Ideas needed: Updating intranet websites from the internet
-
Indeed. So VPN is out. That's why I'm after any alternative solutions.
-
What about emailing in the ticket and putting it in that way?
-
That could work. How would I go about it?
-
Do you not have a Static IP to setup a normal VPN? that or just opening up the ssl version of the site would be the normal way.
-
@Carnival-Boy said:
That could work. How would I go about it?
Is that to me? You could make a mailbox just for this. Just like, say, Spiceworks does. You'll need to discipline yourself to using a standard format or this will be a lot of work. You make a script that reads the mailbox (this is actually very easy) and submits the ticket for you or whatever. If you don't want to modify the existing app, you can make a script that is external that does this. The script can use IMAP, for example, to read the email and then use HTTP to submit the ticket. No need for it to be "connected" in any way.
-
@thecreativeone91 said:
Do you not have a Static IP to setup a normal VPN? that or just opening up the ssl version of the site would be the normal way.
I do, but I don't want to expose the site to the internet for what is a very trivial purpose.
-
@scottalanmiller said:
The script can use IMAP, for example, to read the email
Thanks. I will look into this. It's not something I have ever done before.
-
@Carnival-Boy said:
@thecreativeone91 said:
Do you not have a Static IP to setup a normal VPN? that or just opening up the ssl version of the site would be the normal way.
I do, but I don't want to expose the site to the internet for what is a very trivial purpose.
No real danger in doing it. HTTPS/SSL is going to be just as secure as a VPN.
-
@thecreativeone91 said:
No real danger in doing it. HTTPS/SSL is going to be just as secure as a VPN.
It actually IS a VPN under the hood.
-
@scottalanmiller said:
@thecreativeone91 said:
No real danger in doing it. HTTPS/SSL is going to be just as secure as a VPN.
It actually IS a VPN under the hood.
True. But for some reason people seem to think a VPN is solely layer three (and therefore more secure) and not layer 7 just like any other SSL implementation.
-
@thecreativeone91 said:
No real danger in doing it.
Oh, OK. I wasn't sure. In that case, that is probably the easiest solution.
-
@thecreativeone91 said:
True. But for some reason people seem to think a VPN is solely layer three (and therefore more secure) and not layer 7 just like any other SSL implementation.
Yeah, an SSL VPN is layer seven, no matter where it happens or what it is called.
-
OK, SSL experts - newbie here! I currently have one UCC SSL Cert, which I use for my Exchange server. So that is mapped to the domain remote.ourmaincompanydomain.com
Now I could add an additional SAN like intranet.ourmaincompanydomain.com. That will have the same IP address - and our firewall directs traffic to the intranet server or the Exchange server depending on the port (443 for Exchange, another port for the intranet server). So, same IP address, different servers, same cert. That's ok, right?
Alternatively, I could create a new domain intranet.anotherdomain.com and purchase a separate, single cert (or a wildcard cert) and install that on our intranet server. That would be two certs but still only one IP address - is that allowed? I kind of like the idea of keeping everything separate - so if I screw one up I'm not going to screw the other up.
-
If this is just for your own use, why use a purchased cert at all?
-
@scottalanmiller said:
If this is just for your own use, why use a purchased cert at all?
Agreed, since this is only for you, a self signed cert should be just fine.
Sometime this summer the EFF will provide free basic SSL cert. Then you'll be able to have a real cert that your browsers won't complain about for free.
-
No, this would be for an application that several staff have access to.
-
@Carnival-Boy said:
No, this would be for an application that all staff have access to.
Oh, ok. Commercial signed makes sense then.
-
So I think I'm best off purchasing a new wildcard cert for a different domain to the one we use for Exchange. This way I leave Exchange and our main domain UCC cert alone, and our intranet sites use their own domain name externally (eg intranet1.domain2.com; intranet2.domain2.com).
Does that sound ok?