Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
DBADave
Constraint Violating Yak Guru
366 Posts |
 Posted - 2007-10-01 : 11:10:09
|
| When creating a linked server for SERVER1 do you create one linked server to be used by all applications/developers or do you typically create one linked server per application? I ask because we have about 50 production SQL Servers and only a couple of development servers. If we have a server named SERVER1 and 7 other servers (SERVER2 - SERVER8) require access to this server the question is should we create the 7 linked servers using the name SERVER1 or name the linked server more generically such as giving it an application name? If we use the server name, we can run into security issues because SERVER2 may need to map LoginID_1 to LoginID_10, SERVER3 may need to map LoginID_7 to LoginID_4 and SERVER6 may need to map LogidID_7 to LoginID_22. On the development server we would need to make certain the linked server named SERVER1 has security mapping for all three of these servers. While this will work, it's not a true representation of the production environment.How do you handle this situation?Thanks, Dave |
|
|
Kristen
Test
22859 Posts |
Posted - 2007-10-01 : 11:22:04
|
| I Link a Server using its physical name, or an Alias that implies the physical nameKristen |
 |
|
|
DBADave
Constraint Violating Yak Guru
366 Posts |
Posted - 2007-10-01 : 11:52:30
|
| Are all of your login ids unique to each server or do you have login ids that exist on multiple servers? I'm concerned if I create a single linked server on the development server and give this linked server all security mappings that exist on the production servers some code may accidentally work due to the existence of a source to destination mapping that was intended to be used on a different production server. The developer won't notice the problem because their code works on the development server, but once it is migrated to production the code breaks because that security mapping does not exist on their production server. We encountered that problem on Friday.If we had an actual test environment to test code migrations it would be less of an issue. Unfortunately we go directly from development to production, which I do not recommend.Thanks, Dave |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-10-01 : 12:16:18
|
| All our logins are specific to the application, rather than to the user (i.e. we implement User Security within the App, rather than within the DB), so that's not a problem we have, but I can see it would be an issue, unless the user's Login details are synchronised across all the server (i.e. UserA has the same password on all servers).Kristen |
|
|
|
DBADave
Constraint Violating Yak Guru
366 Posts |
Posted - 2007-10-01 : 12:26:35
|
| Part of our problem is many of the linked servers were configured with an "sa" to "sa" mapping or configured to default to "sa" if no login mapping exists. It's going to take us a long time to clean this up. Arghhhh!!!!Thanks, Dave |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-10-01 : 12:29:51
|
| Could you create additional linked servers called, say, "U_foo" which are for "Real User Logins" links, and then make use of them in parallel with the existing ones, until you can "retire" those?Kristen |
|
|
|
DBADave
Constraint Violating Yak Guru
366 Posts |
Posted - 2007-10-01 : 12:50:14
|
| We will have to do something along those lines to clean things up. We have a security overhall project that will occur in 2008 so I will add this to the list of issues.Thanks, Dave |
|
|
|
|
|
|
|
|
Linked Server Names - Best Practice Question