What are the good choices for hooking up two SQL Server 2008 instances via Service Broker if neither of individuals servers have been in a website, but we now have full treatments for the logins and qualifications?

We are considering by using this technology for enterprise-level data consolidation, but our servers run at client sites and therefore are not set up as people associated with a domain. We are searching for minimal-discomfort choice to get Service Broker interacting within this atmosphere.

You utilize certificates, the Service Broker authentication option designed particularly for any scenario much like your. See So how exactly does Certificate based Authentication work. When endpoints are set up with certificates based authentication the handhsake will contain an SSPI Schannel based authentication exchange (also known as SSL or TLS). The resulting certificate utilized by the peer can be used to authorize the bond according to trust based on certificate deployment. What which means would be that the certificates used aren't validated for any specific property as with the 'https://example.com' situation where 'example.com' needs to e a particular OID around the certificate along with a reliable authorithy signature, but rather when the certificate is used (ie. based in the master database) then who owns the used certificate may be the identity. This enables you to employ self-signed certificates inside a safe manner with cause of rely upon deployment (ie. the sysadmin), no authorithy (ie. Verisign). This can be a most likely more information than you'll need :)

The gist from it goes such as this:

-------------------------------------

-- connect with server

-------------------------------------

use master

go

create master key file encryption by password = '...'

create certificate [<servername>]

  with subject = '<servername>'

  , start_date = '20100216'

  , expiry_date = '20150216'

create endpoint broker

condition = began

as tcp (listenner_port = 4022)

for service_broker (authentication = certificate [<servername>])

-- Export the general public answer to disk

backup certificate [<servername>]

to file for = 'someshare<servername>.cer'

--------------------------------

-- connect with client

--------------------------------

use master

go

create master key file encryption by password = '...'

create certificate [<clientname>]

  with subject = '<clientname>'

  , start_date = '20100216'

  , expiry_date = '20150216'

create endpoint broker

condition = began

as tcp (listenner_port = 4022)

for service_broker (authentication = certificate [<clientname>])

-- Export the general public answer to disk

backup certificate [<clientname>]

to file for = 'someshare<clientname>.cer'

--create a name for server and import the server's certificate:

create login [<servername>] with password = '...'

alter login [<servername>] disable

create user [<servername>]

create certificate [<servername>]

  authorization [<servername>]

  from file = 'someshare<servername>.cer'

--authorize <servername> for connecting around the broker endpoint

grant connect on endpoint::broker to [<servername>]

---------------------------------------

-- connect with the server

---------------------------------------

--create a name for client and import the client's certificate:

create login [<clientname>] with password = '...'

alter login [<clientname>] disable

create user [<clientname>]

create certificate [<clientname>]

  authorization [<clientname>]

  from file = 'someshare<clientname>.cer'

--authorize <clientname> for connecting around the broker endpoint

grant connect on endpoint::broker to [<clientname>]

You should use certificate-based transport security, that is domain-independent. Official help here plus some example here.