Secure transfer of data from SQL server to SQL server over the Internet

Question

I need to transfer data daily from SQL Server (2008) to SQL Server (2005). One of the servers is located at our web host so the data will be transferred over the Internet. On the same network I would use SSIS to transfer the data, but over the Internet this is not a secure option. Is there a secure way of achieving this?

Answer 1

You can use SSL with SQL Server ( 2000/2005 Instructions / 2008 Instructions ) and then force protocol encryption on the connection between both machines. You don't have to use a purchased SSL certificate either, you can use Windows Server Certificate Services to generate one - however if you do so then the CRL must be on a machine that both servers can connect to. An easy way to do this is install Certificate Services on a stand alone machine, perhaps just a VM and the configure it to embed a public DNS name for it's CRL . This doesn't have to be a machine running Certificate Services, just something you own and can upload to. Then you can generate the certificates and publish the CRL and tada, all done.

You will need to ensure the service account SQL is running as has access to the private key of the certificate it is using.

Answer 2

Generally it isn't recommended to have your SQL Servers exposed to the Internet, although that may be out of your control in this case. In your position I would investigate developing some separate Web Services that would perform the transfer of the data. These can then be secured using a variety of methods, such as SSL and WS-Security and other custom user permissions. If that isn't possible then blowdart's answer seems like the way to go.

Answer 3

You can use Service Broker :

• Built into SLQ Server engine itself, no need for external process to drive communication.
• Compatible protocol SQL 2005 and SQL 2008 communicate over Service Broker out-of-the box.
• No need to expose either server to the internet. Through Message Forwarding you can expose just a SQL Express, with no data on it, to the internet to act as a gateway that lets messages into the back end target.
• Communication is encrypted .
• Speed , the sample in the link shows how you can exchange over 5000 1k payload messages per second between commodity machines.

Unlike SSIS or replication Service Broker is a general communication framework so it won't provide support to extract the changes and to apply the changes, with conflict resolution and the like. You would have to code that part yourself.