Chapter 1 Securing Your Server and Network (13): configure the endpoint security, chaptersecuring
Source: Workshop
Without the consent of the author, no one shall be published in the form of "original" or used for commercial purposes. I am not responsible for any legal liability.
Previous Article: http://blog.csdn.net/dba_huangzj/article/details/38438363
Preface:
An SQL Server Endpoint is a portal for accessing and exiting SQL Server. Through an Endpoint, everything can be transmitted between the network and SQL Server. An endpoint can be either a system or user-defined, where the system endpoint allows the T-SQL to connect to the SQL Server and send queries.
The endpoint uses a specific protocol definition, which can be HTTP or TCP. Starting from SQL Server 2012, the HTTP endpoint is removed from the built-in Web Services function and can only use the TCP endpoint.
Generally, custom endpoints are used for the following purposes:
Implementation:
1. Enter the following statement in the query window:
CREATE ENDPOINT myTSQLEndpoint STATE = started AS TCP ( LISTENER_PORT = 8080, LISTENER_IP = (127.0.0.1) ) FOR TSQL ();
2. After the execution, you will receive the following message, which means that all logins connected through the default T-SQL endpoint will lose all permissions, you need to use the following statement authorization:
GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public];
Message:
Creating a TSQL endpoint will result in revoking all 'public' connection permissions on the 'tsql Default TCP 'endpoint. If the 'public' access permission is required ON this end point, use 'Grant connect on endpoint: [TSQL Default TCP] to [Public] 'to re-apply this permission.
3. You can use the following statement to query the endpoint information:
SELECT * FROM sys.tcp_endpoints;
4. You can use the alter endpoint command to start or stop an ENDPOINT:
ALTER ENDPOINT [TSQL Default TCP] STATE = STOPPED;
Principle:
After SQL Server is installed, the corresponding SQL Server System endpoint is created for each network protocol. The access endpoint permission is granted to the Public server role. Each SQL Server logon has the Public role permission. You can use the following statement to authorize and revoke permissions:
REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]; GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [a_specific_login];
English translation assistance (1)
1. The xStack DGS-3400 and DGS-3600 series are the next generation gigabit switches that provide high performance, unparalleled flexibility, security, increased availability, and IPv6 support, enterprises and telecom customers that provide first-class solutions.
2. The DGS-3400 series provides the highest level of layer 2nd features and built-in Static Routing features, providing a flexible and scalable execution network.
3. The DGS-3600 series is equipped with powerful layer-3 routing functions, suitable for large and medium-sized networks with core switching responsibilities.
4. The SFP module supports the selection of 10-Gigabit uplink ports and advanced software functions of Layer 2 and Layer 3. These switches can form a network based on the Department access Layer device or core switch, high-speed backbone.
5. Stackability: Introduction
▪Super high 40 Gigabit Stackability
▪High port density
▪Hot swapping
▪Automatic Repair
▪Dual-purpose stacked Port
, Upstream bandwidth: 20 GX3 = 60 grams
, Upstream bandwidth: 20 GX2 = 40 grams
▪Remote Stack
5.1 Stackability: Introduction
▪Super high 40 Gigabit Stackability
▪High port density
▪Hot swapping
▪Automatic Repair
▪Dual-purpose stacked Port
, Upstream bandwidth: 20 GX3 = 60 grams
, Upstream bandwidth: 20 GX2 = 40 grams
▪Remote Stack
6. Super high 40 Gigabit Stackability
The difference is that the first generation Gigabit stackable switch uses proprietary protocol stack interfaces. the DGS-3400 and DGS-3600 series use open standard CX4 and XFP stack interfaces, 40 Gigabit stackability is allowed.
7. High port density
Up to 12 switches or 576 Gbit/s Ethernet ports can be configured as stacks, allowing customers to have a chassis switch at a low price.
8. Hot swapping
The DGS-3400 and DGS-3600 series support hot swappable switch and output stack operations to maximize manageability.
9. Automatic Repair
When a switch or cable fails, the stack is immediately restored to the failed State to protect the potential loss of ongoing services.
10. Dual-purpose stacked Port
When used separately, all 30 thousand MB interfaces can be configured for uplink ports,
Provides 60 gigabit uplink bandwidth.
11. When stacked with other switches, the 30 thousand MB interface can serve as a cross-stack upstream port, providing up to 40 gigabit uplink bandwidth.
12. Remote Stack
Users can use standard 10G CX4 or optical fiber interfaces for stacking to maximize flexibility. When a high-speed stacked 10-ge optical fiber interface is used, switches can be located in different buildings or floors to connect to each other to form a single virtual chassis.
13. The DGS-3400 and DGS-3600 provide ultra-high stack performance. Whether you choose to build the topology of your stack and chain or ring, data can be transferred in any direction.
14. The package's flow stack will always reach the destination switch in the shortest path, and the flow in the package will never leave the switch, so as to maximize the cable usage.
15. In addition to automatic recovery and hot swappability, the DGS-3400 and DGS-3600 vswitches also support the backup host system, which can minimize service downtime and automatically recover errors.
The main switch monitors the stacks of all businesses and operating structures.
To minimize the impact caused by the overall switch failure, topology, transfer and route table synchronization backup master switch.
16. If the master switch is deleted or fails, the backup will become a new master and will take responsibility for the original master switch.
At the same time, another switch will automatically become the new backup master switch.
17. For D-Lin ...... the remaining full text>