[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Need advice setting up and choosing components for VPN/Terminal Services Project

Posted on 2003-11-11
Medium Priority
Last Modified: 2010-04-12


I have a 6 workstation LAN in my office using Win 2000 server w/terminal services.  We are not using the Win 2000 Server yet...just added it recently.  The Win 2000 server is not set up as a domain controller. I have another file server (win xp pro box) serving up the main application we use.  We have a combination of Win XP Pro and Win 98 Clients in our workgroup. I have a TCPIP network using static address for each machine (our DOS app seems to be more stable using static address).  I maintain the LAN (I am not a certified network engineer...got my baptism by fire several years ago working for a small software company...but I have managed to keep things working smoothly for the last 4 or 5 years)

We currently use a DOS based application written for our industry (Healthcare) which has a data polling function allowing us to synchronize data via a dial up modem connection with each customer on a weekly basis.  We have about a dozen customers at the moment with their own respective LANS ranging from 3 to 10 workstations at each remote location; about 40 remote PC's total.

We will be migrating to a Windows based application (Written in Delphi and uses Sybase Adaptive Server Anywhere) in the near future.

We would like to host the windows application and database at our office and offer our clients a "Real time" connection to the application and database as opposed to sychronizing the data on a weekly basis. Managing the application and data on our side will significantly cut time regarding updates, support etc. and allow us to grow the business without growing the headaches associated with distributed databases.

We plan on doubling our client base over the next 18 months so scalability is a consideration.

The application contains order entry, inventory control functions, etc. and their will be a fair amount of printing and processing demands from both the remotes and our LAN.

We currently have a DSL line with a static IP in place but my guess is we will have to consider a T1 or partial T1 at some point.

Any advice you can give me regarding this project would be greatly appreciated!  I am also willing to investigate Linux as an option for the Terminal Services side of things.


Question by:MarkCSI
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

svenkarlsen earned 1000 total points
ID: 9728543
Hi MarkCSI,

My preferred solution in your place would be:

Terminal Services:
 - Win2000 Terminal Services
 - Citrix MetaFrame

You already know W2K TS, so I will not comment on that. Citrix MetaFrame web-enables your W2K TS, so you will not have to install any sw at the user end, - they just point their web-browser at your address and they are on-line (via VPN in this case, of course)!

VPN hardware:

 - 1 Cisco VPN3000 (which is a VPN Gateway) at your end
 - 1 Cisco PIX 501 at each client location

This solution will make it possible for you to deploy everything without any thought on users existing hardware. You can preconfigure all PIXes from home and just ship them out to user, and it doesn't matter if user-end has 1 or more computers, - same work for you!

Last advice:
Get a certified professional for your first setup of Citrix and VPN, - it'll save you a lot of time and give you the best starting point.

Kind regards,
LVL 79

Expert Comment

ID: 9731463
I agree with Sven that the Citrix web-enabled function is awesome, but it is something that you can add later. Citrix also gives you the ability to load-balance multiple servers for reliability. You can start with Terminal Services and add the Citrix as you grow.

I, too, use Cisco PIX extensively in VPN solutions. I rather like another PIX at the HQ end versus the VPN3000. More from a cost/performance standpoint. Perhaps a PIX 515e at HQ and 501's at the remotes. They can be pretty much plug and play if you pre-configure them, and are easy to remotely administer with a web-based GUI. The 515e gives you the added capability to provide failover capability at a much lower cost than the VPN3000. Don't get me wrong, the VPN3000 is also an awsome product, but very expensive (IMHO)...


Expert Comment

ID: 9736269
I'm sure I aggree with lrmoore (of curse......;-), - I recommended the VPN3000 because I find it easier than PIX 515 to handle, but that's because I've only run the old 515 without PDM, not the 515e. On top the 515e will give you a state-of-the-art firewall for your own end.

I think that what we're both trying to communicate is: if you're not running a system with a lot of W2Kx servers, you're better of going for a hardware based VPN solution, than to start learning how to deploy and manage the 'tough world' of WinVPN across a heterogenous wide-area environment (possibly involving computers which are not 100% under your authority).

You'll get plent of work just getting a W2K Terminal Server to run smootly in the described setup....


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question