06-27-2020, 02:30 PM
Until recently, VPN has been the way to go for access to internal systems since there often wasn't a lot of people that required it and it wasn't so difficult for IT to manage the security related to that (although, like your situation, many film companies even deny this for fear of leaking any imagery). With COVID-19, there are likely going go be big changes to the way production is done in general. Managing VPN access for everyone may be a bit of a nightmare to manage. And it kind of gets around the whole reason for not having internet on those desktop machines in the first place.
You could have an external TACTIC server which is on the internet that uses the same internal database (whether directly connected or using replication) but access a different folder for the actual assets files. The external server would only have a subset of the files that a user may need to download. When a file is checked in, it goes to the external server asset folder and a watch folder process moves it to the appropriate place on the internal server and deletes it immediately.
The tricky part with this is how to determine what files a user will need to download. They may have a UI button that says "Copy to external server" or something. This will really depend on your needs. The advantage of this is that if the external server is ever compromised, they will not have access to all the internal files. Again, this will all depend on your specific security requirements.
You could have an external TACTIC server which is on the internet that uses the same internal database (whether directly connected or using replication) but access a different folder for the actual assets files. The external server would only have a subset of the files that a user may need to download. When a file is checked in, it goes to the external server asset folder and a watch folder process moves it to the appropriate place on the internal server and deletes it immediately.
The tricky part with this is how to determine what files a user will need to download. They may have a UI button that says "Copy to external server" or something. This will really depend on your needs. The advantage of this is that if the external server is ever compromised, they will not have access to all the internal files. Again, this will all depend on your specific security requirements.