1

I'm (currently) a VPN newby.

I have a VPS with a few websites on it, hosted by liquid web. I have installed a medical records package (openEMR) in a sub-domain, in its own cPanel account. I intend to use the free VPN that liquid web provide, to secure this account; I understand this means installing a VPN client in all PCs/laptops/mobiles that want to use openEMR. (I'm open to advice here as well).

I will also have a public appointment management app (probably easy!appointments), in a separate account, which for security reasons will not link to openEMR. But users are asked to complete a questionnaire when they first book an appointment. This is my problem.

I want to find way to transfer this questionnaire data securely to the openEMR MySQL database. I am looking for suggestions on how to achieve that please?

(I wondered, ignorantly, if it was possible to have a data transfer app running in the appointments account, that could be 'woken-up' on data submit, connect with the VPN, transfer the data out of the appointment apps database, and delete the source data after confirmation ... )

I've been working with a php developer who is suggesting using a php socket over ssh to tunnel between the databases, thus enabling the data to be transmitted immediately.

How secure is this please? What I've read doesn't make it very clear ....

Ognik
  • 11
  • 3

2 Answers2

1

You could use a synchronization service, like SyncThing or Resilio to pull data from the public server. When the users fill the forms, put them on the public server (on a protected folder), and use SyncThing/Resilio to send it to the private server. Use a cronjob on the private server to load the forms on your database.

Both use data encryption and peer2peer networking to transfer files, so the data is protected from snooping while in transit.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
0

You could create a cron job which would pull data from public db through public network interface and push data to the vpn secured website through the vpn connection on the public server.

But remember if both the networks are on the same machine it will create a pivot point for your vpn network so instead it is suggested to create a AWS Lambda api or a google functions api so that it would be temporary and once triggered would connect to both of the network do the sync job and end. It should not take any inputs it should only make outbound calls.

Aayush
  • 557
  • 6
  • 17
  • I follow that thanks - except does 'not taking inputs' impact how it is triggered? The only reliable trigger I can see is the (public) submit button... And would the api be just the data transfer app? i.e. would there be any benefit of serving the booking app from there (to have it on a different machine perhaps)? – Ognik Mar 05 '19 at 21:25