Ideas needed: Updating intranet websites from the internet

Carnival Boy

No VPN on my phone. We use Hamachi as our VPN and they don't have an iOS client. 20 seconds would be a little too long anyway.

scottalanmiller

@Carnival-Boy said:

No VPN on my phone. We use Hamachi as our VPN and they don't have an iOS client. 20 seconds would be a little too long anyway.

Pertino has that I have not tried it though, yet. Need to do that. But they've recently released it.

Hamachi development stopped around the time that the iPhone first came out, I believe, so not likely to see new clients for that. There are actually fewer clients for Hamachi today than there used to be. The Linux one went away, for example.

Carnival Boy

Indeed. So VPN is out. That's why I'm after any alternative solutions.

scottalanmiller

What about emailing in the ticket and putting it in that way?

Carnival Boy

That could work. How would I go about it?

A Former User

Do you not have a Static IP to setup a normal VPN? that or just opening up the ssl version of the site would be the normal way.

scottalanmiller

@Carnival-Boy said:

That could work. How would I go about it?

Is that to me? You could make a mailbox just for this. Just like, say, Spiceworks does. You'll need to discipline yourself to using a standard format or this will be a lot of work. You make a script that reads the mailbox (this is actually very easy) and submits the ticket for you or whatever. If you don't want to modify the existing app, you can make a script that is external that does this. The script can use IMAP, for example, to read the email and then use HTTP to submit the ticket. No need for it to be "connected" in any way.

Carnival Boy

@thecreativeone91 said:

Do you not have a Static IP to setup a normal VPN? that or just opening up the ssl version of the site would be the normal way.

I do, but I don't want to expose the site to the internet for what is a very trivial purpose.

Carnival Boy

@scottalanmiller said:

The script can use IMAP, for example, to read the email

Thanks. I will look into this. It's not something I have ever done before.

A Former User

@Carnival-Boy said:

@thecreativeone91 said:

Do you not have a Static IP to setup a normal VPN? that or just opening up the ssl version of the site would be the normal way.

I do, but I don't want to expose the site to the internet for what is a very trivial purpose.

No real danger in doing it. HTTPS/SSL is going to be just as secure as a VPN.

scottalanmiller

@thecreativeone91 said:

No real danger in doing it. HTTPS/SSL is going to be just as secure as a VPN.

It actually IS a VPN under the hood.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

No real danger in doing it. HTTPS/SSL is going to be just as secure as a VPN.

It actually IS a VPN under the hood.

True. But for some reason people seem to think a VPN is solely layer three (and therefore more secure) and not layer 7 just like any other SSL implementation.

Carnival Boy

@thecreativeone91 said:

No real danger in doing it.

Oh, OK. I wasn't sure. In that case, that is probably the easiest solution.

scottalanmiller

@thecreativeone91 said:

True. But for some reason people seem to think a VPN is solely layer three (and therefore more secure) and not layer 7 just like any other SSL implementation.

Yeah, an SSL VPN is layer seven, no matter where it happens or what it is called.

Carnival Boy

OK, SSL experts - newbie here! I currently have one UCC SSL Cert, which I use for my Exchange server. So that is mapped to the domain remote.ourmaincompanydomain.com

Now I could add an additional SAN like intranet.ourmaincompanydomain.com. That will have the same IP address - and our firewall directs traffic to the intranet server or the Exchange server depending on the port (443 for Exchange, another port for the intranet server). So, same IP address, different servers, same cert. That's ok, right?

Alternatively, I could create a new domain intranet.anotherdomain.com and purchase a separate, single cert (or a wildcard cert) and install that on our intranet server. That would be two certs but still only one IP address - is that allowed? I kind of like the idea of keeping everything separate - so if I screw one up I'm not going to screw the other up.

scottalanmiller

If this is just for your own use, why use a purchased cert at all?

Dashrender

@scottalanmiller said:

If this is just for your own use, why use a purchased cert at all?

Agreed, since this is only for you, a self signed cert should be just fine.

Sometime this summer the EFF will provide free basic SSL cert. Then you'll be able to have a real cert that your browsers won't complain about for free.

Carnival Boy

No, this would be for an application that several staff have access to.

scottalanmiller

@Carnival-Boy said:

No, this would be for an application that all staff have access to.

Oh, ok. Commercial signed makes sense then.

Carnival Boy

So I think I'm best off purchasing a new wildcard cert for a different domain to the one we use for Exchange. This way I leave Exchange and our main domain UCC cert alone, and our intranet sites use their own domain name externally (eg intranet1.domain2.com; intranet2.domain2.com).

Does that sound ok?