We have an Office plugin which requires a direct connection to a SQL Server.
We want this plugin to work from outside of the SQL Server's LAN.
We cannot use Microsoft Direct Access or other VPN technology.
Suggestions please on how we could allow a laptop running this plug-in to talk to the internal SQL Server from the internet.
We want the connection to be seamless, operate from any internet connection and preferably use domain issued certificates for authentication (i.e. so that only domain members can access the resource remotely, all other connections are rejected).
Options I've considered:
1) Punch a hole in the firewall on the specific ports and use certificate based IPSec policies to restrict inbound connections to those with domain issued certificates.
2) Utilise some sort of reverse-proxy that authenticates using domain issued certificates.
Comments on either of those suggestions welcome, or new suggestions.