I work for a small business that is looking at trying to access the Main Server while out on site or from other locations. They have there main program for invoicing service calls on it. They would like to access from onsite (internet pending) and be able to talk to the program in real time. I have been researching either doing a VPN or set up a new server. The server is needing upgrading anyways. With the new server setting up Virtual Machines for the Techs to remote in and access do the work thru them. Can anyone help and give some insight on the pros and cons of each. Thanks
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
-
Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Need Advice
- Thread starter transam02
- Start date
Does the invoicing program run on the server and you access locally or via something like Remote Desktop or Citrix, or is it a server-type program where the server hosts the invoicing, and people using it have some sort of client program they use to interact with it?
Off the cuff, I would say VPN would be your best bet, that would allow either of the two scenarios to run, enable some decent security if you configure it properly, and is pretty low cost. A VPN basically just allows you to connect to your LAN remotely and securely (if you configure it correctly), so anything you could do sitting in your office that isn't necessarily exposed out to the internet, you could still do out in the field.
Virtual Machines - that gives each user their own environment and are easy to provision out, but you need a copy of the invoicing software and operating system for each, as well as a server beefy enough to support running however many clients you need to have running it at the same time. And it won't provide security in and of itself, you'd likely still need a VPN or some other security measure to provide remote access.
There is also the possibility of a thin client, which is kind of like a slimmed-down virtualization - each user gets their own environment, everything is running on the server, but it's all running on the same Server OS, not distinct and individual copies of an operating system like you would have in Virtual Machines.
I use virtual machines a lot to deploy locally-run images, and we do some network access (via tunneled VNC) using them at remote sites, but our main reason for running them is hardware independence -- I can hand out the same Windows 8 VM to anyone, and it'll run on a Dell server, a Acer laptop, or a Mac Mini - it doesn't care too much. And if someone trashes their VM, I just give them a new copy. But you have to keep your software licensing straight, it's very easy to break the rules with it.
Off the cuff, I would say VPN would be your best bet, that would allow either of the two scenarios to run, enable some decent security if you configure it properly, and is pretty low cost. A VPN basically just allows you to connect to your LAN remotely and securely (if you configure it correctly), so anything you could do sitting in your office that isn't necessarily exposed out to the internet, you could still do out in the field.
Virtual Machines - that gives each user their own environment and are easy to provision out, but you need a copy of the invoicing software and operating system for each, as well as a server beefy enough to support running however many clients you need to have running it at the same time. And it won't provide security in and of itself, you'd likely still need a VPN or some other security measure to provide remote access.
There is also the possibility of a thin client, which is kind of like a slimmed-down virtualization - each user gets their own environment, everything is running on the server, but it's all running on the same Server OS, not distinct and individual copies of an operating system like you would have in Virtual Machines.
I use virtual machines a lot to deploy locally-run images, and we do some network access (via tunneled VNC) using them at remote sites, but our main reason for running them is hardware independence -- I can hand out the same Windows 8 VM to anyone, and it'll run on a Dell server, a Acer laptop, or a Mac Mini - it doesn't care too much. And if someone trashes their VM, I just give them a new copy. But you have to keep your software licensing straight, it's very easy to break the rules with it.
VPN would be the way to go.
If you are updating the server as well I would go with ESXi or another virtualization platform, this will allow you to separate the services such as the VPN server and application server. This will also allow you to make easy snapshot backups.
If you are updating the server as well I would go with ESXi or another virtualization platform, this will allow you to separate the services such as the VPN server and application server. This will also allow you to make easy snapshot backups.
You don't really need to make this extremely complicated. Grab a platform (router) that OpenWRT supports and uses the MT7621A SoC for instance. Depending on your need you can setup OpenVPN for field clients and fastd for site locations if you need ~20+mbit throughput. You should of course setup proper firewall rules. If you need higher performance you should probably look at an ARM-platform these are however quite expensive so it might be worth to get a real SSL gateway.
//Danne
Before you go raving about the ERL, it's about twice as slow doing VPN unless it's IPSec and it's no better in terms of reliability. You don't need another computer/server unless you have a really fat pipe.
//Danne
Before you go raving about the ERL, it's about twice as slow doing VPN unless it's IPSec and it's no better in terms of reliability. You don't need another computer/server unless you have a really fat pipe.
You don't really need to make this extremely complicated. Grab a platform (router) that OpenWRT supports and uses the MT7621A SoC for instance. Depending on your need you can setup OpenVPN for field clients and fastd for site locations if you need ~20+mbit throughput. You should of course setup proper firewall rules. If you need higher performance you should probably look at an ARM-platform these are however quite expensive so it might be worth to get a real SSL gateway.
//Danne
Before you go raving about the ERL, it's about twice as slow doing VPN unless it's IPSec and it's no better in terms of reliability. You don't need another computer/server unless you have a really fat pipe.
This is good advice depending on if he is building a new server or not. If he is going to keep the old one I'd go your route.
One thing to consider, since you have the owner's ear on upgrades is your current backup implementation. If that server dies, goes down, etc. are they backing up data? How fast would it be for them to recover a hardware or hard drive failure where they had to resinstall everything, etc. We all have our own preferences, but I really like virtualization for the ease and speed of recovering from a disaster (given proper backup scheduling).
A virtualized PFSense client may make sense - we've used that before - it can be somewhat challenging to set up, but once it is, it is entirely self-contained and pretty good.
No purchase of anything required either - can run it on VIrtualBox for free just to see if you can get it configured and migrate it to whatever you want afterwards, and it'll run pretty well on server class hardware (as opposed to ARM routers), as long as you can give it enough bandwidth on the NIC.
There's also SoftEther, which is free, and is more like a client that would run on top of a host OS. Again, just something that is free that you can use to set up some test configurations to see if that works for you or not.
Both include several different options for security and connection type.
No purchase of anything required either - can run it on VIrtualBox for free just to see if you can get it configured and migrate it to whatever you want afterwards, and it'll run pretty well on server class hardware (as opposed to ARM routers), as long as you can give it enough bandwidth on the NIC.
There's also SoftEther, which is free, and is more like a client that would run on top of a host OS. Again, just something that is free that you can use to set up some test configurations to see if that works for you or not.
Both include several different options for security and connection type.
Yea we have a backup plan in place. We backup data offsite. With virtualization what would we need to put that plan in place?
Different hypervisors handle this differently. Virtual Machines are, in essence, just big files on your hard drive. The only trick is you can't really back them up (via normal methods) while they are running, because the virtualized OS could change the contents at any time. I know VMWare provides a few of different ways: High Availability, Replication and Snapshots - in rough order of robustness and complexity, Snapshots being the easiest to implement method. All will let you copy a live, running virtual machine. Snapshot is basically a copy of the VM file and nothing more, so your recovery time and data loss potential are up to your copy frequency and method. Replication will let you keep a live clone of a virtual machine with very little downtime to restore and very little data loss. And High Availability will let you fail over to a running copy of your virtual machine with no downtime and extremely low data loss..
You can configure all of these to go to alternate drives, SANs, offsite storage, wherever.