Configuring Web Synchronization
To use Web synchronization for replication, follow these steps:
- Configure a publication to allow Web synchronization.
- Configure the computer that is running Microsoft Internet Information Services (IIS) to synchronize subscriptions. IIS version 5.0 and IIS version 6.0 are supported.
- Configure one or more subscriptions to use Web synchronization.
Before you configure Web synchronization, we recommend that you read "Security Best Practices for Web Synchronization" later in this topic. For more information about Web synchronization security, see Security Architecture for Web Synchronization.
Configuring the Publication
To use Web synchronization, first create a publication in the same way that you would for a standard merge topology. For more information, see Publishing Data and Database Objects. If you are using a Publisher for the first time, you must also configure a Distributor and a snapshot share. The Merge Agent at each Subscriber must have read permissions on the snapshot share. For more information, see Configuring Distribution and Securing the Snapshot Folder.
After the publication is created, enable the option to allow for Web synchronization by using one of the following: SQL Server Management Studio, Transact-SQL, or Replication Management Objects (RMO).
To configure a publication to allow for Web synchronization
- SQL Server Management Studio: How to: Configure a Publication to Allow for Web Synchronization (SQL Server Management Studio)
- Replication Transact-SQL programming: How to: Configure a Publication to Allow for Web Synchronization (Replication Transact-SQL Programming)
- RMO: How to: Configure a Publication to Allow for Web Synchronization (RMO Programming)
Configuring the Computer That Is Running IIS
Web synchronization requires that you install and configure IIS. After you enable a publication, configure the computer that is running IIS to support Web synchronization. For a more information about IIS installation, see the IIS documentation.
To configure IIS for Web synchronization
- SQL Server Management Studio: How to: Configure IIS for Web Synchronization
Configuring the Subscription
After you enable a publication and configure IIS, create a pull subscription and specify that the pull subscription should synchronize by using IIS. (Web synchronization is supported only for pull subscriptions.)
To configure a subscription to use Web synchronization
- SQL Server Management Studio: How to: Configure a Subscription to Use Web Synchronization (SQL Server Management Studio)
- Replication Transact-SQL programming: How to: Configure a Subscription to Use Web Synchronization (Replication Transact-SQL Programming)
- RMO: How to: Configure a Subscription to Use Web Synchronization (RMO Programming)
Security Best Practices for Web Synchronization
There are many choices for security-related settings in Web synchronization. We recommend the following approach:
The SQL Server Distributor and Publisher can be on the same computer; this setup is typical for merge replication. However, IIS should be on a separate computer.
Use Secure Sockets Layer (SSL) to encrypt the connection between the Subscriber and the computer that is running IIS. This is required for Web synchronization.
Use Basic Authentication for connections from the Subscriber to IIS. Using Basic Authentication, IIS can make connections to the Publisher/Distributor on behalf of the Subscriber without requiring delegation. Delegation is required if you use Integrated Authentication.
Basic Authentication is the method by which credentials are passed to IIS. Basic Authentication does not prevent specifying Windows domain accounts for connections that are made to IIS.
Specify that the Snapshot Agent should run under a Windows domain account, and specify that the agent should make connections as that account. (This is the default configuration.)
Specify that each Merge Agent should run under the domain account of the user that uses the Subscriber computer, and specify that the agent should make connections as that account.
For more information about the permissions that are required by agents, see Replication Agent Security Model.
Specify the same domain account as the one the Merge Agent uses when you specify an account and password on the Web Server Information page of the New Subscription Wizard or when you specify values for the **@internet\_url** and **@internet\_login** parameters of sp_addpullsubscription_agent. This account must have read permissions for the snapshot share.
Each publication should use a separate virtual directory for IIS.
The account under which the SQL Server Replication Listener (Replisapi.dll) runs should be configured with the minimum permissions. For more information, see the section "Setting Permissions for the SQL Server Replication Listener" in the How to: Configure IIS for Web Synchronization.
You can use FTP to deliver the snapshot from the Publisher to the computer that is running IIS. The snapshot is always delivered from the computer that is running IIS to the Subscriber by using HTTPS. For more information, see Transferring Snapshots Through FTP.
If servers in the replication topology are behind a firewall, you might need to open ports in the firewall to enable Web synchronization.
- The Subscriber connects to the computer that is running IIS over HTTPS using SSL, which is typically configured to use port 443. SQL Server Compact Edition (SQL Server 2005 Compact Edition) Subscribers can also connect over HTTP, which is typically configured to use port 80.
- The computer that is running IIS typically connects to the Publisher or Distributor using port 1433 (default instance). When the Publisher or Distributor that is a named instance on a server with another default instance, port 1500 is typically used to connect to the named instance.
- If the computer that is running IIS is separated from the Distributor by a firewall and an FTP share is used for snapshot delivery, the ports used for FTP must be opened. For more information, see Transferring Snapshots Through FTP.
Opening ports in your firewall can leave your server exposed to malicious attacks. Make sure that you understand firewall systems before you open ports. For more information, see Security Considerations for a SQL Server Installation.
Help and Information
17 July 2006
5 December 2005