Question re Lan to Wan Upgrade

[Ghostrider]

I have a client who is currently using Accpac across a lan located in a rural head office and 4 locations across N/America & Canada. They want to create a Wan so that all locations use the centralised data at the head office instead of uploading locally created files at the end of the week. I currently have them running SBS2003 with a separate Terminal Server allowing them to access locally created accounts through the TS and input data directly into Accpac. They are also running exchange for mail which will be expanded to include their remote locations.

They are a growing company and want to centralise as much as possible and add some redundancy to their internet connectivity (Head office is 1.5mb Wireless Internet) but they want a dedicated connection if possible. they have had a quote from another consultant recommending OfficeLink VPN managed routers at remote locations and a fibre/ADSL dedicated connection locally. I don't dispute the dedicated link as a replacement or backup of the wireless connection but i think managed Officelink is a bit much especially as they may pay for data throughput too and accpac transfers masses of data between server and workstations. My thinking is that remote workplace/Terminal server access is better and cheaper, however, is security a risk....

Does anyone have any suggestions or comments that might help me point them in the right direction, money is not a big problem as they are willing to spend what is needed, i just don't want to suggest paying more than they really have to.

[chilifrei64]

well you can do 3 routes here..

Route 1: More expensive but better: Use a site to site vpn to connect your remote locations. This will require a VPN conecntrator at each branch.. preferably the same type unless you know enough about VPN's. Or if your ISP offers managed VPN which i think is what you are getting at. Doing things this way may spill the need for more stuff (ie: a domain controller at each branch (which then would mean you need to migrate from SBS) incase the link goes down you need a GC at each branch to process logon requests.. and I am sure a plethora of other things without knowing much about your topology

Method 2: prolly the same cost but your server topology could stay the same.. as oppsed to running a managed VPN.. see what your ISP has available in the form of a frame relay circuit. This removes the need for the VPN concentrators but you still pay a fee for the "Dedicated Circuit"

Method 3: Terminal Server. As this is the perfect example where terminal servers are sooo valuable. When configured properly, terminal servers are by no means a security risk. This offers you access to the remote system as if you are there and the hardware cost and monthly fee is far less than dedicated or site to site VPN connections.

Here is my opinion on Terminal Servers though.. If you are going to do it.. do it right.. setting up a terminal server to save money can cause you problems.. be sure you purchase hardware that is sufficient enough to support your current users plus 50% more.. this allow you to save room for future additional users AND(and this is why I say 50% more) for upgrading software.. Software requirements are getting higher and higher and where a server that is mildly powerfull now.. may not be as powerfull when you add the next version of office(more resources) the next versions of Adobe Acrobat/Reader(more resources) addition software as the company expands (network fax/scan/phone) Antivirus (Symantec 7.5 takes far less resources than the 20 services 10.0 installs).. i think you catch my drift.. add all these higher software requirements in addition to 25 more users. you have yourself a really slow machine and everybody is unhappy with the slowness..

To make matters worse.. if you dont do it right and dont build in some redundancy... .if it goes down for one user.. chances are your whole company goes down.

My opinion is either a dedicated frame relay or a site to site VPN using cisco PIX devices

Edited November 14, 2005 by chilifrei64

[Ghostrider]

I got some further info and it seems that the licensing for accpac means it can only be used locally so Term Services appears to be the only option. Good thing for me both servers are high end and right now only 5 users are expected to connect at the same time via Term Services. These days i don't see the point sometimes of using Leased lines and VLans when Remote workplace and OWA are available.