Hi, all, we've been thinking about putting our business database outside
it's comfortable little zone of being on a local network and having it
accessible by our staff from the outside. What would be a good configuration
for this kind of access? Is there really that many FMP hackers to be
concerned with this? I'm also running the FMP server 6 on OS 10.4 on a g5.

In article <BFEC2B06.1F4E8%phatnugs420@comcast.net>, phatnugs420
@comcast.net says...
> Hi, all, we've been thinking about putting our business database outside
> it's comfortable little zone of being on a local network and having it
> accessible by our staff from the outside. What would be a good configuration
> for this kind of access? Is there really that many FMP hackers to be
> concerned with this? I'm also running the FMP server 6 on OS 10.4 on a g5.

The best solution for remote access and security is Terminal Services 
(with or without Citrix and with or without a VPN). Unfortunately this 
is a bit windows-centric.

However, it will work with Mac -- With Windows Terminal Services you can 
still use MacOS remote clients, and still keep your MacOS filemaker 
server, but you will have to add a Windows 2000 / 2003 server to host 
the terminal sessions.

With Citrix you can just publish the application which makes the windows 
server a lot more invisible! (And adds a number of other useful features 
-- although it adds to the price quite a bit too).

As for security in this scenario; its pretty good. The terminal sessions 
are encrypted, and access to the server is protected by windows login 
credentials, and then filemaker's authentication after that. If your 
data isn't that valuable, or sensitive its probably good enough.

If you need more, adding in a VPN will add additional encryption, as 
well as another layer of credentials. You can also add rules regarding 
allowed incoming ip addresses and so forth to prevent random people on 
the net from connecting.

I have several clients on terminal services who have not elected to 
install a VPN.

-

Hosting it directly to the internet, connecting via Filemaker pro on the 
remote client is the other option, and generally a much poorer 
experience. Performance is lacking, particularly for complex finds, 
sorts, portals etc -- filemaker is quite network heavy and it really 
feels throttled over the internet where you'd be lucky to get a 
0.5MB/sec connection to the sever. (vs for example 100MB/sec on a 
typical LAN)

It can work, and many people do it; but I'd say its suitable if you only 
have a couple remote users, AND your database was intentially designed 
to be light on its feet over a slow link.

As for security - its quite a bit weaker. FM6 sessions are not 
encrypted, I'm not even sure if your password is encrypted. If your data 
is truly not valuable, and you don't care if someone else sees it.

To get any sort of security you'll want to add a VPN, which will give 
you session encryption, along with a more secure authentication system.

A basic Windows Terminal services setup, suitable for a half a dozen 
users can be had for under $3000.00. Adding in Citrix and a VPN would 
double it "ish". Licensing costs per user are significant -- you need at 
minium 2 licenses for basic terminal services (a Clieant Access License 
CAL, and a separate Terminal Services Client Access License TSCAL), if 
you go with citrix you need a citrix license per concurrent citrix 
session, and if you go with VPN you usually need to license that per 
user as well.

If you exceed 10 uers or so, your base hardware should step up 
considerably as well;  While 10 users or less can easily work on a 
typical 'mid range' PC desktop loaded with RAM. At more than 10 users 
and you start seeing benefits from "server" hardware: raids, redundant 
power supplies, dual Xeons, etc, etc. 

Of course, those are ROUGH guides -- it really depends on how the server 
load is... 10 remote people doing data entry all day is probably 
equivalent to 40 mobile sales reps logging in sporadically to look 
things up or generate an invoice. -- e.g. where most of the users are 
idle or even logged out most of the time.


Hope that helps,

42 wrote:
> In article <BFEC2B06.1F4E8%phatnugs420@comcast.net>, phatnugs420
> @comcast.net says...
> > Hi, all, we've been thinking about putting our business database outside
> > it's comfortable little zone of being on a local network and having it
> > accessible by our staff from the outside. What would be a good configuration
> > for this kind of access? Is there really that many FMP hackers to be
> > concerned with this? I'm also running the FMP server 6 on OS 10.4 on a g5.
>
> The best solution for remote access and security is Terminal Services
> (with or without Citrix and with or without a VPN). Unfortunately this
> is a bit windows-centric.
>
> <snip>
>
> Hosting it directly to the internet, connecting via Filemaker pro on the
> remote client is the other option, and generally a much poorer
> experience. Performance is lacking, particularly for complex finds,
> sorts, portals etc -- filemaker is quite network heavy and it really
> feels throttled over the internet where you'd be lucky to get a
> 0.5MB/sec connection to the sever. (vs for example 100MB/sec on a
> typical LAN)

These are the first 2 options:

1 - Terminal Services, including Windows Terminal Services, Citrix.

2 - FileMaker Pro remote client.  This can be slow, especially in FM 6,
and especially if you add a VPN to address the issue that the data
connection is obscured but not otherwise encrypted. (In FM 7/8 the data
connection can be encrypted).

However, there are 2 other options:

3 - Web publishing. With FM 6, this is via CDML, Lasso, WiTango, PHP.
(With FM 7/8 there is also Instant Web Publishing).

4 - Distributed. This means giving a copy of the database and using
some method like FileMaker Mobile (PDA), export/import, or data
replication (e.g. SyncDeK) to synchronize remote users.