Need advice setting up and choosing components for VPN/Terminal Services Project

Posted on 2003-11-11
Last Modified: 2010-04-12


I have a 6 workstation LAN in my office using Win 2000 server w/terminal services.  We are not using the Win 2000 Server yet...just added it recently.  The Win 2000 server is not set up as a domain controller. I have another file server (win xp pro box) serving up the main application we use.  We have a combination of Win XP Pro and Win 98 Clients in our workgroup. I have a TCPIP network using static address for each machine (our DOS app seems to be more stable using static address).  I maintain the LAN (I am not a certified network my baptism by fire several years ago working for a small software company...but I have managed to keep things working smoothly for the last 4 or 5 years)

We currently use a DOS based application written for our industry (Healthcare) which has a data polling function allowing us to synchronize data via a dial up modem connection with each customer on a weekly basis.  We have about a dozen customers at the moment with their own respective LANS ranging from 3 to 10 workstations at each remote location; about 40 remote PC's total.

We will be migrating to a Windows based application (Written in Delphi and uses Sybase Adaptive Server Anywhere) in the near future.

We would like to host the windows application and database at our office and offer our clients a "Real time" connection to the application and database as opposed to sychronizing the data on a weekly basis. Managing the application and data on our side will significantly cut time regarding updates, support etc. and allow us to grow the business without growing the headaches associated with distributed databases.

We plan on doubling our client base over the next 18 months so scalability is a consideration.

The application contains order entry, inventory control functions, etc. and their will be a fair amount of printing and processing demands from both the remotes and our LAN.

We currently have a DSL line with a static IP in place but my guess is we will have to consider a T1 or partial T1 at some point.

Any advice you can give me regarding this project would be greatly appreciated!  I am also willing to investigate Linux as an option for the Terminal Services side of things.


Question by:MarkCSI
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

svenkarlsen earned 250 total points
ID: 9728543
Hi MarkCSI,

My preferred solution in your place would be:

Terminal Services:
 - Win2000 Terminal Services
 - Citrix MetaFrame

You already know W2K TS, so I will not comment on that. Citrix MetaFrame web-enables your W2K TS, so you will not have to install any sw at the user end, - they just point their web-browser at your address and they are on-line (via VPN in this case, of course)!

VPN hardware:

 - 1 Cisco VPN3000 (which is a VPN Gateway) at your end
 - 1 Cisco PIX 501 at each client location

This solution will make it possible for you to deploy everything without any thought on users existing hardware. You can preconfigure all PIXes from home and just ship them out to user, and it doesn't matter if user-end has 1 or more computers, - same work for you!

Last advice:
Get a certified professional for your first setup of Citrix and VPN, - it'll save you a lot of time and give you the best starting point.

Kind regards,
LVL 79

Expert Comment

ID: 9731463
I agree with Sven that the Citrix web-enabled function is awesome, but it is something that you can add later. Citrix also gives you the ability to load-balance multiple servers for reliability. You can start with Terminal Services and add the Citrix as you grow.

I, too, use Cisco PIX extensively in VPN solutions. I rather like another PIX at the HQ end versus the VPN3000. More from a cost/performance standpoint. Perhaps a PIX 515e at HQ and 501's at the remotes. They can be pretty much plug and play if you pre-configure them, and are easy to remotely administer with a web-based GUI. The 515e gives you the added capability to provide failover capability at a much lower cost than the VPN3000. Don't get me wrong, the VPN3000 is also an awsome product, but very expensive (IMHO)...


Expert Comment

ID: 9736269
I'm sure I aggree with lrmoore (of curse......;-), - I recommended the VPN3000 because I find it easier than PIX 515 to handle, but that's because I've only run the old 515 without PDM, not the 515e. On top the 515e will give you a state-of-the-art firewall for your own end.

I think that what we're both trying to communicate is: if you're not running a system with a lot of W2Kx servers, you're better of going for a hardware based VPN solution, than to start learning how to deploy and manage the 'tough world' of WinVPN across a heterogenous wide-area environment (possibly involving computers which are not 100% under your authority).

You'll get plent of work just getting a W2K Terminal Server to run smootly in the described setup....


Featured Post

Schedule a Tour of the ATEN booth at InfoComm 2017

Tour the ATEN booth to see the the Latest Addition to the Modular Matrix Switch Series, New 4K HDMI Over IP Extender and more! Enter ATEN's Ultimate Giveaway Sweepstakes for a chance to win one of several great prizes, including an ATEN US7220 2-Port Thunderbolt 2 Sharing Switch!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question