Server Network Configuration
Server network configuration tasks include enabling protocols, modifying the port or pipe used by a protocol, configuring encryption, configuring the SQL Server Browser service, exposing or hiding the SQL Server Database Engine on the network, and registering the Server Principal Name. Most of the time, you do not have to change the server network configuration. Only reconfigure the server network protocols if special network requirements.
Network configuration for SQL Server is done using SQL Server Configuration Manager. For earlier versions of SQL Server, use the Server Network Utility that ships with those products.
Use SQL Server Configuration Manager to enable or disable the protocols used by SQL Server, and to configure the options available for the protocols. More than one protocol can be enabled. You must enable all protocols that you want clients to use. All protocols have equal access to the server. For more information about how SQL to configure protocols, see Configuring Server Network Protocols and Net-Libraries. For a list of the default settings, see Default SQL Server Network Configuration. For information about which protocols you should use, see Choosing a Network Protocol. For more information, see also How to: Enable or Disable a Server Network Protocol (SQL Server Configuration Manager).
Changing a Port
You can configure TCP/IP and VIA protocols to listen on a designated port. By default, the default instance of the Database Engine listens on TCP port 1433. Named instances of the Database Engine and SQL Server Compact 3.5 SP2 are configured for dynamic ports. This means they select an available port when the SQL Server service is started. The SQL Server Browser service helps clients identify the port when they connect.
When configured for dynamic ports, the port used by SQL Server may change each time it is started. When connecting to SQL Server through a firewall, you must open the port used by SQL Server. Configure SQL Server to use a specific port, so you can configure the firewall to allow communication to the server. For more information, see How to: Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager).
The VIA protocol is deprecated. This feature will be removed in a future version of Microsoft SQL Server. Avoid using this feature in new development work, and plan to modify applications that currently use this feature.
Changing a Named Pipe
You can configure the named pipe protocol to listen on a designated named pipe. By default, the default instance of SQL Server Database Engine listens on pipe \\.\pipe\sql\query for the default instance and \\.\pipe\MSSQL$<instancename>\sql\query for a named instance. The Database Engine can only listen on one named pipe, but you can change the pipe to another name if you wish. The SQL Server Browser service helps clients identify the pipe when they connect. For more information, see How to: Configure a Server to Listen on an Alternate Pipe (SQL Server Configuration Manager).
The Database Engine can be configured to require encryption when communicating with client applications. For more information, see Encrypting Connections to SQL Server, and How to: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).
Extended Protection for Authentication
Support for Extended Protection for Authentication by using channel binding and service binding is available for operating systems that support Extended Protection. For more information, see Connecting to the Database Engine Using Extended Protection.
Authenticating by Using Kerberos
SQL Server supports Kerberos authentication. For more information, see Using Kerberos Authentication with SQL Server.
Registering a Server Principal Name (SPN)
The Kerberos authentication service uses an SPN to authenticate a service. For more information, see Registering a Service Principal Name.
SPNs may also be used to make client authentication more secure when connecting with NTLM. For more information, see Connecting to the Database Engine Using Extended Protection.
SQL Server Browser Service
The SQL Server Browser service runs on the server, and helps client computers to find instances of SQL Server. The SQL Server Browser service does not need to be configured, but must be running under some connection scenarios. For more information about SQL Server Browser, see SQL Server Browser Service.
Hiding SQL Server
When running, SQL Server Browser responds to queries, with the name, version, and connection information for each installed instance. For SQL Server, the HideInstance flag, indicates that SQL Server Browser should not respond with information about this server instance. Client applications can still connect, but they must know the required connection information. SQL Server Browser also supports the SQL Server 2000 method of hiding instances enabled by setting the HideServer option through the server network utility. For more information, see How to: Hide an Instance of SQL Server Database Engine.