It is possible to connect to a MoneyWorks Datacentre server at the other end of the country using an ADSL or other broadband internet connection. Performance won't be stellar, since the latency (round-trip message time a.k.a. ping-time) on the public internet is typically up to 1000* times slower than a local area network, but it is still usable for simple tasks (we don't recommend it for intensive tasks such as running reports). This article will explain how you can set up an ADSL router-modem to allow remote connections to a MoneyWorks Datacentre server (using the popular Nokia M1122 as an example).
*We hear that in Australia (and probably the US and other countries), routing times tend to be much better than this. Telecom NZ's routing seems to be a bit pokey
Please note: This is not a beginner's networking tutorial. Cognito does not provide networking consultancy services. If the following is gobbledegook to you, please employ the services of a networking consultant to do this stuff for you.
You will need a static IP address for you DSL connection. Talk to your ISP about this. They should be able to tell you what your IP number is.
It's not as simple as just connecting. The Nokia M1122 is a NAT (Network Address translation) router. This allows the internet connection to be shared between all computers on your local network, and also protects your network from unwanted outside intrusion. By default, no outside computer can establish any connection into your local network through the router. It is a simple but very effective kind of firewall. For our purposes, we need to "poke a pin-hole" in this firewall to allow outside computers to connect to our MoneyWorks server.
You can log into the M1122 using any web browser from inside your local network. The modem will typically be at address 192.168.1.1, or alternatively 192.168.1.254 (check your modem manual).
So, type http://192.168.1.1/ into your browser. You'll see the router's main page (it has a tiny webserver built into it).
In the Service Names screen, type moneyworks into the service name box; set the protocol to TCP; and type 6674 into the first port box (leave the second port box blank). Then click Add New.
6674 is MoneyWorks' default port for serving on. You can change it in the document preferences.
Add another service for port 6699 and call it datacentre
Now we need to add our MoneyWorks services to the NAPT rules.
Click on NAPT
Select the moneyworks service from the Service popup menu.
Type the internal LAN address of the computer running MoneyWorks Datacentre on your network.
This will be something like 192.168.14. On Mac OS X you can get this number from System Preferences/Network (in fact it is a good idea to set your IP address for the server computer to DHCP with manual IP address so that the DHCP server in the Nokia won't change it on you if it is powered off). On Windows XP, look in Start/Control Panel/Network Connections/Local Area Connection/Properties/Internet Protocol/Properties. Same thing here, best to set IP address to manual. We don't have space to explain the finer points of assigning internal IP addesses here, sorry.
Click Add New on the NAPT page to add the moneyworks rule.
Use the same steps to add the datacentre service.
Click Save Config on the left (so that the modem will remember these settings even if it gets powered off).
That's it. Now a MoneyWorks Gold anywhere in the world can connect to your server—all they need to know is your IP address (or domain name if you have one).
Note that your external IP address that internet clients connect to is not the 192.168.1.x one—that's your internal NAT address. If you don't know your external IP address, you can easily get it by going to http://whatismyip.com/ from any machine inside your network. You should obtain a "static IP" from your ISP because otherwise your external IP address may change without warning. Some ISPs charge a monthly fee for a static IP.
Clients will need to connect using the Manual using IP address option in the connection dialog box. They will type your static IP address (or domain name), and the Datacentre service port (6699). They click Log In, and presto they are in.
The performance you will get is almost entirely dependent on the latency of your connection, not on the bitrate (although this will also have some effect). A 10 Megabit broadand connection can still be very slow if the latency is high. You can't usually buy low latency—it is simply a product of the number and quality of the routers between the client and the server.
MoneyWorks 5 incorporates new technology to increase speed of displaying lists over very high latency connections (typically 5x faster), however a WAN is still orders of magnitude higher-latency (and therefore slower) than a LAN, so here are some tips to make things faster:
Turn off Auto-Complete in the preferences.
Keep list windows small
Stick to data entry; reports won't be speedy
You might want to consider a solution like Citrix, Terminal Services, Remote Desktop etc. These allow you to run your MoneyWorks client session on the same site as the server, and just transmit the user interface to you over the internet. Since the user interace info can be transmitted in big chunks instead of many small database requests, the effects of high latency will not be so evident.
MoneyWorks encrypts passwords. All other data is encoded, but not encrypted. Thus someone would have to be trying very very hard with a packet sniffer to figure out what they are looking at, however it is not impossible. If absolute security is required, you should consider using a Virtual Private Network (VPN) or an SSH tunnel.
With a Mac client and server you have the option of setting up an SSH tunnel without any additional software (it's included in Mac OS X). You can even have SSH compress the data to save on bandwidth costs.
Add something similar to the following to your /etc/ssh_config on your client. As before, the "192.168.1.14" would be the local LAN IP address of the remote server. We are assuming that only one document is being accessed on the server and its preferred port is 6674. If there is more than one document, each and every one should be configured (in Preferences) to use a unique port, and all of these ports should be forwarded.
With this setup, you can open a tunnel by typing the following into a terminal window (which you will need to leave open to keep he tunnel open). You may want to set up a more user-friendly way for users to do this. This is left as an exercise for the reader.
ssh my_server.my_domain.com
Now the client can connect (manually) to the server using IP address 127.0.0.1 and port 6699.
If you uncomment the GatewayPorts line, then other computers on the client's LAN will be able to connect by entering the client's local IP address into the connect dialog box.
