Re: Remote access

George Weaver schrieb:
> I have a client with a main office and a branch office about 90 miles
> away.
> [...]
> What would be the best solution for them to access a PostgreSQL
> database located at the main office from the branch office?

I read the other messages and the advice about fixed IP or dynamic DNS
(cheap) is relevant but depends on your access provider.
As I understand your client uses already remote access via terminal
server, so the basic connection has proven viable, isn't it?
If there are already a couple of users on daily basis then the
connection should be rather fast.
Possibly you've fixed IP anyway?
If your access gets routinely disconnected every x houres then you
should figure out if this might be anoying for your new application.

Now you want to move the client-application from the server to local PCs.
You'll need to connect the local application to the remote db-server.
It depends on a few parameters.
1)  Will the new client be still MS-Access? Access can be real pain with
slow networks. It depends on low latency.
2)  If you can't do a big restucturing of the LANs, like change all the
local IPs, you cant have a VPN if the LANs arent already on different
subnets. (See the other mail)
3)  You can allways have a P2P tunnel by SSH or probaply VPN where just
one PC in the client LAN joins the server's LAN.
4)  You can set up on PC to provide a proxy for every other pc. The
proxy would just manage the ssh connect so that not every single pc
would need it's own ssh-connection with passwords.
Or you could let every pc connect itselves. With SSH its rather trivial
to map the remote db-server into every local PC.
5)  You could use SSL to connect to the remote db, but then you'd need
to open the db-server dirctly to the wierd wild web and this would make
me nervous even though ssl should be pretty secure. On top of that you'd
have to get your head around the ssl key topic first.
6)  If you feel really desperately lucky you could just open the remote
db-server's 5432 port to the web and don't encrypt anything. Then you'd
have to rely that noone guesses your user/passwords of postres.
7)  Decide on one protection method. Don't go SSL on top of SSH.   ;)

A simple solution would be:
*   setup a ssh server on the server-lan
*   open just the ssh port in the server-lan's internet-router
*   use e.g. PuTTY to tunnel the remote db-server's 5432 port into your
local PCs
Local PC(5432) ---internet---> || --->remote-lan---> ssh-server --->
db-server(5432)
Your pc asks the ssh-server to pass over the port 5432 of the db-server
on his lan.
*   in your PCs access 127.0.0.1:5432 via ODBC like the db was actually
running on it

It's no enterprise solution, mind you, but it might work just OK.
It depends really if you have enough bandwidth to carry all your local
clients.