Wide Area Network questions.

[HAL9000]

OK, this is new to me and I'm searching for info, links, diagrams, whatever you can throw at me to get this going.

I have a client with a NT Server, SQL7, TCP/IP network with about a dozen clients. They have purchased another office to expand their company. They will have 3 or 4 machines there that need to access the server at the main location. We are looking into either an internet connection or a dedicated high speed line. I'm assuming the dedicated line would be the better choice for reliability, but we are still looking at the ADSL connection as an option since it is already in place at the main location with a Linksys router.

What is required to be done to the server?

How do I connect the remote machines to the server in either instance (ADSL, dedicated line)?

What is required on the remote client machines (software, protocols, etc)?

[WickedLittleSlaveBoy]

hmmmmmmmm, if you're going to connect the two offices via DSL, you will need a second line at the first office, too....that is, unless you intend to use the Internet for connectivity, which could be very tricky from a security point of view. ouch, a Linksys, how many computers do you have at the main location? if you connect the two offices, you will most likely need a router, or you could use a multihomed Unix, Linux or NT/2000 box with static routes to set up connectivity between your subnets....then there is an issues of IP addressing and name resolution, you might want to install a DHCP server, but if it's only a few boxes, it would be easier to just give them static IPs. name resolution only becomes an issue if you're not using the server as a multihomed router or if you have other servers or workstations sharing something vital....you might want a WINS server in that case, because a DNS server might be too much and the Linksys is probably already doing DNS.

as far as what's required for the remote machines....well, unless you're going the internet route, it should be as simple as TCP/IP....of course, I have never worked on a WAN connected via DSL.

[HAL9000]

OK.... I'll clarify it a bit.

Here is a diagram of what's in place.

The Linksys router is set up at the moment as a DHCP server. At the moment, the ADSL does NOT have a static IP, this can be changed as I would assume that it would have to. The only reason I was thinking the possibility of a DSL WAN is because everything is already in place. A dedicated line is still an option. I'm currently looking into both scenarios.

[WickedLittleSlaveBoy]

a DSL WAN would be the most cost effective....because, you only have to pay the phone company, no need for a seperate ISP charge, since you will serving as your own ISP through the LinkSys on the main network.

but the problem, as I see it is, that if you're using a dedicated connection between officeA and officeB, you're DSL line is now connected from OfficeA to officeB, with no line going to the internet...but it would be a very cost effective solution and the easiest to implement. anything other than DSL or ISDN is going to be outrageous for the scale of the project, but DSL's transfer rates will blow away ISDN and the bandwidth is better than a fractional T1 in the long haul.

you can lose the second Linksys in the new office, because if you're connected directly to OfficeB's network, there is no sense in it...in addition to routing, the Linksys is providing NAT services, which isn't something you would normally want on an internal network.

I'm going to modify your picture to reflect the change...I'll post it in a few minutes.

[WickedLittleSlaveBoy]

OK, here's the chart...note that I connected the line to the server, but it could be connected to a plain old vanilla router, an old Pentium system running GNU/Linux, NetBSD, < insert your favorite *nix here > , NT workstation or server....hell, you might even be able to connect it directly to your hub, but this wouldn't be desirable, because it would be treated as an Ethernet connection and all the traffic on the main network would be sent down the DSL line...but, a switch might work nicely, but since it's not as smart as a router, it might send anything it can't find a MAC address for on the local LAN(internet traffic).







hmmm, forgot that HTML is on here.

[HAL9000]

Not quite sure I fully understand your arrangement. Where I have labeled "phone line" that is the line going to the ISP. You are now showing 3 ADSL modems?

[WickedLittleSlaveBoy]

yes, you have to dedicate the connection in this scheme....all the phone company has to do with a DSL connection is giving you a connection to your ISP....that single connection is not going to be split in two for you, meaning that you have no connection to the second site, except via the Internet...which isn't going to work for a WAN connection. so, in the scheme I have suggested, you pay the phone company the line charge for the second DSL line, which connects your offices....it wouldn't be as expensive as a normal DSL internet, because you're not going to pay an ISP for service. you have a leased DSL line, and it's a cheap leased line.

now as to where to put the second DSL connection, I think I was all wrong about putting it on the server.....if the Linksys has a switch on it, then that's the ideal connect point.

[HAL9000]

OK... getting clear as murky water instead of mud now. While cost is a concern, I don't necessarily have to use the cheapest method either. These guys will implement whatever I tell them is best for their situation. If there are any other suggestions of how to go about this, I'm open to more.

[WickedLittleSlaveBoy]

well, I'm pumping a dry well now...so the only final thoughts are:

1. maybe you could talk to the ISP and see if they do any WAN hosting, which will probably be more expensive, but will achieve the same goal...the DSL router might be an issue, but if it has a concept of DMZs, it might work out OK.

2. never, ever, ever allow an NT/2000 with NetBIOS services running to be connected to the Internet, use some form of intermediary or unbind NetBIOS on the external NIC, if you can't get rid of it altogether.

I wish you luck with whatever route you decide on.

[HAL9000]

Thanks for your help. This is my first experience at WAN, so it should be interesting. At least I have something to work with now. Doing some searches on the net for other info, phoning telco tomorrow to see what they can offer. Looking at about a month time frame here, so not in a panic yet. Worst case scenario... I chicken out and contract the work out. Doubt I'll do that, I like to play, and whats the worst that can happen... I blow up thier entire network and destroy their databases and make a mad dash for the Mexican border... right?

[Great_One]

the most cost effective method would be to get a local dsl connection
at the second office. then do vpn over the internet connection into the
internal network at the first office. the problem with a dedicated
connection is that your basically charged by the distance you are from
one office to the other office. i am not sure how far a part these locations
are, but this may make it cost prohbitive. besides, it looks like you are
only talking 3 or 4 clients, probably not worth the cost.

[Dave22]

I vote for the VPN connection between offices. You could do it from the remote office clients themselves or create the tunnel between routers. SDSL isn't that bad as far as charges go. YMMV

[WickedLittleSlaveBoy]

VPN hardware is pretty expensive, and you have to remember that this network is pretty bare bones, I still think that DSL router would be trouble....

but you could do it with say OpenBSD and a package like L2TPd....you could also set up NAT on the OpenBSD box(es) and eliminate the need for the DSL router at least one location.

BTW, what's the upstream bandwidth on the SDSL connection?

[HAL9000]

OK... between here and a few local people and discussions with telco, it looks like the dedicated line is the best bet. Now I understand your diagram WickedLittleSlaveBoy. The dedicated line costs more initially for the install, but the monthly costs are about the same as running a second internet connection at the remote location, but with better reliability and security. Lines will be going in next week, so this will be my crash course in WAN.... hmmm.... maybe I shouldn't use the word "crash".

Thanks for the suggestions

[HAL9000]

OK... throwing out the whole mess. Found a place in town that does remotely managed Citrix servers. Gonna move all the databases out of the company to a remote Citrix server. This eliminates the need for them to maintain their own server, so no more replacing/upgrading hardware, no more service packs, no more tape backups, it all goes away as it's now the responsibility of the outfit running the Citrix server. I tell ya though, if you've never seen a Citrix server in operation, it's something you should chase down to see in action. Everyone is networked, the one rural site that was incredibly slow using dialup and RAS speeds up dramatically, plus, if he opens IE, he gets as close to high speed internet that he is going to see in the country. Anyone with a computer and internet access at home can even do work from home. If they have a laptop, remote access follows them along.

I originally thought the monthly cost for this service was high, but after seeing the demonstration of how well it works, it seemed to be a much more reasonable price than I first thought.

The demo consisted of a 20Mhz Mac with 20Mb RAM connected to ADSL. After the login, there was the Windows 2000 desktop (Login time was about 20 seconds). Clicked on Word 2000, it came up in less than a second. Opened up Excel 2000, Power point, Adobe Photoshop, and Internet Explorer. Each taking no more than about a second and a half to come up, all running simultaneosly.

Next demo was the same as above with a 386 laptop and a 28.8 modem. Ran all the same apps, everything still up in a second and a half or less.

Like I said, it's just something you really have to see to appreciate.

[WickedLittleSlaveBoy]

been there....except over a WAN, without redundant connections. it was a great way to centralize, but it was a pain when Pac Bell took our site's link down....and believe me, Pac Bell will.

sounds like a good plan to me, I'd ask them to let me run a port scan though. 8)

[HAL9000]

Shouldn't be too much of a problem, the place running this has both ADSL and cable connections so (fingers crossed) there shouldn't be any downtime problems.

[Omletteboy]

ASP is a good choice for cost cutting since you don't have to worry about upgrades. Citrix is optimize for low speed connections. We use wyse terminals that has no moving parts, just plug in ethernet cable and connect to the server farm and retrieve your desktop.

Right now we are testing a product by LinkProof from Radware, very neat product that can combine 2 or more internet connection for redundancy.

Much cheaper than implementing BGP using cisco routers.