Solved

Need advice setting up and choosing components for VPN/Terminal Services Project

Posted on 2003-11-11
5
309 Views
Last Modified: 2010-04-12

Hello,

I have a 6 workstation LAN in my office using Win 2000 server w/terminal services.  We are not using the Win 2000 Server yet...just added it recently.  The Win 2000 server is not set up as a domain controller. I have another file server (win xp pro box) serving up the main application we use.  We have a combination of Win XP Pro and Win 98 Clients in our workgroup. I have a TCPIP network using static address for each machine (our DOS app seems to be more stable using static address).  I maintain the LAN (I am not a certified network engineer...got my baptism by fire several years ago working for a small software company...but I have managed to keep things working smoothly for the last 4 or 5 years)

We currently use a DOS based application written for our industry (Healthcare) which has a data polling function allowing us to synchronize data via a dial up modem connection with each customer on a weekly basis.  We have about a dozen customers at the moment with their own respective LANS ranging from 3 to 10 workstations at each remote location; about 40 remote PC's total.

We will be migrating to a Windows based application (Written in Delphi and uses Sybase Adaptive Server Anywhere) in the near future.

We would like to host the windows application and database at our office and offer our clients a "Real time" connection to the application and database as opposed to sychronizing the data on a weekly basis. Managing the application and data on our side will significantly cut time regarding updates, support etc. and allow us to grow the business without growing the headaches associated with distributed databases.

We plan on doubling our client base over the next 18 months so scalability is a consideration.

The application contains order entry, inventory control functions, etc. and their will be a fair amount of printing and processing demands from both the remotes and our LAN.

We currently have a DSL line with a static IP in place but my guess is we will have to consider a T1 or partial T1 at some point.

Any advice you can give me regarding this project would be greatly appreciated!  I am also willing to investigate Linux as an option for the Terminal Services side of things.

Mark




0
Comment
Question by:MarkCSI
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 250 total points
Comment Utility
Hi MarkCSI,

My preferred solution in your place would be:

Terminal Services:
 - Win2000 Terminal Services
 - Citrix MetaFrame

You already know W2K TS, so I will not comment on that. Citrix MetaFrame web-enables your W2K TS, so you will not have to install any sw at the user end, - they just point their web-browser at your address and they are on-line (via VPN in this case, of course)!

VPN hardware:

 - 1 Cisco VPN3000 (which is a VPN Gateway) at your end
 - 1 Cisco PIX 501 at each client location

This solution will make it possible for you to deploy everything without any thought on users existing hardware. You can preconfigure all PIXes from home and just ship them out to user, and it doesn't matter if user-end has 1 or more computers, - same work for you!

Last advice:
Get a certified professional for your first setup of Citrix and VPN, - it'll save you a lot of time and give you the best starting point.


Kind regards,
Sven
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
I agree with Sven that the Citrix web-enabled function is awesome, but it is something that you can add later. Citrix also gives you the ability to load-balance multiple servers for reliability. You can start with Terminal Services and add the Citrix as you grow.

I, too, use Cisco PIX extensively in VPN solutions. I rather like another PIX at the HQ end versus the VPN3000. More from a cost/performance standpoint. Perhaps a PIX 515e at HQ and 501's at the remotes. They can be pretty much plug and play if you pre-configure them, and are easy to remotely administer with a web-based GUI. The 515e gives you the added capability to provide failover capability at a much lower cost than the VPN3000. Don't get me wrong, the VPN3000 is also an awsome product, but very expensive (IMHO)...

0
 
LVL 9

Expert Comment

by:svenkarlsen
Comment Utility
I'm sure I aggree with lrmoore (of curse......;-), - I recommended the VPN3000 because I find it easier than PIX 515 to handle, but that's because I've only run the old 515 without PDM, not the 515e. On top the 515e will give you a state-of-the-art firewall for your own end.

I think that what we're both trying to communicate is: if you're not running a system with a lot of W2Kx servers, you're better of going for a hardware based VPN solution, than to start learning how to deploy and manage the 'tough world' of WinVPN across a heterogenous wide-area environment (possibly involving computers which are not 100% under your authority).

You'll get plent of work just getting a W2K Terminal Server to run smootly in the described setup....

Regards,
Sven
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now