[AccessD] From a reader -- about migrating Access data to SQLServer on the Web

Joe O'Connell joeo at appoli.com
Thu Apr 23 10:09:47 CDT 2009 

John,

Thank you for the response, as usual your explanation is detailed,
informative and easy to understand.

Joe O'Connell


-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Thursday, April 23, 2009 9:41 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] From a reader -- about migrating Access data to
SQLServer on the Web

Joe,

 > My understanding is that none of your servers are open to the
"outside" world, and the only users 
are those on your own internal network.

That is correct.  My network is as secure as I can make it given my
limited knowledge of network 
security.  I have a router with a built-in firewall, I run software
firewalls on each and every 
computer, I have anti-virus software running on every machine etc.
Furthermore, at this point in 
time I have no one other than myself authorized to get in to the
network.  I have had a couple of 
times when I had people remote in to help me.  I set up a user for them
and then turn that user off 
(or remove the user entirely) when they are done.


 > You have raised another question that I would like to see discussed
more fully.  Under what 
configuration is a VPN necessary?  What are the advantages/disadvantages
of using a VPN?

I am not a Notwork guy so I am not the best person to answer the VPN
question but I will volunteer 
what I think I know.

A VPN is simply a secure communication channel, often referred to as a
"tunnel", usually over the 
internet, which allows communications between a remote computer and a
server or network.  These 
communications are encrypted and secured so that they cannot be snooped
on.

So... a VPN is a "Virtual" "private" network.  It is virtual because it
is set up on demand instead 
of being a set of NICS and cables permanently in place.  It is private
because it is encrypted and 
only creates a network for those invited to join.

The VPN can be all hardware based, the router at the remote computer
establishes a VPN "tunnel" to 
the router at the server end.  In this case the VPN literally extends
the network at the server side 
to be visible at the remote side.  Essentially the remote computer just
becomes another computer on 
the LAN.

The VPN can also be software based, which is what Hamachi does.  In this
case the VPN is established 
between two specific computers - the remote and a single specific
server.  In this case the remote 
computer is not directly on the LAN but rather can communicate securely
with the server running the 
VPN software (Hamachi in this case), but can ONLY communicate with the
server running the VPN software.

I use Hamachi because it usually works well, is free, and is easy to set
up.  I have Hamachi running 
on every machine that I want to directly access.

Hamachi assigns a unique IP address in the 5.x.x.x range to each
computer in the world running 
Hamachi.  Thus if I have a set of machines, each running Hamachi, I can
see each machine as a 
specific 5.x.x.x IP.  Hamachi then allows me to set up one or several
"networks" of any machines 
running Hamachi that I "own", i.e. that I have the Hamachi password and
IP address for.  Thus I can 
build a "Hamachi VPN" of just one machine and my laptop, or a dozen or
more machines and my laptop. 
    Or I can create many different networks with different machines.

Inside of the Hamachi application, the "network" displays all of the
computers in that "LAN" and I 
can do anything I would on a normal LAN.  I can run remote desktop IF
the remote machine has the RD 
service running.  I can run VNC IF the remote machine has the VNC
service running.  I can view 
shared directories on the remote machine.  I can print to shared
printers on the remote machine.  Etc.

One thing that I use my Hamachi VPN for is browsing the internet when I
am at a hotel, and in 
particular if I need to buy something or view my banking etc.  By
setting up the VPN, I can "remote 
desktop" into one of my machines at home.  The VPN channel is encrypted
and secure directly from my 
laptop to a specific machine at my home office.  Now I can use RD to
open a browser on the server at 
home.  I can browse, order stuff on a credit card, view my bank accounts
etc. and not have to worry 
about my browsing being snooped by someone sitting in the parking lot of
the hotel recording the 
guests, looking for account numbers or passwords etc.

The VPN does have overhead involved, i.e. it does slow down the process
of whatever you are doing 
relative to a physical LAN but in cases where you need these
capabilities you are usually willing to 
give up the speed in order to gain security.

And that is what I think I know.

John W. Colby
www.ColbyConsulting.com


Joe O'Connell wrote:
> John,
> 
> My understanding is that none of your servers are open to the
"outside"
> world, and the only users are those on your own internal network.  At
> home I have a similar small network that incorporates both wired and
> wireless PCs.  This is also a closed network that is not open to the
> outside world.
> 
> At the other end of the spectrum, my company provides hosting
services,
> so all of our servers must be open to the "outside" world. These
servers
> are located in a data center that has been designed for this purpose
and
> that has all of the "normal" security features such as climate
control,
> power backup, multiple fiber connections from multiple vendors,
> redundant hardware, fire walls, etc.
>  
> Your setup works for you, so I would not change it just for the sake
of
> change.  AFAIK Terminal Services are a standard service of Windows
> Server 2003.
> 
> Susan's question concerned giving access to an Access application
> remotely.  In my answer to her, I should have included a caveat that I
> was assuming that the server sits behind a firewall and is already
> available to outside users.
> 
> You have raised another question that I would like to see discussed
more
> fully.  My forte is application development, not system or network
> management which I leave to others, so my knowledge of these areas is
> limited.  Under what configuration is a VPN necessary?  What are the
> advantages/disadvantages of using a VPN?
> 
> Joe O'Connell

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list