
me to type in the name - I can only choose from the list. I would believe
that the servers in that list should include those registered in Enterprise
Manager on that server, but that does not appear to be the case.
[vbcol=seagreen]
> Hi
> Have your read
> http://support.microsoft.com/defaul...kb;en-us;287932
> For most locations where you require to name a server, even if the
> server does not appear you can usually type in the name.
> John
> "Inge" <inge@.norway.net> wrote in message
> news:36b19dde6ba838c7d29534d97760@.news.microsoft.com...
>|||You have two issues to deal with in this scenario.
1. To get the list of servers you will need to open up UDP port 1434.
2. MS Logshipping requires that the account running running your SQL Agent
service be able to map a drive (open a UNC) to the destination server. This
means that AD must be available on both sides and that SMB traffic must be
allowed through the firewall. Most firewall admins don't like to open up
SMB taffic because of the exposures it causes. Since this is to the DMZ
perhaps thats not an issue.
An alternative would be write your own custom version of Log shipping. I
wrote one that uses FTP to send the log files. On the destination, a
routine is called to pick the sent files, check for contigous LSN and apply
them to standby mode.
Also bear in mind that every timie a log is being applied the database goes
offline during the restore.
"Inge" <inge@.norway.net> wrote in message
news:36b19dde6ba838c7d29534d97760@.news.microsoft.com...
>I attempted to set up log shipping where the standby server is in the DMZ
>and the master server is on the internal network. Both are MSSQL 2000
>servers. I used the Maintenance Plan Wizard in order to set it up.
> My problem is that the standby server does not appear in the list of
> servers available to choose from when choosing a destination server. I
> would expect that list to contain all servers found via broadcast on the
> local network, as well as servers registered in EM, but the latter does
> not seem to be the case.
> The standby server is registered in the master servers EM, and port 1433
> is open through the firewall, so the server can be managed. However, the
> server still does not appear in the list of "destination servers" to
> choose from.
> What are the requirements for a server to appear in that list? Would
> opening the RPC ports make a difference? (that is what's next on the
> agenda - as file transfer uses the RPC).
>|||The issue was that the DMZ server was std. edition, not Enterprise edition..
.
As long as the server is registered in the Log Shipping source EM, I don't
think the UDP port is necessary. The file share is still an issue, but we
can deal with it.
Thanks for the input
[vbcol=seagreen]
> You have two issues to deal with in this scenario.
> 1. To get the list of servers you will need to open up UDP port 1434.
> 2. MS Logshipping requires that the account running running your SQL
> Agent
> service be able to map a drive (open a UNC) to the destination server.
> This
> means that AD must be available on both sides and that SMB traffic
> must be
> allowed through the firewall. Most firewall admins don't like to open
> up
> SMB taffic because of the exposures it causes. Since this is to the
> DMZ
> perhaps thats not an issue.
> An alternative would be write your own custom version of Log shipping.
> I wrote one that uses FTP to send the log files. On the destination,
> a routine is called to pick the sent files, check for contigous LSN
> and apply them to standby mode.
> Also bear in mind that every timie a log is being applied the database
> goes offline during the restore.
> "Inge" <inge@.norway.net> wrote in message
> news:36b19dde6ba838c7d29534d97760@.news.microsoft.com...
>

No comments:

Post a Comment