We have a Windows Client/(SQL-)Server application which is normally installed at the customer's premises.

We now need to provide a hosted solution, and browser-based isn't feasible in the short term.

We're considering hosting the database ourselves, and also hosting the client in a VM. We can set all this up easily enough, so we need to:

• ensure that the customer can connect easily, and also
• ensure that we suitably restrict access to the VM (and its host, of course)

We already access the host and guest machines across the internet via RDS, but we restrict access to it to only our own internal, very small, set of static IPs, and of course theres the 2 (or 3?)-user limit on RDS connections to a remote server.

So I'd greatly appreciate ideas on how to manage:

• the security
• the multi-user aspect.

We're hoping to be able to do this initially without a large investment in virtualisation infrastructure - it would be one customer only to start with, with perhaps two remote users.

Thanks!