question

alphawolf964 avatar image
alphawolf964 asked

How to setup SQL 2008 Replication across Untrusted Domains...

Scenario... Two domains separated by a firewall. Domain1 is a private domain with limited access in or out. Domain2 is the business domain with 99% of the users. Domain1 and Domain2 are untrusted. Domain1 contains a pair of SQL 2008 Enterprize R2 servers set up in a failover mirror design. Let's call it DOM1. Domain2 contains a SQL 2008 Enterprize R2 cluster with 2 nodes (DOM2) and a DR (Disaster Recovery) SQL 2008 Enterprize R2 cluster with 2 nodes at a remote site (DOM3). DOM1 generates a great deal of data that is used by a good portion of the users in Domain2. Currently DOM2 is setup as a Replication Distributor and several of the databases are setup for transaction based replication from DOM2 to DOM3 (DR). What I need to be able to do is create a transaction based replication from DOM1 to the Distribution point (DOM2) and then subscribe to it from both DOM2 and DOM3 without creating a trust between domains. I am able to open ports in the firewall between domains but I can't open it wide. Any suggestions would be helpful.
replicationdomains
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
WilliamD avatar image
WilliamD answered
The normal way would be to do this using sql authentication. You setup a locked down sql user with enough rights to do the replication and nothing else. Do this on all machines that are participating and setup the replication to use this login. That way you don't get the problems of AD authentication over the edge of each domain.
3 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Perfect! Do you happen to know how to grant access to the distribution share folder (repldata) to an account from an untrusted domain?
1 Like 1 ·
Thanks William... Does that locked-down user also have to control SQL Server Agent to allow for the replication jobs to run?
0 Likes 0 ·
The Agent can remain running under the current Agent account. When you create the replication/publication/subcription you specificy who should do what exactly, the jobs are then created to run using the specified user, but the Agent remains the same as before replication was setup.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.