| Author |
Topic |
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
 Posted - 2007-06-25 : 18:02:34
|
| Is it as horrible as it sounds? Let me explain my situation.My main web application currently runs off the main webserver, which is right next to the database server and behind the same firewall. This part is running smooth. We have an IMAGE server, which in a different datacenter (cheap BW) that has been serving just static JPG content. We now want to do inserts on the delivery of these JPG files into the database. Each time a JPG is served we do just log it (photoID,dateServed). It's a very small updated.The problem is that the DB server is on a secured VPN, and its in a different datacenter. We can install the VPN software on this server, but I'm not sure what we can do if the VPN connection breaks, I don't think our current client has auto reconnect option.I was also thinking perhaps we could get the image server to do an http post to a page on the main webserver would be an option. Is there a decent solution to this that not completely mickey mouse? What are the downsides of connecting across the internet? Since I am only doing these little inserts, are there any techniques that might be of interest to me ? Of course our other option is to get a second sqlserver to put in the image servers datacenter, which we would rather not do at this time.Thanks very much for any input!mike123 |
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2007-06-25 : 19:50:45
|
| saving images in a database is know as BLOBs, which is a bad design, do a search on BLOBs in this forums. |
 |
|
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
Posted - 2007-06-26 : 07:03:17
|
| I'm not storing images in my database, in fact I am not planning on retrieving anything from it across the web. I am just inserting a small row.Any input on this greatly appreciated.. Thanks!mike123 |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-06-26 : 13:29:34
|
| New mdac comes with auto reconnect feature. What kind of connection do you use? |
|
|
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
Posted - 2007-06-26 : 14:28:33
|
| I'm not exactly sure what type of connection to be honest. Transport is listed as IPSec/UDPI know I have CISCO VPN Client Version 4.6.02.0011. I'm not very aware of what else is out there, I was just given this by my firewall admin.Thanks again,mike123 |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-06-26 : 16:53:38
|
| Do you use odbc, jdbc, oledb or other kind of connection in the app? |
|
|
|
RocketScientist
Official SQLTeam Chef
85 Posts |
Posted - 2007-06-26 : 17:50:17
|
| Use a site-to-site vpn instead of relying on the software-based VPN. If you're already using a Cisco VPN appliance, you can acquire another one in a smaller, less capable form that would serve your needs. This would provide a dedicated VPN tunnel for any application to use, but you'd have the ability to limit traffic by IP/MAC down to the specific servers that should have access. I'd guess you aren't the only person having this problem in your organization, or you won't be for long. This type of appliance also provides automatic reconnect and so on. It also dumps the problem out of your lap and back onto your network administrator where it belongs.Second thing is, if you're just throwing simple inserts over that contain a filename and an ID, assuming there's no interesting information in the filename or the ID just don't bother encrypting it. If there is interesting data in the ID (i.e. you're using an SSN for an ID or something) you can just drop it into a surrogate table, hash it up with SHA or something. You don't encrypt your email, why the heck encrypt a bunch of surrogate keys floating around the Internet.Finally, you could use one of the many encryption options built into SQL Server to encrypt the traffic if you're not happy about sending random insert statements over the LAN.http://support.microsoft.com/kb/276553That's a good start. You'll need a certificate server and so on. Which you should probably have already anyway (usually it's hosted on a DC or something). |
|
|
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
Posted - 2007-06-27 : 07:28:20
|
| Hi RocketScientist,I am not concerned about the security of the data being inserted, however I am very concerned about my connectionstring username/password being sent across the net in clear text.Also, for reference my PING time across the two servers is here:Minimum 52ms, Maximum 57ms, Average 53msIs this acceptable? If so, can it be determined how many inserts per second this would be ok until?I'll ask my firewall admin, about hardware options and what he recommends for our situation. Any other ideas still much appreciated.Thanks again!mike123 |
|
|
|
dariomur
Starting Member
7 Posts |
Posted - 2007-06-27 : 18:46:48
|
| Just another train of thought...Have you thought about using some web stats tracking software on the images server to record the image name and datetime? |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-06-27 : 22:31:42
|
| Can use windows authentication if servers are in same domain or in trusted domains. |
|
|
|
|
having your db server in another datacenter