The reality of most small and medium sized non-profits is that many people work remotely creating, editing and updating data. Whether working on the road, at home or while on vacation, they need to gain access to central files in order to maintain data accuracy and ensure the continuity of the organization.
The best solution that will allow organizations to access files remotely is to set-up a virtual private network (VPN).
A VPN provides a cable-like connection via the Internet between a remote PC and your office’s server. It’s like taking a network cable at your office and walking home with it, pulling it through the streets, and plugging it into your laptop when you get home. When you want to access the office server from a remote location, VPN software on your laptop establishes a secure point-to-point tunnel through the Internet with your office to access your data. In order to have a virtual private network, you must have a router that is VPN enabled.
There are five basic steps to setting up a VPN:
1. Get a router appropriate for your needs
Check to ensure your hardware router meets the following requirements:
- The router must have wired and wireless connectivity.
- It must have virtual private network functionality built in.
- It must support up to 10 workstations.
For organizations that do not have the correct router, one recommended cost effective router is the Cisco Small Business RV110W Wireless-N VPN Firewall – Wireless Router (802). A short introduction video on YouTube can be viewed here.
2. Use the Quick Start Wizard Guide to set up
Most wireless VPN enabled routers come with an option of using a set-up wizard guide. This guide takes you through the entire process of physically plugging in your cables, setting up the wireless network and connecting to the Internet. Since setting up a VPN enabled wireless router is more complicated, all vendors usually provide a step-by-step soft copy manual (PDF format) with the product CD when purchasing the router.
3. Choose security settings
An important part of the setup process is to ensure the highest level of security. The strength of security on your network is only as strong as the weakest link. Most organizations erroneously accept the default ‘easy to remember’ password that comes with the router. This makes it easy for cyber thieves to break in, giving them access to all your data. In some cases, the setup wizard will prompt the user to change the default password to a strong password. There are several options when configuring the type or level of wireless encryption or level of security. Two configuration options (outlined in the user manual) exist for turning on wireless encryption. The first is an option known as WPA Personal with TKIP/AES. The second is a stronger option known as WPA2 Personal with AES. Better to select the stronger more secure option because open wireless networks expose networks to outside attacks leading to theft of data.
4. Enable users
Once the router is configured properly, there is a series of smaller but equally important steps required to enable VPN functionality:
- Follow instructions in your router’s user manual to enable VPN functionality. This is done through the software settings.
- In the router’s software settings, enable remote management.
- Create user accounts for each user wanting VPN access.
- Request each user obtain and install the VPN software on their client computer. The software should be freely available via the website from the router manufacturer.
5. Connect
The final step is to connect from your home computer to the office. Here’s how to do that using both Macintosh and Windows computers.
- For a Mac: Choose Apple menu > System Preferences, and then click Network Click Add (+) at the bottom of the network connection services list, and then choose VPN from the Interface pop-up menu.
- For Windows: Go to Control Panels > Network and Sharing > Create a New Connection, then choose VPN and enter the IP address.
To connect you’ll then need to enter your office IP address. An IP address is four numbers separated by periods, like this: 12.34.56.78. These numbers identify computers connected to the Internet.
IP numbers can be static or dynamic.
A static IP address never changes. So if your Internet Service Provider (ISP) has assigned you a static IP address, then your office always has the same address. This makes it easy for your website to refer to your office — the website can just use the IP address.
Solving the problem of a dynamic IP address
However, most offices have dynamic IP addresses. This means that every time your communications equipment is reset you are assigned a new IP address. This creates a problem for your website, since it will not know what the office IP address is, and so will not be able to connect to Sumac in the office.
Solution 1: Static IP Address
One possible solution is to get your ISP to assign a static IP address to your office. This eliminates the whole problem caused by dynamic IP addresses. The down side of this solution is that ISPs charge for static IP addresses. It may be that they charge such a small amount, that you will be happy to go with this solution.
Solution 2: Register Your Own Name + Dynamic DNS
If you cannot get a static IP address at an acceptable price, another approach would be to register a domain name and dynamically update the Domain Name Server (DNS) for that domain name to point to your office. A DNS is just a computer on the Internet which answers the question, “What is the IP address for this domain?” So, for example, if you ask a DNS for the address of google.com, you will probably get an answer like: 74.125.226.80.
If your site is MyCharity.org, you could register a domain name like MyCharityOffice.com, and tell a DNS the IP address for that domain name. Note that because your IP address is dynamic, you need a DNS that can handle regular updates: a Dynamic DNS. The updates are performed by a program that you run on a computer in your office; it regularly checks its IP address and, if there is a change, informs the Dynamic DNS.
Here are some examples of this type of DNS service: dlinkddns.com, dyndns.com, no-ip.com, zoneedit.com. Some of these are free.
By the way, often registrars — the organizations where you register your domain name — can also provide free Dynamic DNS services.
Solution 3: Use A Free Name
This solution is a lot like Solution 2, except that instead of registering your own name (which costs about $10 per year), you can use a free name provided by the Dynamic DNS provider. For example, no-ip.com will provide you with names you can use and provide the Dynamic DNS service, all for free.
The Problem With Solutions 2 and 3
The only problem with Dynamic DNS services is time delays. There is a delay between the time you update your IP address with the Dynamic DNS and the time when the rest of the Internet becomes aware of the change. This delay may be a few seconds to many minutes. During this delay, the DNS is incorrect, and anyone going a domain name will be told the wrong IP address.
If a delay of 10 minutes, during which your website won’t work correctly, is acceptable, then there is no problem at all. If, however, it is imperative that your website be up as much as possible, this consideration may force you to get a static IP address assigned to your office.
The other factor to consider is just how often does your IP address actually change. Even though, in theory, your dynamic IP address may change, in practice often an ISP assigns you a number and that number stays unchanged until your reset your modem. If this happens rarely, then a 10 minute delay from the DNS will not matter since it happens so rarely.
0 Comments