0

I Asked this at Staock Overflow, but I would like your oppinion too as it has as much to do with administration as it does with coding.

We have a .net 2-tier application where a desktop program is talking to a database. We support MS SQL Server 2000, 2005, 2008 and Oracle 9, 10 and 11.

The application is sold, not as shrink-wrap, but pretty close. It is quite important for us that the installation and configuration is as easy as possible as installation instructions are usually supplied in written form to the customers internal IT-department. Our application is usually not seen as mission critical for the IT-department, so we need to keep their work down to a minimum.

Now we are starting to get wishes for a web application build on top of the same data. The web application will be hosted by us and delivered as a SaaS application.

Now the challenge is how to move data back and forth between the web application and the customers internal database. as I see it we have some requirements:

  • We must be ready to handle the situation where the customers database is not accessible from the DMZ. I guess the easiest solution is that all communication is initiated from inside the customers lan.
  • As little firewall configuration as possible. The best is if we can run without any special configuration as long as outgoing traffic from the customers lan are not blocked. If we need something changed in the firewall, we must be able to document that the change is secure.
  • It doesn't have to be real time. Moving data in batches every ten minutes or so is OK.
  • Data moves both ways, but not the same tables, so we don't have to support merges.
  • It would be nice if we don't have to roll our own framework completely.

Looking forward to hear your suggestions.

mlarsen
  • 103
  • 3
  • 1 - What is your question? You're telling us what you have but failed to actually ask a question. 2 - This has nothing to do with system administration, as it's about program and documentation design. – John Gardeniers Jun 01 '10 at 09:00
  • I typed a reply then realised you weren't talking about serving the web pages from the customer's network. I don't see how you can practicably deliver a SaaS application using the customer's own data, which is itself housed in their own internal network. – Chris Thorpe Jun 01 '10 at 09:37
  • @John - I've stated what I have and what I need. The question is then, albeit implicit, how I best get from what I have to what I need. The reason I also ask here, besides Stack Overflow, is because I would like a system administrators point of view. Maybe someone could tell me that it is generally accepted to allow WCF service into the internal network directly from the internet _if_ it is secured by ssl and cryptographically signed. – mlarsen Jun 01 '10 at 11:12
  • @Chris - Security aside we could just set up SQL Server replication between our database and the customers database. That "solution" just fails a lot of my requirements, so I just wanted to know if anybody could think of something I can't. – mlarsen Jun 01 '10 at 11:15

2 Answers2

1

I'm not sure why this question just popped up onto the front page, given its age, but if you're still looking for suggestions...why not establish a VPN from inside the client network to your servers? Using something like OpenVPN, you get a tool that:

  • Only requires a single port on which to operate;
  • Does not require any firewall configuration as long as outgoing traffic can be initiated from the client site;
  • Once connected, makes it easy for you to move data back and forth.

You can set these up to provide a high level of isolation between customers.

larsks
  • 43,623
  • 14
  • 121
  • 180
0

if I'm getting your problem correctly... the solution that will be quick and stable for this kind of need is you can build entire solution over Adobe Flex...

build a desktop sitting AiR internet client for your Customers. This client will have to be allowed the required permissions for data on Client machine {in case of restrictions}, and this client will be communicating to your Web Service securely and periodically as desired by you.

AbhishekKr
  • 217
  • 1
  • 3