Need advice setting up and choosing components for VPN/Terminal Services Project


I have a 6 workstation LAN in my office using Win 2000 server w/terminal services.  We are not using the Win 2000 Server yet...just added it recently.  The Win 2000 server is not set up as a domain controller. I have another file server (win xp pro box) serving up the main application we use.  We have a combination of Win XP Pro and Win 98 Clients in our workgroup. I have a TCPIP network using static address for each machine (our DOS app seems to be more stable using static address).  I maintain the LAN (I am not a certified network my baptism by fire several years ago working for a small software company...but I have managed to keep things working smoothly for the last 4 or 5 years)

We currently use a DOS based application written for our industry (Healthcare) which has a data polling function allowing us to synchronize data via a dial up modem connection with each customer on a weekly basis.  We have about a dozen customers at the moment with their own respective LANS ranging from 3 to 10 workstations at each remote location; about 40 remote PC's total.

We will be migrating to a Windows based application (Written in Delphi and uses Sybase Adaptive Server Anywhere) in the near future.

We would like to host the windows application and database at our office and offer our clients a "Real time" connection to the application and database as opposed to sychronizing the data on a weekly basis. Managing the application and data on our side will significantly cut time regarding updates, support etc. and allow us to grow the business without growing the headaches associated with distributed databases.

We plan on doubling our client base over the next 18 months so scalability is a consideration.

The application contains order entry, inventory control functions, etc. and their will be a fair amount of printing and processing demands from both the remotes and our LAN.

We currently have a DSL line with a static IP in place but my guess is we will have to consider a T1 or partial T1 at some point.

Any advice you can give me regarding this project would be greatly appreciated!  I am also willing to investigate Linux as an option for the Terminal Services side of things.


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi MarkCSI,

My preferred solution in your place would be:

Terminal Services:
 - Win2000 Terminal Services
 - Citrix MetaFrame

You already know W2K TS, so I will not comment on that. Citrix MetaFrame web-enables your W2K TS, so you will not have to install any sw at the user end, - they just point their web-browser at your address and they are on-line (via VPN in this case, of course)!

VPN hardware:

 - 1 Cisco VPN3000 (which is a VPN Gateway) at your end
 - 1 Cisco PIX 501 at each client location

This solution will make it possible for you to deploy everything without any thought on users existing hardware. You can preconfigure all PIXes from home and just ship them out to user, and it doesn't matter if user-end has 1 or more computers, - same work for you!

Last advice:
Get a certified professional for your first setup of Citrix and VPN, - it'll save you a lot of time and give you the best starting point.

Kind regards,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I agree with Sven that the Citrix web-enabled function is awesome, but it is something that you can add later. Citrix also gives you the ability to load-balance multiple servers for reliability. You can start with Terminal Services and add the Citrix as you grow.

I, too, use Cisco PIX extensively in VPN solutions. I rather like another PIX at the HQ end versus the VPN3000. More from a cost/performance standpoint. Perhaps a PIX 515e at HQ and 501's at the remotes. They can be pretty much plug and play if you pre-configure them, and are easy to remotely administer with a web-based GUI. The 515e gives you the added capability to provide failover capability at a much lower cost than the VPN3000. Don't get me wrong, the VPN3000 is also an awsome product, but very expensive (IMHO)...

I'm sure I aggree with lrmoore (of curse......;-), - I recommended the VPN3000 because I find it easier than PIX 515 to handle, but that's because I've only run the old 515 without PDM, not the 515e. On top the 515e will give you a state-of-the-art firewall for your own end.

I think that what we're both trying to communicate is: if you're not running a system with a lot of W2Kx servers, you're better of going for a hardware based VPN solution, than to start learning how to deploy and manage the 'tough world' of WinVPN across a heterogenous wide-area environment (possibly involving computers which are not 100% under your authority).

You'll get plent of work just getting a W2K Terminal Server to run smootly in the described setup....

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.