Updating SQL Server from remote locations

  • I have a client running a client/server windows application using SQL Server 2008 R2 as a database solution. He is now requesting us to provide the functionality to allow his staff to enter data from remote locations, that is when they are aboard or at home, (no possibility of VPN). Since I have never done anything like this I would appreciate some advice for the best method to tackle such a solution. I have read that exposing SQL Server over the internet is not a good idea. Should I consider web services or should I go for a replication type of a solution?

    I would appreciate your feedback on possible solutions.

    Thanks in advance.

  • Is that the application a fully fledged "fat" app?

    What devices will the client application be running on?

    I'm assuming a web rewrite is going to be out of the question since you are looking at web services and replication. For a fully portable application this could be done using a local install of SQL Express or compact edition on whatever device and use merge replication to sync when communication is available. You could store the minimum data required locally to function in this scenario (regional, date filtered, hostname etc). You would have to manage conflicts manually but provided you filtered the subscriber you can keep those to a minimum unless you've got two people working on the same data.

    Web services could also work but would you would need to publish the webservices publically since vpn's arent an option.

    Do you have any further information that could help with advising?

  • Thanks for the replay.

    Yes this is a fat application and a web rewrite for the entire system is not an option since we are talking of various modules.

    The specific task required is the inputting of excursion bookings, so a possibility is to replicate just this functionality in a web application which can be accessed via the internet. My problem is what type of communication can be used to update the live SQL Server.

    I would tend to prefer web services since the data is required as quickly as possible, but I have very limited experience regarding web services. The first questions that come to mind are, if it can be done, and if so how secure and reliable are they?

    The data that has to be sent is like client name, booking date, excursion type, hotel, pax number and price. What may be a problem is the retrieval of information from the Live SQL Server, such as a list of hotels from which a user can select. This may contain something like 300 hotels. Then again, as I said, I have no experience in using web services, so some insight in such a solution would be very much appreciated.

  • SQL Server itself can be made to present web services using end points so developing the webservice could be kept to a minimum.

    They are as secure as you make them. You can use SSL for encryption and lockdown your firewall to accept only valid incoming connections. I've used them many times in the past (not developed as I'm a DBA) but they've always been as reliable as the network connection. If thats reliable then you've got nothing to worry about.

  • Can you establish a PPTP connection between the client and the server router? Nowadays, most of serve router can act as a PPTP server, If you can do this, connecting to the server database then becomes very easy, either remote data source or replication.

  • Why is there no possibility of using a VPN to do this? That would be by far the easiest and probably the most secure solution as well!

  • The requirement is that users will be able to place a booking via a web application from any PC/device running any OS. This is not a case of having the ability to access the full system but the requirement of inputting a booking from anywhere and any device with an internet connection.

  • In that case, surely you're not going to be exposing the SQL server anyway? The web application will talk to the SQL server, and it'll be the Web application which is exposed to the Internet, not the server behind it. This means you have to make darned sure you're not introducing SQL injection vectors while writing the web app, of course.

  • I think you've answered your own question:

    "The requirement is that users will be able to place a booking via a web application from any PC/device running any OS. This is not a case of having the ability to access the full system but the requirement of inputting a booking from anywhere and any device with an internet connection. "

    So you need to develop a very small simple web app to save a fiew fields to a database

    The web app runs on a web server and reads and writes to the database.

    If you find that a drop down of 300 items is too slow (which I don't think you will), you can get around by doing things like having a 'search' box instead of a drop down.

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply