Is mdb safe to travel through vpn?

[Richard]

Hi

I am planning to backup the backend mdb offsite using vpn. Is the db safe
going through the vpn?

Many thanks in advance.

Richard

 

[Arvin Meyer [MVP]]

I ftp'd a back-end to a webserver for 7 years without incident, other than a
few ftp failure. I also used terminal server session on 6 machines through
a VPN, for 2 years, and 8 connections on a webserver using a VPN connection
which has been running for 6 years. The last 2 are the same database. If you
are simply doing a backup, just copy the file in a Terminal Server session
over a VPN.

 

[Richard]

Many thanks Arvin

I just need to convince myself it is safe.

 

[Tony Toews [MVP]]

Many thanks Arvin

I just need to convince myself it is safe.

In that sense it's just a file. Like a Word .doc or Excel .xls.

Now if you were trying to update it over the VPN we'd be jumping up
and down telling you you'll be sorry. <smile>

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm

 

[Todos Menos [MSFT]]

MDB does not work over VPN

use SQL Server, kid

MDB should 'never be used on a web server'

-Todos

 

[Todos Menos [MSFT]]

ADP works great over a VPN

In that sense it's just a file. Like a Word .doc or Excel .xls.

Now if you were trying to update it over the VPN we'd be jumping up
and down telling you you'll be sorry. <smile>

Tony
--TonyToews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems athttp://www.granite.ab.ca/accsmstr.htm

 

[Arvin Meyer [MVP]]

In that sense it's just a file. Like a Word .doc or Excel .xls.

Now if you were trying to update it over the VPN we'd be jumping up
and down telling you you'll be sorry. <smile>

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm

 

[Arvin Meyer [MVP]]

Now if you were trying to update it over the VPN we'd be jumping up
and down telling you you'll be sorry. <smile>

Sorry about the first one. In my excitement, I fired too soon (no off-clor
comments please)

OK, What I was trying to get across was that you can run a Terminal Server
session of a VPN tunnel just fine. In that case, you can update to your
hearts content, with no performance degrade at all.

As a matter of fact, under certain conditions performance can increase. If I
wanted the fasted possible speed, late in the evening when no one else was
on the network, I'd log into my machine at work, from my home, and work on
my apps directly on the Terminal Server. IOW, I used Terminal Services over
a VPN to connect to my workstation at work, from there a Terminal Server
connection to the Terminal Server. I was then using the Terminal Server
which was a 3.0 MHz Dual Xeon with 4 GB of RAM.

 

[David W. Fenton]

As a matter of fact, under certain conditions performance can
increase. If I wanted the fasted possible speed, late in the
evening when no one else was on the network, I'd log into my
machine at work, from my home, and work on my apps directly on the
Terminal Server. IOW, I used Terminal Services over a VPN to
connect to my workstation at work, from there a Terminal Server
connection to the Terminal Server. I was then using the Terminal
Server which was a 3.0 MHz Dual Xeon with 4 GB of RAM.

Can't you get directly to the Terminal Server without going through
your workstation? Surely that would improve performance?

 

[Arvin Meyer [MVP]]

Can't you get directly to the Terminal Server without going through
your workstation? Surely that would improve performance?

Yes, of course, but it added another layer of security to require logins
being local. Since the company hit the Internet with a T1 and I hit it with
a 6+ mbit cable modem and the Nic on my machine at work was 100 mbit, and
the server was a gbit Nic, performance wasn't much of an issue. The only
time there was ever a slowdown at all was when the screen needed a full
repaint, and that only took a few seconds.

 

[Tom Ellison]

Dear Tony:

Except if you use MSDE/SQL Server. I've had extremely good results running
VPN connections from an Access ADP or MDB for several years over a VPN
connection. The performance is also excellent, as only the data passes.
Indeed, I have run 3 users simultaneously over a 56K dial-up without
problem, except if more than one it psinting or previewing a report. A
report gets a bit more intense, of course.

The bandwidth for running this is very, very thin.

Tom Ellison
Microsoft Access MVP

 

[David W. Fenton]

Yes, of course, but it added another layer of security to require
logins being local.

If you connect via VPN, what additional security is needed? The VPN,
with its key excahge and encrypted tunnel, is far more secure than
the connection from your workstation to the server over the local
LAN.

Since the company hit the Internet with a T1 and I hit it with
a 6+ mbit cable modem and the Nic on my machine at work was 100
mbit, and the server was a gbit Nic, performance wasn't much of an
issue. The only time there was ever a slowdown at all was when the
screen needed a full repaint, and that only took a few seconds.

I do lots of this for machines that aren't availabe through the
firewall. I remote desktop to my client's server then remote desktop
to the workstations I need to configure. There are noticeable
overhead issues, particularly with inefficient screen repainting.
But I *am* on dialup. I guess your connection is fast enough to make
those so small as to not be noticeable.

The other issue, though, is that remote desktop does funny things if
run in full-screen mode for both sessions. I've found that I run the
first connection full-screen, and then run the second connection
*not* full-screen. Otherwise, you lose access to the intermediate
host unless you log off the destination host.

 

[David W. Fenton]

Except if you use MSDE/SQL Server. I've had extremely good
results running VPN connections from an Access ADP or MDB for
several years over a VPN connection. The performance is also
excellent, as only the data passes. Indeed, I have run 3 users
simultaneously over a 56K dial-up without problem, except if more
than one it psinting or previewing a report. A report gets a bit
more intense, of course.

The bandwidth for running this is very, very thin.

It takes a very well-engineered Access front end for that to work,
I'd wager.

 

[Tony Toews [MVP]]

It takes a very well-engineered Access front end for that to work,
I'd wager.

And Tom's good at that. He once told us he had a Access FE talkng to a SQL Server BE
via dialup connection.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm

 

[Tony Toews [MVP]]

Except if you use MSDE/SQL Server. I've had extremely good results running
VPN connections from an Access ADP or MDB for several years over a VPN
connection. The performance is also excellent, as only the data passes.
Indeed, I have run 3 users simultaneously over a 56K dial-up without
problem, except if more than one it psinting or previewing a report. A
report gets a bit more intense, of course.

The bandwidth for running this is very, very thin.

Agreed. But I didn't add those weasel words to my statement. <smile>

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm

 

[Tom Ellison]

Tony,

Grin

Tom

Agreed. But I didn't add those weasel words to my statement. <smile>

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm

 

[Tom Ellison]

Dear Tony:

We once connected two computers with a serial cable as a network and ran the
test of our application. While not VPN, this allowed us to see just how
much bandwidth was needed for "data entry," i. e. forms.

We started dropping the baud rate: 38400, 19200, 9600, 4800, 2400. At 2400
we could begin to see some sluggishness, but it was definitely usable for
data entry.

The hog is running reports. If running a single report, rates below 38400
began to slow the printer (a laser at 6 PPM).

The purpose of the test was to find a backup for VPN. If the internet drops
out, the "server" at each location could dial up the "database server" and
restore connection. We had it doing that automatically.

It still seems incredible to me, but we felt that 6 users, with no more than
1 printing a report (the others just entering data) could easily share a
dial-up connection.

Using the same application but running JET, the application was utterly
unusable over a 256K VPN. Just opening a typical form could take 30-40
minutes. This is one of the big advantages of having a processor at the
server to run queries and distill data before going over the network
connection. Indeed, having multiple computers on a LAN at 10 Mbits can clog
the network with Jet, while MSDE/SQL Server will hardly impact the network
at all.

These tests were subjective, in that the application under which they were
tested is not the same as the next one, but I know this application was very
demanding. I had forms with 10 or more subforms, each connecting to a
separate table, in continuous forms mode so each required 4-6 rows of data
to open. Such a form did not slow at all using 9600 baud.

All this ignores latency, but then latency is not a function of data rate.
You can have a high latency on fast connections and a low latency on slow
connections. However, if a dial-up connection is on good quality phone
lines it will have no latency, while a high speed internet VPN can have
several seconds of latency from time to time.

That's one of the biggest reasons that sold me on MSDE/ADP years ago.

Tom Ellison
Microsoft Access MVP

 

[Arvin Meyer [MVP]]

If you connect via VPN, what additional security is needed? The VPN,
with its key excahge and encrypted tunnel, is far more secure than
the connection from your workstation to the server over the local
LAN.

The server does not need an outward facing IP address. All connectivity is
behind the router and firewall. So the only way in is a local terminal
session, or a local login to the server. Anyone probing IP addresses will
never see the server, and only sees a workstation. Had I a permanent IP from
which to start the Terminal Server session, I could have set up the server
to only accept 1 IP address from the outside. This way it only accepted 1 IP
address from the inside.

 

[David W. Fenton]

The server does not need an outward facing IP address.

If you're connecting by VPN, you're already local, so there is no
need for an outward-facing IP address.

That is, unless your VPN is not a direct connection to the LAN you
need to get to. In that case, though, I don't see how you're getting
to the workstation, unless there's some form of IP or port
redirection on the Internet-facing router.

All connectivity is
behind the router and firewall. So the only way in is a local
terminal session, or a local login to the server. Anyone probing
IP addresses will never see the server, and only sees a
workstation. Had I a permanent IP from which to start the Terminal
Server session, I could have set up the server to only accept 1 IP
address from the outside. This way it only accepted 1 IP address
from the inside.

If connecting via VPN, I can't understand why you would be worrying
about external IP addresses. The whole point of a VPN is that it's a
secure tunnel to a protected port available on the Internet. Once
you've connected, the usual configuration of a VPN is that you now
have an IP address local to the inside of the LAN, and have all the
LAN addresses available to you.

And your explanation doesn't account for how you get to the
workstation from outside the LAN.

 

[David W. Fenton]

That's one of the biggest reasons that sold me on MSDE/ADP years
ago.

What, exactly, does ADP accomplish in terms of performance as
compared to an MDB connected to the same back-end data source?

That is, do you have any evidence that the avoidance of Jet gains
you any performance at all?