Thank you Marcus for your quick answer.
Those users belong to subsidiaries who have not been integrated into the group from an IT perspective. Theses subsidiaries have their own PC farm with their own security policy which is not compliant with the one of the group. The Security team of the group considers that installing a VPN on such "uncontrolled" machines would introduce an unacceptable breach. Rationalizing the IT accross the group would indeed be the neatest approach but this would be a huge effort I cannot ask as a prerequisite for our QV deployment.
Yes it's difficult to understand. On the one side those people should get access to (probably confidential) data and on the other side there is no real trust to them. I'm not from the IT but I think there will be possible ways with a further VPN maybe to a subdomain to which are set restrictions to all accesses unless qlikview or maybe any remote-desktop or citrix solutions.
But maybe it's easier (and it has lesser costs) to buy another qlikview server which is outside from your company IT and served only the reason to give those people the opportunity to lease a licence.
Once you email somebody a qvw that is picked up on a non corporate PC, then that qvw is effectively in the wild and could end up anywhere with all its data readable by anyone - even the freebie non licenced QV Desktop can open such qvw's a few times until restrictions kick in.
You make no mention of Section Access, so I assume it is not being used in your qvw's.
I would urge caution and double check if this is compatible with your security policy.
I agree with Marcus about giving VPN access to your AccessPoint and would suggest a policy of no QlikView Access unless via VPN [or LAN] access.
! got a solution from QLik!
IIS should be configured to support tunneling (look for "Tunneling Using Microsoft IIS" in the QV Server reference manual).
The QV Desktop client may be configured with the Access Point URL : "Settings \ User preferences \ Locations", set "Qlikview Server Accesspoint (URL)" to the HTTP(S) URL of the dummy Licence.qvw.
A reverse proxy may be set up between the client and the server.
Now, select "Tools \ Open Qlikview AccessPoint" to open the dummy file for manual licence activation.
Licence activation may be scripted with the following command:
"C:\Program Files\QlikView\qv.exe" "http://server-name/QvAJAXZfc/opendoc.htm?document=Licence.qvw&host=server-name"