Connecting to SQL Server over the Internet

By making your SQL server accessible over the Internet, you can allow worldwide client access to your data. Although this permits a large degree of information sharing, it comes with the added burden of securing access to that data.

To connect your client application to a Microsoft SQL server over the Internet, both the client and server must have access to the Internet. In addition, the server must be running either TCP/IP Sockets or the Multiprotocol Net-Library. If you are using Multiprotocol, make sure that TCP/IP support is enabled. After these two requirements are satisfied, the client can then connect to a specific IP address; if the computer is registered with a domain name sever (DNS), the client can connect with its registered name.

Securing Connections over the Internet

Making your SQL server visible on the Internet should make you think carefully about the security of the server and the data it contains. One way to protect your data is to hide the server behind a firewall. A firewall system isolates your network from users who are accessing machines that are intended for Internet access. The firewall can be set up to forward only those requests that are targeted at a specific TCP/IP address. Requests for all other network addresses are blocked by the firewall.

Another consideration for protecting your data is the use of encrypted connections. You have a couple of options to ensure that your connections to SQL Server are encrypted. One option is to configure encryption on the server side. This will force SQL Server to accept only encrypted connections. You can also configure individual clients to request that their connection be encrypted. This approach allows intranet clients to connect without the added burden of encryption, while still allowing less secure Internet clients to individually ask for encryption.

Connecting to SQL Server Through Microsoft Proxy Server

If SQL Server is to be hidden behind Microsoft Proxy Server, you must specify the Remote WinSock proxy address when you set up the TCP/IP Sockets Net-Library. This can be done via the SQL Server Installation or the Server Network Utility after the installation is complete. You must enter the port number and the proxy server address (the DNS name or the IP address) in the Port Number box for the TCP/IP Sockets protocol. Then enter the DNS name or the IP address of the proxy server in the Proxy Address box.

On the client side, you follow the same configuration steps as you do for connecting directly over the Internet. You can then connect to the specified port of the proxy, which carries out the redirection to the actual port on which SQL Server is listening.


Often, an application server will manage access to SQL Server via the Internet, and direct access to the database server by Internet clients will not be needed. Internet clients will typically access the application server, the application server will request the data from SQL Server, and then the application server will return the data to the Internet client.

    Part III: SQL Server Administration
    Part IV: Transact-SQL
    Part V: SQL Server Internals and Performance Tuning
    Part VI: Additional SQL Server Features