The article below contains instructions to secure your server.
PLEASE NOTE, there is always a risk, so please be aware of this before undertaking the exercise. CRM Together will not accept liability for any data loss etc.
We recently completed an exercise to lock down access to our servers by restricting RDP access based on the IP address. The difficulty here is that you may have a dynamic IP or have several to keep track of and may want/need access to your server from a location not on the IP list.
You can get your IP at any time, by opening a browser and typing in “whats my ip”
To get around this you need a VPN. One of the easier ways to do this is via DigitalOcean. Once you have an account there, you can go to the marketplace and select the “OpenVPN Access Server” option and create a droplet. (Select the $5 one as that’s all you will need) With that pre-installed, follow the instructions to set up users. Out of the box you get 2 concurrent licenses.
The system provides a full web UI to manage users and your configuration.
You install the client and connect to the VPN. To verify that the IP has changed open google again and enter “whats my ip”. You should see the IP is different. If you don’t then the easiest thing to do is click on “Network settings”
and scroll down to “client web server” and set the option to Yes so that the server IP is used.
Disconnect, connect again and retest.
Once you are happy with the VPN setup RDP onto your Sage CRM server. Open Windows firewall advanced and select “inbound rules” and scroll to “Remote Desktop – User Mode (TCP-in)”. Right click and select properties and then click the “Scope” tab.
Add in your local IP (before you accessed the VPN and also the VPN ip and the range of IP’s the VPN might use (see screen shot below).
All going well you should now have a more secure Sage CRM server.
Hope this is helpful!