Jim Lawrence
accessd at shaw.ca
Mon Jul 22 12:28:26 CDT 2013
Hi Arthur: I am hardly an network expert but for secure connection across internet I would suggest a VPN type network. If done properly, staff with the appropriate usernames and passwords can connect in to business network through either standard or a specific dedicated address:port installed on the company's router. There are a slew of VPN products out there with all sort of features and costs. I have one that is installed on my laptop which gives me full access to my entire network when I am on the road...it supports any protocol as its is only a tunnel, even RDP. It is called OpenVPN (http://openvpn.net/) and as my resource are limited the price is right. The product has clients for any OS but server end must be Linux based...not a problem for yourself as it runs fine on any version of Distro, that uses Debian. If the business wants their server end hosted it will cost $6.00 per connection per year (I am sure there are volume discounts). I would recommend you set up your own in-house server as once setup properly it can left to its own devices as it just works. The beauty of hosting is that once a connection is established the client and server are directly linked, no third party intervention is needed. This is of course is great for security and in the age of PRISM this becomes so very important. HTH Jim ----- Original Message ----- From: "Arthur Fuller" <fuller.artful at gmail.com> To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com> Sent: Monday, July 22, 2013 5:16:13 AM Subject: [dba-Tech] SSL or SSH or Other? I'm working on a project called TLM, as described briefly below. Any networking experts have any suggestions? Hi Arthur, I just submitted the following ticket to my data center and wanted you to have a look in case it was something you wanted to work on. It would kill two birds with one stone, as it would also solve your connection issue that is still preventing you from being able to test TLM in its minimum performance configuration (ie when connected to a datacenter) “We have been redesigning our application to work with an ODBC connection to the MySQL database on a Firehost server, and have been allowing limited client access by making port open requests. This has been doable during the initial development of this new version, as not many clients have been given access to this version yet. We are going to need a better solution, mostly for traveling users who aren't going to want to wait for a port to be opened from an IP address they are only going to use once or twice. I'm looking for strategy suggestions that would be the best long term solution. We looked into SSH a little, but haven't been able to implement anything that worked. I know SSL might be an option, and ideally I could build the security into the application so that the user just needed to configure the IP address of the firehost server they have been assigned to and then the MySQL security would let them into the correct database once they where through your firewall and at the correct server. Since network security was your forte, I thought I would see if anyone there had any thoughts on the issue that might be relevant to a strategy that would work best for your data center.” Right now the only ways into the datacenter are via a VPN connection, or if they open 3306 to a specific IP address. I’m not enough of a security expert to know which direction to head on this one, and which direction seems like the best bet for building something into TLM that would accomplish the security handshake automatically based on minimum credentials configured in TLM. Hope all is well, David Thanks in advance for any suggestions -- Arthur Cell: 647.710.1314 Prediction is difficult, especially of the future. -- Niels Bohr _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com