VPN on OS X Server
Telecommuting has become a viable option for employees of many large companies thanks to the availability of remote access technologies. You might have heard of some of these technologies – VPN, remote desktop, VNC, and IPsec, to name a few. What you may not realize is that you can leverage these technologies for your small office, at minimal cost. Imagine being able to access your files and use your office applications from anywhere in the world. (Hopefully not when you’re on vacation.)
OS X offers many protocols for getting data from point A to point B right out-of-the-box. These include AFP (file sharing) and VNC (screen sharing). While these protocols work for their intended purposes, they are not inherently secure. While there are techniques to secure this traffic (e.g. SSH), there’s a much simpler solution to secure all traffic between your office and remote users – a virtual private network (VPN).
A VPN essentially extends your office network to the remote client, such as your MacBook, iPad, or iPhone. All traffic is encrypted, so no one on the internet can eavesdrop. VPNs can be created using a network appliance (from Cisco, SonicWall, and other vendors), or a VPN server. As the title of this post suggests, OS X Server includes a VPN server. It’s a straightforward set up for those with a networking background. (If you’re in the New York City area, MacMaven Consulting can get your VPN up and running in a jiffy.)
Once the VPN is configured, setting up connectivity for each user is a piece of cake. Make sure each user has an account on your OS X server, with permission to use the VPN. The client devices (Mac or iOS) will require the user credentials, plus a shared secret.
While there are many other VPN solutions available for small offices, the OS X server solution offers the “just works” simplicity that we expect from Apple.
If you’re wondering why a VPN is a better solution than a service like GoToMyPC, here are some reasons:
- A VPN gives you the capability to leverage your office’s services such as intranet sites, email, corporate directory, and file sharing servers – all available using your client device’s standard apps. Of course you can also use screen sharing to control a Mac in your office. GoToMyPC and similar services focus on screen sharing and rudimentary file sharing.
- Screen sharing can be slow and cumbersome, especially over a slow internet connection.
- VPN infrastructure has no recurring subscription fees.