Seting local MSSQL Server as Database Server

Question

I have my web site hosted at EC2 server. If I want to give user an option to use their local MSSQL server, so how can I configure that.

First of All, Is it Possible?

Do I need Static IP?

How to configure an Firewall?

For Example pinging: "static IP : Port" => 170.111.111.111:1122

Some of the client don't want to host their data on cloud database for security and privacy purpose — 10K35H 5H4KY4, Sep 08 '15 at 00:27
So... you mean to make a website you host that uses data from an MSSQL server somewhere else? — Falcon Momot, Sep 08 '15 at 00:28
yes, need to configure local sql server with custom inbound rules. — 10K35H 5H4KY4, Sep 08 '15 at 00:30

score 2 · Accepted Answer · answered Sep 08 '15 at 00:36

I think I have some idea what you might want to do... I think you might be asking how you can have a website you host target an arbitrary MSSQL server.

There isn't really a good way to do that. You could, I suppose, have your client specify their MSSQL connection string to your application; how you might do that depends on your application and whether it even supports this. Most of the time, the database connection string is configured on the server and isn't accessible through the application's user interface, but yours might be acceptable for this. Your client would have to allow inbound access from your application on TCP port 1433 or any alternate they have chosen, and you would need to make sure you have egress on your EC2 instance for that.

The problem here is that the client would need to allow a connection to their apparently sensitive database from the wide Internet, or at least from your application in EC2. They'd have to hope you always keep the same IP and never release it without telling them first. You don't strictly need a static IP to do this, but it's impossible to secure otherwise. Amazon does give these away for free with EC2 instances (elastic IP).

You'd best hope only the client manages to set that database server, that your site is using TLS, and that TLS is also used for the database connection. If someone else manages to set it, your site might end up serving malware.

This is going to be a maintenance nightmare for you and your client, and massively increases both of your attack surface. The client is extremely silly to choose this as a means to improve their "security and privacy", since it actually puts it at vastly increased risk compared to hosting the data close to where it is used.

It would be better architecture to create a VPN link between your application servers and the client's SQL server.

Seting local MSSQL Server as Database Server

1 Answers1