1

I have a browser-based application deployed on an intranet server at a client's office. They have Wyse thin clients and have recently added Surface tablets for office use. 90% of the time, the users are connecting from within a multi-site company WAN, so there is no issue hitting the intranet server. We would like to find the simplest and easiest-to-maintain solution for the other 10% of the time.

  1. Is it possible to configure the mobile Windows machines, and a gateway server, so that requesting a URL starting with "OURINTRANETSERVER" from home would be routed through an appropriate gateway to the intranet server, without having to use a VPN, and without having to directly expose the intranet application on a public IP?
  2. If so, would there actually be much advantage to doing it this way vs. setting up a VPN? I'm not clear on whether routing in this way would be effectively the same as exposing the intranet server to the internet at large, or whether the setup/maintenance of this method would be just as much of a pain as setting up VPN.

Assume all connections to the server will use SSL, so we shouldn't need to worry about the VPN's advantage in encrypting sensitive information.

kcrumley
  • 249
  • 2
  • 5
  • 8

1 Answers1

1

  1. You could set up hosts files, or DNS servers that would point to a public address that would be NAT-mapped to a private internal address. This isn't really secure, unless you have a good method of whitelisting the valid users. Security by obscurity is nice as another layer, but it really shouldn't be the primary method of securing your site.

  2. The security issues make a VPN a much more desirable option, as most of the issues will be with the initial setup, and once you've found a valid config, you can use that to speed up the client configuration..

NickW
  • 10,263
  • 1
  • 20
  • 27