Beginning Microsoft SQL Server 2008 ... - S3 Tech Training

Chapter 2: Tools of the Trade
26
Keep in mind that, in order for your client to gain a connection to the server, the server has to be listening
for the protocol with which the client is trying to communicate and, in the case of TCP/IP, on the
same port.
At this point, you might be tempted to say, “Hey, why don’t I just enable every NetLib? Then I won’t
have to worry about it.” This situation is like anything you add onto your server — more overhead. In
this case, it would both slow down your server (not terribly, but every little bit counts) and expose you
to unnecessary openings in your security. (Why leave an extra door open if nobody is supposed to be
using that door?)
OK, now let’s take a look at what we can support and why we would want to choose a particular protocol.
Named Pipes
Named Pipes can be very useful when TCP/IP is not available, or there is no Domain Name Service
(DNS) server to allow the naming of servers under TCP/IP.
TCP/IP
For security reasons, only Shared Memory is enabled at installation time.
You’ll want to leave Shared Memory enabled for when you’re accessing the machine
locally. (It works only when the client is on the same physical server as the SQL
Server installation.) But you need to enable at least one other NetLib if you want to
be able to contact your SQL Server remotely (say, from a Web server or from different
clients on your network).
Technically speaking, you can connect to a SQL Server running TCP/IP by using its
IP address in the place of the name. This works all the time, even if there is no DNS
service, as long as you have a route from the client to the server. (If it has the IP address,
then it doesn’t need the name.) Keep in mind, however, that if your IP address changes
for some reason, you’ll need to change what IP address you’re accessing (a real pain
if you have a bunch of config files you need to go change!).
TCP/IP has become something of the de facto standard networking protocol and is also the only option if
you want to connect directly to your SQL Server via the Internet, which, of course, uses only IP.
Don’t confuse the need to have your database server available to a Web server with the need to have
your database server directly accessible to the Internet. You can have a Web server that is exposed to the
Internet, but also has access to a database server that is not directly exposed to the Internet. (The only
way for an Internet connection to see the data server is through the Web server.)
Connecting your data server directly to the Internet is a security hazard in a big way. If you insist on
doing it (and there can be valid reasons for doing so, rare though they may be), then pay particular
attention to security precautions.