Kicking around SafeGuard Enterprise in a test environment for Synchronized Encryption.
In our production environment we will have users working remotely. Can the SafeGuard Enterprise server be set up to allow clients to sync over the Internet?
They currently use a VPN when they need to, and I know SafeGuard could sync that way, but some users could go days without ever using the VPN.
Hi - Yes, very easily. I have created a secondary server and placed this in the DMZ (or you could open the correct ports on your F/W if you don't have a DMZ). This server has points to the primary server. Diagram below may help a little.
You'll need to use HTTPS on all the servers (and obviously sort a public cert) and secure all other open ports/protocols but my setup works well here. Clients talk to internal when internal and when elsewhere off the estate they talk to the primary (which then failsover to secondary) and they get a response from the secondary.
I set up the webhelpdesk to help technical staff recover keys without the console - This is internal too for me.
In terms of config it's very simple to setup. Build and setup the new server. Install Sophos SG on the server. Setup all ther SSL/IIS. Configure F/W. Once this is done - back to SSG server... Tools - Configuration Package Tool. This tells the additional servers who the primary is. You use the Server tab to add the extra server (s) and then use the Server Packages tab to create the config file for each server. You run that on the server after you've installed the Sophos setup.
One downside is that now you've split out the servers you will have to do more housekeeping come updates time. Hardly worth fussing though as they're not that frequent and this gives you and your users a MUCH better experience!
Hope this helps?
