I am tasked with creating the architecture for an integration application for 2 systems.
I will be running a Ubuntu LTS instance, with an application that requires to connect to our clients MSSQL database.
The clients database will be hosted on a server, in the clients infrastructure, which one can connect to using Fortigate.
My question is about best practices and security when it comes to connecting 2 machines in different networks.
As I understand there are many ways to do so:
- Opening a random port on our clients public IP address directly to the clients MSSQL database is a dangerous move.
- Installing Forticlient on our VM forces that VM to have only one tunnel to one client, meaning one client per one VM, which is very costly.
- Setting up Fortigate router to create multiple VPN connections to our network, but the difficulty is configuring the devices to have non overlapping sub network IP addressing, as there are often times popular IP networks (such as 192.168.1.x.) taken.
What would be the best approach?
The goal is to connect our server with many databases hosted at different clients servers within their networks. I am trying to avoid setting up any kind of VM in the clients network and push the data to us, as its more difficult to maintain many machines VS just one.
EDIT
I do understand that not having a interface on the client side (for exmaple an API exposing the database) and connecting to the database directly through a VPN is a security risk, but I am trying to understand the trade off in choosing the VPN route, as I am limited in the time I have to create the solution.
The trade off being:
- Time and difficulty to develop the solution
- Security concerns
- Scalability
The client is using Fortigate to manage his internal VPN, currently we are trying to create a site2site VPN connection
