My company has developed an web app that runs on tomcat using MS SQLserver as a data source (both webserver and database currently on same box which we will soon split). Until now the web app has only been available and exposed to lan users. My question is how best to serve this app to remote users. We do not want to use VPN as not all users will be employees and we cannot control VPN client software. Further the webserver has a SSL certificate but again we do not want to allow a tunnel through the firewall that cannot be inspected. Where should the webserver be placed so that if it is compromised it cannot access private data from our database, given that it must have access to the database for the web app to function? Is their some applicance that can authinicate users based on username and password and then allow or deny SSL connection based on that information? We have limited on staff IT mostly programmers/developers and modest budget to impliment this solution. Thanks for all responses.