A theoretical question for y'all:

A client wants to set up a machine for an employee to take home and is

very concerned about opening up his network to potential damage in
whatever form. The at-home employee has no need of Netware services,only to connect to a single, dedicated-purpose computer that hosts
camera surveillance software - basically a way for the shop supervisor

to keep an eye on the 24 x 7 shop when he's not there.

If we place the dedicated-purpose machine on the private side and set
the VPN client and allow the remote user to come in that way, we are
bypassing BorderManager. If we put the machine on the public side, we

are keeping the shop supervisor off our network entirely although we
opening the dedicated-purpose machine up to potential harm since it
would have a public IP address.

Since Netware services aren't needed, does anyone have strong feelings

one doing this one way or the other?

Many thanks in advance.