论坛交流
首页办公自动化| 网页制作| 平面设计| 动画制作| 数据库开发| 程序设计| 全部视频教程
应用视频: Windows | Word2007 | Excel2007 | PowerPoint2007 | Dreamweaver 8 | Fireworks 8 | Flash 8 | Photoshop cs | CorelDraw 12
编程视频: C语言视频教程 | HTML | Div+Css布局 | Javascript | Access数据库 | Asp | Sql Server数据库Asp.net  | Flash AS
当前位置 > 文字教程 > Sql Server教程
Tag:注入,存储过程,分页,安全,优化,加密,索引,日志,压缩,base64,函数,内存,PDF,迁移,结构,破解,编译,配置,进程,分词,触发器,socket,安装,sqlserver2000,sqlserver2005,sqlserver2008,视频教程

通过ISA代理SQLServer配置说明

文章类别:Sql Server | 发表日期:2008-10-5 21:36:14

通过ISA代理SQL Server配置说明

前言

C/S程序开发方式,开发工具众多,开发效率高,缺点是一般是两层体系,在广域网上应用的时候安全性很难保证。草地chin ai tp owergbvOi

B/S程序开发方式,一般应用广域网,安全性较高,但是由于针对浏览器方式的开发,对于简单应用,开发效率还可以,对于复杂的应用以及操作,需要编写中间层组件,开发效率较差。草地chin ai tp owergbvOi

如何能够在广域网的应用体系中采用传统的局域网C/S开发方式,提高开发效率,改善界面友好性以及良好的可操作性,这就是本篇文章所要解决的问题。使用ISA作为SQL SERVER的代理服务器与防火墙,所有外部数据库访问通过ISA进行代理,外部访问连接并不直接连接到数据库服务器,而是连接到ISA服务器上,ISA服务器将外部请求重新定向到SQL服务器上,隐藏了SQL服务器,保护数据的安全性。外部请求不需要知道SQL服务器名以及地址,只要将ISA服务器当作SQL服务器进行请求,对于外部数据请求,由ISA服务器来进行判断是否连接以及如何处理,对于合法的连接,他是透明的,好像是与数据库服务器直接连接一样。草地chin ai tp owergbvOi

ISASQL Server简介

Microsoft Internet Security & Acceleration Server 2000

---- Microsoft公司Microsoft Internet Security & Acceleration Server提供强大的安全和网络加速功能。它具有基于策略的安全、速度和网络管理的特征, Windows 2000操作系统无缝集成,是一个具有高度可伸缩性的企业Internet防火墙和高速Web缓冲存储器。 草地chin ai tp owergbvOi

---- MicrosoftISA Server提供保密、高速、易处理Internet的连接。通过使企业Internet 防火墙和高性能的高速缓冲存储器功能结合,可以将Windows 2000 的安全、目录、有效的个人专用网络和利用服务的质量以及简化处理任务的带宽控制紧密地结合起来。 草地chin ai tp owergbvOi

Microsoft SQL Server 2000

---- SQL Server 2000是为创建可伸缩电子商务、在线商务和数据仓储解决方案而设计的真正意义上的关系型数据库管理与分析系统。草地chin ai tp owergbvOi

---- Microsoft SQL Server 2000针对包括集成数据挖掘、OLAP服务、安全性服务及通过Internet对多维数据集进行访问和链接等在内的分析服务提供了新的数据仓储功能。 草地chin ai tp owergbvOi

---- 除了提供电子商务所需的可伸缩性与可扩展性之外,SQL Server 2000还提供了丰富的基于Web标准数据库编程功能,以确保系统的协同工作和灵活性。与此相关,SQL Server 2000还包括丰富的XMLW3C标准支持。具有通过Transact SQL实现的XML数据操作能力、灵活而强大的Web分析功能以及使用HTTP进行的安全Web数据访问功能。 草地chin ai tp owergbvOi

ISASQL Server的安装

Microsoft Internet Security & Acceleration Server 2000

1.         安装时请注意确保计算机满足 Microsoft Internet Security & Acceleration Server 2000 的系统要求。有关更多信息请参见 Microsoft Internet Security & Acceleration Server 2000 的硬件和软件安装要求。草地chin ai tp owergbvOi

2.         安装网卡、调制解调器(或是ISDN等)连接内部局域网和外部互联网。草地chin ai tp owergbvOi

3.         设置TCP/IP,设置内部外部IP地址。详情参见技术手册。草地chin ai tp owergbvOi

4.         运行安装盘上的ISA Server Enterprise Initialization,对参数进行设置。草地chin ai tp owergbvOi

l         Array policy only. Select Use array policy only if each array should have its own policy, which can be administered by the array administrator. 草地chin ai tp owergbvOi

l         Enterprise policy only. Select Use this enterprise policy and type the name of the enterprise policy. In this case, the same enterprise policy will be applied to all the arrays in the enterprise. Unique access policies cannot be defined for each array in the enterprise. No rules can be defined at the array level. 草地chin ai tp owergbvOi

l         Combined enterprise and array policy. Select Use this enterprise policy and Allow array-level access rules to restrict enterprise policy. In this case, array administrators can define rules that further restrict the enterprise policy. For example, if the enterprise policy allows access to all sites, array administrators could refine that policy, by creating rules denying access to specific sites. 草地chin ai tp owergbvOi

l         If array administrators are allowed to publish internal servers, making those servers accessible to external (Internet) clients, then select Allow publishing rules to be created on the array. 草地chin ai tp owergbvOi

l         Select Use packet filtering on the array if packet filtering should always be enabled for the arrays in the enterprise. If you select this option, then the array administrator will not be able to disable packet filtering. 草地chin ai tp owergbvOi

When ISA Server Enterprise Initialization is finished, the ISA Server schema is installed to Active Directory. You can now install ISA Server as an array member, creating the array that the ISA Server should join.草地chin ai tp owergbvOi

Note草地chin ai tp owergbvOi

The array creation process takes place when you install ISA Server on the first computer in the array. The information that is added to the Active Directory may take some time to replicate to all domain controllers. Therefore, if you receive an error message during installation that the ISA Server schema has not been installed, even though you have installed it, you must wait until the schema change has been replicated to the local domain controller.草地chin ai tp owergbvOi

Important草地chin ai tp owergbvOi

You must install the Windows 2000 Service Pack 1 or later before you install ISA Server.草地chin ai tp owergbvOi

If the computer on which you are installing ISA Server is not part of a Windows 2000 domain, then ISA Server will be installed as a stand-alone server. You can subsequently add the server to a Windows 2000 domain, and then join it to an array.草地chin ai tp owergbvOi

The first server in the new array defines a new array in Active Directory. You should allow sufficient time for the array information to replicate throughout the site before you add more members to the array.草地chin ai tp owergbvOi

When you install an ISA Server computer as a member of an existing array, you must install it in the same mode as the other array members. For example, if all the servers in the array were installed in firewall mode, then the new ISA Server computer must also be installed in firewall mode. The new ISA Server computer adopts the array's enterprise settings, access policy, publishing policy, and monitoring configuration.草地chin ai tp owergbvOi

You can select the disk drives that are available for caching during ISA Server installation. By default, the setup process searches for the largest NTFS partition and sets a default cache size of 100 megabytes (MB) if there are at least 150 MB available. When configuring the cache drives, you must, at a minimum, allocate at least one NTFS drive, setting aside at least 5 MB on that drive for caching. However, it is recommended that you allocate at least 100 MB and add 0.5 MB for each client that uses the HTTP or FTP protocols, rounded up to the nearest full megabyte.草地chin ai tp owergbvOi

The local address table (LAT) is a table of all IP address ranges used by the internal network behind the ISA Server computer. ISA Server uses the LAT to control how machines on the internal network communicate with external networks and decides which network adapters should be protected by loading the packet filter driver.草地chin ai tp owergbvOi

ISA Server can construct the LAT for you by basing it on your Windows 2000 routing table. You can also select the private IP address ranges, as defined by the Internet Assigned Numbers Authority (IANA) in RFC 1918. These three blocks of addresses are reserved for private intranets and are never used on the public Internet.草地chin ai tp owergbvOi

When creating a LAT, you should only include addresses on the private network. This means that you should not add the external interface of the ISA Server computer, any Internet sites, or any other external addresses including the DNS server at your Internet service provider, and so forth. An incorrect configuration of the LAT could make your network vulnerable to attacks.草地chin ai tp owergbvOi

The LAT is managed centrally, because it is maintained on the ISA Server computer. Firewall clients automatically download and receive LAT updates at preset, regular intervals.草地chin ai tp owergbvOi

Microsoft SQL Server 2000 (详细情况参见白皮书)

1.         安装时请注意确保计算机满足 Microsoft SQL Server 2000 的系统要求。有关更多信息,请参见 SQL Server 2000 的硬件和软件安装要求。草地chin ai tp owergbvOi

2.         在运行 Microsoft Windows NT Micorsoft Windows 2000 的计算机上安装 SQL Server 2000,并且希望 SQL Server 2000 与其它客户端和服务器通讯,则创建一个或多个域用户帐户。有关更多信息,请参见 创建安全帐户草地chin ai tp owergbvOi

3.         用具有本地管理权限的用户帐户登录到操作系统,或者给域用户帐户指派适当的权限。草地chin ai tp owergbvOi

4.         关闭所有和 SQL Server 相关的服务。包括所有使用 ODBC 的服务,如 Microsoft Internet Information 服务 (IIS)草地chin ai tp owergbvOi

5.         关闭 Microsoft Windows NT 事件查看器和注册表查看器(Regedit.exe Regedt32.exe)。草地chin ai tp owergbvOi

ISASQL SERVER的配置

1.      配置SQL Server TCP/IP网络协议

使用SQL Server Network Utility工具进行配置,启用TCP/IP协议,添加WinSocket代理,设置代理服务器的IP地址为ISA服务器的外部IP地址。设置SQL Server使用的端口。草地chin ai tp owergbvOi

注意:如果设置的IP地址是ISA服务器的内部IP地址,那么将不起作用!!草地chin ai tp owergbvOi

2.      SQL Server服务器上创建Wspcfg.ini文件

文件内容:草地chin ai tp owergbvOi

sqlservr]草地chin ai tp owergbvOi

      ServerBindTCPPorts=1433草地chin ai tp owergbvOi

      Persistent=1草地chin ai tp owergbvOi

      KillOldSession=1草地chin ai tp owergbvOi

将文件保存在与Sqlservr.exe相同的路径下。如果在第一步设置的端口不是1433,将ServerBindTCPPorts=1433修改成为第一步所设置的端口。草地chin ai tp owergbvOi

3.      SQL Server服务器端安装Fiewwall客户端

连接ISA服务器,查找MSPCLNT共享目录,安装Fiewwall客户端,这个共享目录是安装完ISA之后自动共享的。草地chin ai tp owergbvOi

4.      重新启动SQL Server服务器

5.      设置ISANetworkLAT

添加SQL ServerISA服务器的内部IP地址到LAT中。草地chin ai tp owergbvOi

6.      设置Publishing属性的Server Publishing Rules

使用Publish a Server,设置一个发布名称,填写Internal ServerIPSQL Server服务器的内部IP地址,填写ISA ServerIP地址为ISA服务器的外部IP地址,设置Mapped Server ProtocolMicrosoft SQL Server。设置访问规则。草地chin ai tp owergbvOi

7.      在需要访问的外部客户端进行测试

1.         配置客户端的hosts文件,填写ISA服务器的外部IP地址与机器名。草地chin ai tp owergbvOi

2.         使用Ping.exe进行测试,看是否能够连通(Ping xxxServer).草地chin ai tp owergbvOi

3.         使用SQL Server客户端或是其他工具进行连接测试,使用的服务器名称为ISA服务器的名称。草地chin ai tp owergbvOi

视频教程列表
文章教程搜索
 
Sql Server推荐教程
Sql Server热门教程
看全部视频教程
购买方式/价格
购买视频教程: 咨询客服
tel:15972130058