I have an SQL server that resides on my local LAN. My local LAN is
behind a firewall that we do not maintain. We have been told that we
cannot have any additional ports opened on the firewall, meaning that
the ports used by SQL server are and will remain closed.
My dilemma is that I need to provide people outside my company view
only access, via our internet site, to data that is on my local SQL
server. My web server resides on a public network that is outside my
firewall. Is there a way that this can be done without opening the
ports on the firewall?Web Services
--
Arnie Rowland, YACE*
"To be successful, your heart must accompany your knowledge."
*Yet Another Certification Exam
<harel.davidm@.gmail.com> wrote in message
news:1151082261.350657.124850@.m73g2000cwd.googlegroups.com...
>I have an SQL server that resides on my local LAN. My local LAN is
> behind a firewall that we do not maintain. We have been told that we
> cannot have any additional ports opened on the firewall, meaning that
> the ports used by SQL server are and will remain closed.
> My dilemma is that I need to provide people outside my company view
> only access, via our internet site, to data that is on my local SQL
> server. My web server resides on a public network that is outside my
> firewall. Is there a way that this can be done without opening the
> ports on the firewall?
>|||Arnie Rowland wrote:
> Web Services
>
Can you be a little more specific? Your answer doesn't really help as
is.|||Web Services, by design (and definition) use port 80 (http). Almost all
firewalls have port 80 open. Web Services are normally 'inside' the firewall
running on a web server (IIS).
With Visual Studio, you can create one or more web services (applications
that run on an IIS server). The web service receives a http post from the
web application, and then the web service retrieves the data from SQL Server
and passes it back to the web application in the response.
Also, SQL 2005 has the capability to host stored procedures as web services.
However, this should only be done when one is in complete understanding of
the security issues.
This is a lengthy and complicated discussion, inappropriate for this forum.
I suggest that you investigate Web Services in Visual Studio. Here is a
place to start.
http://msdn.microsoft.com/webservices/
Good luck.
--
Arnie Rowland, YACE*
"To be successful, your heart must accompany your knowledge."
*Yet Another Certification Exam
<harel.davidm@.gmail.com> wrote in message
news:1151082723.343995.161530@.g10g2000cwb.googlegroups.com...
> Arnie Rowland wrote:
>> Web Services
> Can you be a little more specific? Your answer doesn't really help as
> is.
>|||It is my understanding that to do this we will need to upgrade to SQL
2005 and Visual Studio 2005. Our application is running on SQL 2000
and was written in Visual Studio 6 and is not easily rewirtable.
Arnie Rowland wrote:
> Web Services, by design (and definition) use port 80 (http). Almost all
> firewalls have port 80 open. Web Services are normally 'inside' the firewall
> running on a web server (IIS).
> With Visual Studio, you can create one or more web services (applications
> that run on an IIS server). The web service receives a http post from the
> web application, and then the web service retrieves the data from SQL Server
> and passes it back to the web application in the response.
> Also, SQL 2005 has the capability to host stored procedures as web services.
> However, this should only be done when one is in complete understanding of
> the security issues.
> This is a lengthy and complicated discussion, inappropriate for this forum.
> I suggest that you investigate Web Services in Visual Studio. Here is a
> place to start.
> http://msdn.microsoft.com/webservices/
> Good luck.|||.NET Web Services can access data in any ADO.NET datastore -including SQL
Server 2000, Oracle, Exchange, Access, Excel files, etc..
You can create .NET Web Services using Visual Notepad -however Visual Studio
makes it easier.
SQL Server 2005 is not necessary for Web Services.
IIS and the .NET framework on the IIS server (and the development boxes) is
required.
--
Arnie Rowland, YACE*
"To be successful, your heart must accompany your knowledge."
*Yet Another Certification Exam
<harel.davidm@.gmail.com> wrote in message
news:1151088102.639755.88150@.c74g2000cwc.googlegroups.com...
> It is my understanding that to do this we will need to upgrade to SQL
> 2005 and Visual Studio 2005. Our application is running on SQL 2000
> and was written in Visual Studio 6 and is not easily rewirtable.
> Arnie Rowland wrote:
>> Web Services, by design (and definition) use port 80 (http). Almost all
>> firewalls have port 80 open. Web Services are normally 'inside' the
>> firewall
>> running on a web server (IIS).
>> With Visual Studio, you can create one or more web services (applications
>> that run on an IIS server). The web service receives a http post from the
>> web application, and then the web service retrieves the data from SQL
>> Server
>> and passes it back to the web application in the response.
>> Also, SQL 2005 has the capability to host stored procedures as web
>> services.
>> However, this should only be done when one is in complete understanding
>> of
>> the security issues.
>> This is a lengthy and complicated discussion, inappropriate for this
>> forum.
>> I suggest that you investigate Web Services in Visual Studio. Here is a
>> place to start.
>> http://msdn.microsoft.com/webservices/
>> Good luck.
>|||And this will work if my outside IIS server is unable to access my LAN?
I am told that we can go from inside out but not outside in.|||harel.davidm@.gmail.com wrote:
> And this will work if my outside IIS server is unable to access my LAN?
> I am told that we can go from inside out but not outside in.
>
You really need to read more about web services and understand them,
you're missing the point. The web service would run on an IIS instance
INSIDE YOUR FIREWALL. The IIS instance that sits outside the firewall
would talk to the web services running on the IIS instance inside the
firewall, using it as a sort of proxy to get data from your SQL Server
machine. The web services will NOT run on the IIS instance outside the
firewall, therefore it doesn't matter if that machine can see the SQL
Server machine.|||Tracy McKibben wrote:
> harel.davidm@.gmail.com wrote:
> > And this will work if my outside IIS server is unable to access my LAN?
> > I am told that we can go from inside out but not outside in.
> >
> You really need to read more about web services and understand them,
> you're missing the point. The web service would run on an IIS instance
> INSIDE YOUR FIREWALL. The IIS instance that sits outside the firewall
> would talk to the web services running on the IIS instance inside the
> firewall, using it as a sort of proxy to get data from your SQL Server
> machine. The web services will NOT run on the IIS instance outside the
> firewall, therefore it doesn't matter if that machine can see the SQL
> Server machine.
Maybe I am missing the point, but isn't that what these forums are for?
I asked a simple question, at least to me. I am not a
developer/programmer so allot of this is new to me. I am more of the
technical/hardware person here. I was just relaying the information I
was given by those who maintain the firewall. Regardless of how Web
Services works, the information I detailed is what I was told. I am
simply looking for a preferred means of providing information on my
Internet site..|||Bottom line.
With your current situation, you are not going to be able to provide any
data from SQL Server to the web server outside the firewall without opening
ports in the firewall for the web server to use to connect with the SQL
Server.
If you cannot open any ports, Web Services is an option. However, web
services will require significant programming expertise and can, if not
implimented correctly, have serious data security issues. It sounds like
that option is also not available for you.
If your web host provides any database support, you could 'manually' upload
data extracted from your SQL Server. If not, then you could manually upload
datafiles as csv, Access, etc. However, that presents severe maintenance and
latency issues. And then there is not a way to capture user interaction from
the web site and send it back to your database server. But it may be the
only option for you to explore.
You asked a 'simple' question. The question, and its followups, received
clear and informative -though complex responses. You have been directed to a
source of additional information.
I don't know how else we can help you.
--
Arnie Rowland, YACE*
"To be successful, your heart must accompany your knowledge."
*Yet Another Certification Exam
<harel.davidm@.gmail.com> wrote in message
news:1151093318.784026.187460@.y41g2000cwy.googlegroups.com...
> Tracy McKibben wrote:
>> harel.davidm@.gmail.com wrote:
>> > And this will work if my outside IIS server is unable to access my LAN?
>> > I am told that we can go from inside out but not outside in.
>> >
>> You really need to read more about web services and understand them,
>> you're missing the point. The web service would run on an IIS instance
>> INSIDE YOUR FIREWALL. The IIS instance that sits outside the firewall
>> would talk to the web services running on the IIS instance inside the
>> firewall, using it as a sort of proxy to get data from your SQL Server
>> machine. The web services will NOT run on the IIS instance outside the
>> firewall, therefore it doesn't matter if that machine can see the SQL
>> Server machine.
> Maybe I am missing the point, but isn't that what these forums are for?
> I asked a simple question, at least to me. I am not a
> developer/programmer so allot of this is new to me. I am more of the
> technical/hardware person here. I was just relaying the information I
> was given by those who maintain the firewall. Regardless of how Web
> Services works, the information I detailed is what I was told. I am
> simply looking for a preferred means of providing information on my
> Internet site..
>|||harel.davidm@.gmail.com wrote:
> Maybe I am missing the point, but isn't that what these forums are for?
> I asked a simple question, at least to me. I am not a
> developer/programmer so allot of this is new to me. I am more of the
> technical/hardware person here. I was just relaying the information I
> was given by those who maintain the firewall. Regardless of how Web
> Services works, the information I detailed is what I was told. I am
> simply looking for a preferred means of providing information on my
> Internet site..
>
The preferred means is to have your database server and web server
within close proximity, either living together within a DMZ, or the web
server in DMZ, data behind the internal firewall with a port opened.
What you're attempting to do is connect a web server that lives outside
of your environment to a database server inside your environment, but
you don't want to open a hole for it to talk through. It should be a
trivial thing for your network guy to open a port to the SQL machine,
and configure a rule to allow ONLY the IP of the web server to connect
to it. Put SQL on a non-default port, open that port up, and secure it
with a rule, you should be just fine.
I wasn't attacking you. Your question is not a simple one. You were
given a recommendation of using web services, I was merely suggesting
that you research them a bit further before discounting them or asking
further questions.
Good luck...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment