Networking Advice

I am helping a buddy of mine get his small business networking working correctly. He has two locations and in each location there is a Windows 2003 Server that supports a number of Windows XP PCs. The servers are not set up as Domain Controllers but are in unique workgroups, LOCA and LOCB. LOCA is the main location that is operated all the time. LOCB is a satellite location that is manned two days a week.

They are bringing on a new application that requires several of the PCs in LOCB to connect to the Server at LOCA. There is no dedicated connection between the two sites so my thought is to establish a VPN between the two sites to enable this communications. So I have several questions regarding this.

• Is this the best approach?
• In both locations there are Routers that have VPN capabilities. Is this the optimium way to do this or should I just set up Port forwarding and allow the setup the server to provide the VPN?
• When the VPN is connected, will the remote workgroup be browsable so I can select the approapriate share? Does this affect any of the current shares?

Thanks in advance for your help.

 

I would have an appliance at both ends capable of creating a point to point tunnel. Then you would actually only need one server. I have used the linksys product in the past for this on the lower budget jobs but looking at their product line they have trimmed it down quite a bit since they were bought by Cisco.

Once you create the tunnel it just like all the desktops are in the same building.

 

Thanks for the reply. I will still want to keep the two servers as both locations have a number of Terminal Server clients that the severs supports and I don't want to put that traffic across the network. Are there any issues keeping a server in each location?

 

Nope.

 

May be may be not. It depends on the application you are trying to run.

The first issue is of data synchronization. If the data is local to both the locations, no problems, but if both the servers have to be synced ....

Cost is another issue.

Maintenance of server in remote location is another one.

 

Good points. The remote location already has the server and it is part of their infrastructure. AS far as the data sync, they have been using a USB drive to move the DB from one location to the other and as you might conclude it has been problematic.

What I would like to do with the VPN Tunnel is leave the DB in the main location and access it across the network. A couple of followup questions:

* the remote has a number of terminals (not PCs) that attach to the remote server via Terminal Services. Is it more efficient to leave them attached to the remote server and have the server accees the DB across the Tunnel or should they attached to Terminal Services in the main location via the network?
* when the Tunnel is established between the two locations will the remote location still be able to browse the internet through its ISP location or is all access funneled through the Tunnel?

 

If you have site to site VPNs, you can set them up so that only traffic destined for the other site goes over the VPN.

If you use ADSL for both ends of the VPN connection, be aware that the upload ADSL speed will be the maximum connection speed. This can be fine, but does mean you need to be careful how you connect over the VPN. Web services tend to work fine. Don't let people map drives over the VPN link! Mapping drives uses a lot of bandwidth. OK if just one or two, but once you start, you'll soon find there a lot of them and the impact will be significant.

If on the other hand you have something like a leased line, then the bandwidth is simply limited to the connection bandwidth. The more you can get, the better.

Terminal services work a treat over VPN, so that's what I'd do.

Personally, on a tight budget I think Draytek routers work well. Another option is second-hand firewalls. You can pick up some excellent firewalls on e-bay for less than the price of a broad band router!

 

Thanks for the suggestions. I have a Linksys WRV210 in the remote office and a NetGear FSV318v3 in the home office and both have IPSEC Tunneling capabilities.

The WRV210 provides a NAT transversal capability and the Netgear does not. I'm nt sure if that is a big issue or not. I assume that the way you you funnel traffic across the tunnel vs. the internet is by the range of IPs configured for the remote link.

You comments on the mapped drive concern me as one of the applications that will run on one PC at the remote site has to have a mapped folder to the server on the main site. if this map was limited to a single folder with little activity, am I looking for trouble?

One other thing, every client has a map drive back to the server. They did this to make it easy to fetch letters and templates from each PC in the office. What i was thinking of doing is keep the map to the local server, then setup DFS replication between the two servers to keep the maps in sync. There aren't many updates but I thought the DFS would be an easy way to insure they are the same.

 

You can manage with one.

Sounds like a good plan to me.