Hello...
I inherited a SQL environment with a strict network configuration. I am being tasked with setting up log shipping as a method of creating a stand by copy of a production SQL 2008 server. Our production SQL 2008 server consist of 2 servers in a clustered configuration. These 2 SQL 2008 servers are members of an Active Directory Domain in a stand alone forest with no trusts established. The SQL 2008 server is configured to use a local SQL Administrator Account located on the local server.
We have a fail over facility a few blocks away. In this fail over facility we have a single SQL 2008 server. This single SQL 2008 server is a member of it's own Active Directory Domain in a separate forest from the production environment.
These two facilities are separated by firewalls. The security team where I work will not allow high ports opened on the Inbound firewalls. Which means, I can't establish any trusts between the two Active Directory forests.
As I understand it, Log Shipping copies the T-logs to a shared folder on Standby server. I interpret this as an SMB operation.
So it looks like this:
SQL1 + SQL2 (CLUSTER)
ADDOMAIN1 / FOREST1
FIREWALL1
|
|
|
|
FIREWALL2
SQL3 (Recovery Mode)
ADDOMAIN2 / FOREST2
My Questions:
1. If all SQL Servers use the same username and password for their SQL Server Agent, is it possible to share a directory off of SQL3 that SQL1/2 Cluster can copy the T-Logs to?
2. If so, and assuming this is an SMB operation I would only be required to request the following ports to be opened on the Inbound firewall2: 137 UDP/TCP & 138 UDP/TCP.
3. Can I hide the network share on the SQL3?
Thanks in advanced.