>>>As it happens I work with a VFP/SQL Server app where both scenarios are supported:
>>>
>>>- Local VFP app with remote/cloud SQL Server
>>>- RDS (Terminal Services) option
>>>Another factor with a remote SQL Server is these days sysadmins on the host side will not let you just open a firewall port and forward it to a SQL server instance. It's asking for trouble - hacking and DoS attempts. You will need to install and configure a VPN at both ends and tunnel your traffic to/from the remote SQL server through that.
>>
>>I think the above point is true for both scenarios - RDS should also be handled via VPN, so pain points there as well ;-)
>
>Not quite true. I'm impressed with Remote Desktop Gateway, which is basically implemented as a site on IIS. This lets remote RDP clients tunnel to the host using SSL. It's supported directly in the Windows RDP client. You can set it up to have the same user name/password for RD Gateway as for a user's RDS session, so it's in effect single sign-on. If a remote user chooses to save credentials, they can access an RDS desktop session just by double-clicking on a .rdp file.
>
>I'd consider using IIS as a front-end to be public Internet-grade, from a security POV comparable to typical VPN servers.
>
>I don't know if typical non-Windows RDP clients have support for RD Gateway.

Due to lacking deeper personal knowledge in that area I cannot hold up my end of the discussion of that topic ;-)

I can only give the origin of my opinion: for a task analyzing insurance data the company billing was security audited regularly by the insurance company, as this data was the life blood of the insurance. One of the conditions they decided on for continued contract was use of VPN when RDS'ing into (VM) machines hosted at first in office, then in secured data center.

So I can only point to that "hearsay" of opinion by a customer much more (read: totally) into security but cannot argue on details - but since then OpenVPN was used, including sometimes updating, generating/memorizing new pwds and so on.