After installing a Damion server, many people will ask themselves how to securely access the server over the Internet.
There are several options for providing access to the server, depending on what type of security and availability you want to achieve:
- If you have a regular list of employees accessing content on the Daminion server and do not need to share files with outside partners, then the safest way is to set up a VPN connection.
- If you want to share content with external partners or provide guest access, opening ports (port forwarding) and setting up secure https access are the best choices.
Note: Whichever connection method you choose, don’t forget to read about configuring user roles , tags restriction and content access control on files , folders levels.
Review both methods and their pros and cons:
Using a Virtual Private Network, is one way to protect your data. A VPN extends a private (office) network across a public network and enables users to send and receive data as if their devices were directly connected to the private network. The benefits of a VPN include increases in functionality, security, and management of the private network. It provides access to resources that are inaccessible on the public network and is typically used for remote workers.
Almost all small office/home routers have a built-in VPN server, you can also set up a VPN server on the same computer where the Daminion server is located.
Get more information about VPN
- The vpn connection is encrypted, which provides security.
- You can restrict user access to only a certain part of the private network.
- On the server, you can restrict access to the Internet, leaving only access to the VPN connection
- Difficulty in setting up some types of VPNs
- Some encryption technologies can reduce the connection speed and increase the load on the server
- Requires VPN configuration for each user
If you have static ip, you can redirect the necessary ports on the router, providing access to the server.
For web access it is recommended to provide a secure https connection, see under HTTPS
To access the desktop you only need to open the appropriate ports. See details in section port forwarding
- The user does not need to configure anything
- You can access the server by the domain name corresponding to your company.
- The costs of ensuring the security of the open server
- Maintenance costs for domain/security certificate when using Https connection.
- Opening http server is not safe.
Before granting access, you need to check with your ISP which ports are blocked from their side. The firewall should also be configured on the daminion server and on the router or other device that provides Internet access. You can read more about firewall on the following page