分享
 
 
 

通过ISA代理SQLServer配置说明

王朝mssql·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

前言

C/S程序开发方式,开发工具众多,开发效率高,缺点是一般是两层体系,在广域网上应用的时候安全性很难保证。

B/S程序开发方式,一般应用广域网,安全性较高,但是由于针对浏览器方式的开发,对于简单应用,开发效率还可以,对于复杂的应用以及操作,需要编写中间层组件,开发效率较差。

如何能够在广域网的应用体系中采用传统的局域网C/S开发方式,提高开发效率,改善界面友好性以及良好的可操作性,这就是本篇文章所要解决的问题。使用ISA作为SQL SERVER的代理服务器与防火墙,所有外部数据库访问通过ISA进行代理,外部访问连接并不直接连接到数据库服务器,而是连接到ISA服务器上,ISA服务器将外部请求重新定向到SQL服务器上,隐藏了SQL服务器,保护数据的安全性。外部请求不需要知道SQL服务器名以及地址,只要将ISA服务器当作SQL服务器进行请求,对于外部数据请求,由ISA服务器来进行判断是否连接以及如何处理,对于合法的连接,他是透明的,好像是与数据库服务器直接连接一样。

ISA、SQL Server简介

Microsoft Internet Security & Acceleration Server 2000

Microsoft公司Microsoft Internet Security & Acceleration Server提供强大的安全和网络加速功能。它具有基于策略的安全、速度和网络管理的特征, 与Windows 2000操作系统无缝集成,是一个具有高度可伸缩性的企业Internet防火墙和高速Web缓冲存储器。

Microsoft的ISA Server提供保密、高速、易处理Internet的连接。通过使企业Internet 防火墙和高性能的高速缓冲存储器功能结合,可以将Windows 2000 的安全、目录、有效的个人专用网络和利用服务的质量以及简化处理任务的带宽控制紧密地结合起来。

Microsoft SQL Server 2000

SQL Server 2000是为创建可伸缩电子商务、在线商务和数据仓储解决方案而设计的真正意义上的关系型数据库管理与分析系统。

Microsoft SQL Server 2000针对包括集成数据挖掘、OLAP服务、安全性服务及通过Internet对多维数据集进行访问和链接等在内的分析服务提供了新的数据仓储功能。

除了提供电子商务所需的可伸缩性与可扩展性之外,SQL Server 2000还提供了丰富的基于Web标准数据库编程功能,以确保系统的协同工作和灵活性。与此相关,SQL Server 2000还包括丰富的XML、W3C标准支持。具有通过Transact SQL实现的XML数据操作能力、灵活而强大的Web分析功能以及使用HTTP进行的安全Web数据访问功能。

ISA、SQL Server的安装

Microsoft Internet Security & Acceleration Server 2000

1. 安装时,请注意确保计算机满足 Microsoft Internet Security & Acceleration Server 2000 的系统要求。有关更多信息,请参见 Microsoft Internet Security & Acceleration Server 2000 的硬件和软件安装要求。

2. 安装网卡、调制解调器(或是ISDN等)连接内部局域网和外部互联网。

3. 设置TCP/IP,设置内部外部IP地址。详情参见技术手册。

4. 运行安装盘上的ISA Server Enterprise Initialization,对参数进行设置。

Array policy only. Select Use array policy only if each array should have its own policy, which can be administered by the array administrator.

Enterprise policy only. Select Use this enterprise policy and type the name of the enterprise policy. In this case, the same enterprise policy will be applied to all the arrays in the enterprise. Unique access policies cannot be defined for each array in the enterprise. No rules can be defined at the array level.

Combined enterprise and array policy. Select Use this enterprise policy and Allow array-level access rules to restrict enterprise policy. In this case, array administrators can define rules that further restrict the enterprise policy. For example, if the enterprise policy allows access to all sites, array administrators could refine that policy, by creating rules denying access to specific sites.

If array administrators are allowed to publish internal servers, making those servers accessible to external (Internet) clients, then select Allow publishing rules to be created on the array.

Select Use packet filtering on the array if packet filtering should always be enabled for the arrays in the enterprise. If you select this option, then the array administrator will not be able to disable packet filtering.

When ISA Server Enterprise Initialization is finished, the ISA Server schema is installed to Active Directory. You can now install ISA Server as an array member, creating the array that the ISA Server should join.

Note

The array creation process takes place when you install ISA Server on the first computer in the array. The information that is added to the Active Directory may take some time to replicate to all domain controllers. Therefore, if you receive an error message during installation that the ISA Server schema has not been installed, even though you have installed it, you must wait until the schema change has been replicated to the local domain controller.

Important

You must install the Windows 2000 Service Pack 1 or later before you install ISA Server.

If the computer on which you are installing ISA Server is not part of a Windows 2000 domain, then ISA Server will be installed as a stand-alone server. You can subsequently add the server to a Windows 2000 domain, and then join it to an array.

The first server in the new array defines a new array in Active Directory. You should allow sufficient time for the array information to replicate throughout the site before you add more members to the array.

When you install an ISA Server computer as a member of an existing array, you must install it in the same mode as the other array members. For example, if all the servers in the array were installed in firewall mode, then the new ISA Server computer must also be installed in firewall mode. The new ISA Server computer adopts the array's enterprise settings, access policy, publishing policy, and monitoring configuration.

You can select the disk drives that are available for caching during ISA Server installation. By default, the setup process searches for the largest NTFS partition and sets a default cache size of 100 megabytes (MB) if there are at least 150 MB available. When configuring the cache drives, you must, at a minimum, allocate at least one NTFS drive, setting aside at least 5 MB on that drive for caching. However, it is recommended that you allocate at least 100 MB and add 0.5 MB for each client that uses the HTTP or FTP protocols, rounded up to the nearest full megabyte.

The local address table (LAT) is a table of all IP address ranges used by the internal network behind the ISA Server computer. ISA Server uses the LAT to control how machines on the internal network communicate with external networks and decides which network adapters should be protected by loading the packet filter driver.

ISA Server can construct the LAT for you by basing it on your Windows 2000 routing table. You can also select the private IP address ranges, as defined by the Internet Assigned Numbers Authority (IANA) in RFC 1918. These three blocks of addresses are reserved for private intranets and are never used on the public Internet.

When creating a LAT, you should only include addresses on the private network. This means that you should not add the external interface of the ISA Server computer, any Internet sites, or any other external addresses including the DNS server at your Internet service provider, and so forth. An incorrect configuration of the LAT could make your network vulnerable to attacks.

The LAT is managed centrally, because it is maintained on the ISA Server computer. Firewall clients automatically download and receive LAT updates at preset, regular intervals.

Microsoft SQL Server 2000 (详细情况参见白皮书)

1. 安装时,请注意确保计算机满足 Microsoft SQL Server 2000 的系统要求。有关更多信息,请参见 SQL Server 2000 的硬件和软件安装要求。

2. 在运行 Microsoft Windows NT 或 Micorsoft Windows 2000 的计算机上安装 SQL Server 2000,并且希望 SQL Server 2000 与其它客户端和服务器通讯,则创建一个或多个域用户帐户。有

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有