Shulou(Shulou.com)05/31 Report--

This article shows you how to deploy databases and firewalls. The content is concise and easy to understand. It will definitely make your eyes shine. I hope you can gain something through the detailed introduction of this article.

Security and performance are the two main concerns of database administrators. It is a good choice to protect database security through firewall. SQL Server database is a relational database management system that embodies database performance. The following small series to explain the next database and firewall deployment?

How to deploy databases and firewalls

Recommendation 1: Deploy database first, then firewall

There are many reasons why clients cannot connect to database servers, and firewall restrictions are undoubtedly one of them. To reduce the complexity of troubleshooting, I recommend that database administrators deploy with firewalls turned off. That is, deploy the database first, then deploy the firewall. In other words, if the firewall exists, if the client is found to be unable to connect to the database normally, it is best to turn off the firewall first, and then see if it can connect normally. This is primarily to help the database administrator determine if the connection failure is due to improper firewall configuration. This method is useful when troubleshooting firewall configuration errors. If the firewall is the reason, and the database administrator is still looking for the reason on the database management system or client side, it is a waste of effort. Similarly, if the connection failure is caused by a database server problem rather than a firewall configuration, but the database administrator is looking for firewall trouble, it is also asking for trouble. Therefore, the author suggests that when deploying databases (not limited to SQL Server database systems), it is best to first close the existing firewall. Wait until the client is able to connect to the server properly before attempting to start the firewall.

Recommendation 2: Open the firewall port according to the service opened by the database

For security reasons, the fewer open ports on the database server, the better. However, some database services must have certain ports open, otherwise certain services will be affected. For this reason, considering security and performance, the database administrator is required to open the firewall port according to the service to be used by the database.

If replication is enabled in SQL Server databases, port 1433 needs to be opened on the firewall (this is the default port enabled for replication services in databases). Of course, the database administrator can also discuss the final port with the network administrator. In addition, if a copy snapshot is used, WEB synchronization or FTP access is required to open other required ports on the rear wall. If snapshot replication is implemented via FTP, in order to transfer data files and schemas from one location to another on the network, port 21 needs to be opened on the firewall to allow FTP protocol data to pass through this port. Usually, this port is closed for safety reasons. If you need to use HTTP or file and print sharing services in the copy function, you need to open ports 137, 138, 139, and so on. Otherwise, these services will not work properly due to firewall blocking.

How to deploy databases and firewalls

In addition, some services in SQL Server database are not specified ports. Database administrators can determine which ports to use according to actual needs. Such as database mirroring services, which do not specify the port to be used, but require the database administrator to select the port. At this point, the database administrator can set which port to open according to the actual use of the server port. During configuration, if there are other heroics deployed in the database server, you need to avoid conflicts with other service ports.

SQL Server databases have many related services, such as the Reports service, the Browser service (which listens for incoming connections to a named instance and provides clients with the TCP port number corresponding to that named instance), and so on. If the database administrator thinks that the client connection failure is caused by the firewall, then the database administrator needs to check the official Microsoft documentation to see if the port that the corresponding service needs to open is already open in the firewall.

Recommendation 3: Manage dynamic ports

The ports of these services are basically static, and you only need to open these ports on the firewall without much difficulty. The difficulty of management is that some services use dynamic ports, which will bring some trouble to the firewall configuration on the database server. Because the port is not fixed, sometimes the firewall cannot adapt.

For example, in general, there is a service called named instance in the database, and this service uses dynamic ports. That is, each time the database server is started, the database engine determines a port that is not used by the server as its own port. That is, the ports used are inconsistent each time. By default, the SQL Server Database Engine assumes TCP port number 1433. However, if there are other database engines deployed on this database server, such as Oracle database system or MySQL database system, it is possible that this port 1433 has been adopted by them. SQL Server Database System Engine will not be able to use this port at this time. The database engine then selects another available port. It is difficult to enable access to the correct port on the firewall (the firewall does not interact with the database engine) because the database engine or database server may use a different port each time it starts. That is, the firewall does not detect which ports are enabled by the database engine. So if a firewall is configured on the database server, at database deployment time, if some services use dynamic ports, the database administrator needs to configure them as fixed ports or static ports to ensure that the database engine uses the same port number every time.

Setting dynamic ports to fixed ports in SQL Server databases is not difficult. However, if more services are activated, the workload may not be small.

The above content is how to deploy databases and firewalls. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.