Welcome to the world (new face) of Knowledge Sharing Network.
To track the older blog posts refer to our historical knowledge sharing site  and you will find this as your destination for SQL Server knowledge pool.

Follow SQLMaster on Twitter SqlServer-QA.net - Knowledge Sharing Network (@sqlmaster)

How to configure SQL Server Reporting Services in a DMZ environment? - SQL Server Knowledge Sharing Network (@sqlmaster)

How to configure SQL Server Reporting Services in a DMZ environment?

Many questions will come out if you need set your Reporting Server on Internet within DMZ environment?

The important aspects involves SQL Server database, Reports Services & Report Manager, for the sake of discussion say if Report Services and Report Manager are on a server in DMZ (behind firewall) that is not a member of the Domain then you need to setup port & authentication. Also you need to consider that Report server and DB server need not be in the same domain, if your database server supports SQL Server Authentication (By using username and password) then your report server can connect to the database server over internet and read the required data. Also on the authenication part you have to ensure that listen-on PORT for SQL Server to be set and open, not the default 1433 for the sake of security. Using SQL Server 2005 configuration manager you can set the relevant port no. and restart SQL Server services to take on affect, also you can check this within SQL Server error log. Also the SSRS (report server) can connect to SQL Server even if it is listening on another port. When SQL Server is configured on a port other than the default port, you should specify the port number in the connection string. for example: "server=servername_or_ip,port".

Further few things you need to consider before letting the users use Reporting Services within a DMZ environment where the Servers are exposed to the INternet and to safeguard the servers from hackers. 

In this case you must be aware that SQL Server uses TCP port 1433 and UDP port 1434, change it to a different port number and also considering the Browser service security too. Finally don't forget to secure the password if you are using Certificate (secured) based authentication then refer to http://blogs.msdn.com/tudortr/archive/2005/11/03/488731.aspx blog that helped me a lot, in the past.


Published Tuesday, April 22, 2008 7:27 AM by ssqa.net


No Comments