|
Home > Archive > MS SQL Server Clustering > August 2005 > IPSEC
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| mulhall 2005-08-02, 3:23 am |
| MS points us away from IPSEC with this article due to the failover
implications.
Other than SSL, what technologies are you implementing in it's place?
Is OpenSSH viable on a cluster?
Cheers.
| |
| Rodney R. Fournier [MVP] 2005-08-02, 7:23 am |
| We use IPSec :) You can change the SA timeout from 5 minutes to 1 :)
Cheers,
Rod
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://www.msmvps.com/clustering - Blog
http://msmvps.com/clustering/archiv...7/20/58233.aspx NYC Clustering
class
"mulhall" <mulhall@discussions.microsoft.com> wrote in message
news:69320514-63AE-4EF2-86E6- 6DE8EAF4C851@microso
ft.com...
> MS points us away from IPSEC with this article due to the failover
> implications.
>
> Other than SSL, what technologies are you implementing in it's place?
>
> Is OpenSSH viable on a cluster?
>
> Cheers.
| |
| mulhall 2005-08-02, 7:23 am |
| Unfortunately with Microsoft saying:
" Microsoft recommends that you do not use IPSec for programs in a server
cluster" - KB 306677
I can't recommend it either for high availability critical systems.
I take it changing the default time out will result in a maximum downtime of
one minute..?
"Rodney R. Fournier [MVP]" wrote:
> We use IPSec :) You can change the SA timeout from 5 minutes to 1 :)
>
> Cheers,
>
> Rod
>
> MVP - Windows Server - Clustering
> http://www.nw-america.com - Clustering Website
> http://www.msmvps.com/clustering - Blog
> http://msmvps.com/clustering/archiv...7/20/58233.aspx NYC Clustering
> class
>
>
> "mulhall" <mulhall@discussions.microsoft.com> wrote in message
> news:69320514-63AE-4EF2-86E6- 6DE8EAF4C851@microso
ft.com...
>
>
>
| |
| Rodney R. Fournier [MVP] 2005-08-02, 9:23 am |
| From -
http://www.microsoft.com/technet/pr...g/srclscbp.mspx
"Although IPSec is not optimally designed for a clustered environment, it
may be used if your business need for secure connectivity outweighs client
downtime in the event of a failover."
Yes, changing the timeout would equal 1 minute for IPSec :)
Cheers,
Rod
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://www.msmvps.com/clustering - Blog
http://msmvps.com/clustering/archiv...7/20/58233.aspx NYC Clustering
class
"mulhall" <mulhall@discussions.microsoft.com> wrote in message
news:C9D1B76B-FF34-44FD-AC0C- 00482B9F7A8C@microso
ft.com...[color=darkred]
> Unfortunately with Microsoft saying:
> " Microsoft recommends that you do not use IPSec for programs in a server
> cluster" - KB 306677
>
> I can't recommend it either for high availability critical systems.
>
> I take it changing the default time out will result in a maximum downtime
> of
> one minute..?
>
>
> "Rodney R. Fournier [MVP]" wrote:
>
|
|
|
|
|