We have hosted application server which is web based in the head office and this application has to be accessed from remote site’s which are located at a distance, the remote site 1 and remote site 2 users to login to the application and work but they have to be limited to use this application only from within the remote site office premise network, should design the network extremely highly secured, following options I think of and as well few challenges and suggestion
1.Connect the Head office and two remote sites with MPLS VPN network with reputed service providers so that remote site users will access the application server within mpls vpn network
2. If in case service provider says mpls vpn connection is not feasible at remote sites then we have to go for the leased line circuit at all the three locations that is head office where the application server is hosted and at the remote site office 1 and at remote site office 2 and install strong firewall and connect all the 3 locations as site to site vpn connectivity we can go for cisico firewall or sonic.
3.If mpls vpn and also leased line both are not possible due to non-feasibility from service providers and we have left with an option broad band connectivity OR data cards/Dongle then how to achieve the extremely high security, below is what I can think but I request an experts inputs and suggestions and possibility and recommendation
a) in this case users from the remote sites to be allowed to access application server through either broad band connectivity OR through the dongle/data card connectivity but my concern and worry is how to put extremely highly security, please suggest is it like hardware firewall at Head office to be configured to setup VPN client and end users at remote site can connect the application server only if they login through VPN client , please suggest the best security connectivity here and can it be really secured
b)Is there any other best technology to handle this we are okay if we have to invest money, something like if there are some service may be VPN service like Strong VPN https://strongvpn.com/
where dedicated IP will be assigned when used our subscribed account even we connected with broad band or data card/dongle and this is allowed in the head office firewall, I am not clear please guide and recommend best here
c)Though the users connect to the internet through the data card/dongle or broad band please let me know Is there way possible to setup highly secured encryption layer and keys exchanged from the remote site users system to head office firewall, if matches then allows the access the application server, can you please suggest such solution we are okay to invest
request the experts support please, thanks in advance.