Ben-Higgins
asked on
VPN latency with Outlook
Hi All,
I have a central offfice running Exchange, SQL and file sharing on a Windows 2k server platform. This office has a 1MB (down stream) satellite internet link. I have a VPN server/firewall (Watchguard) handling VPN duties using PPTP. Connection, authentication and file transfer are fine (although latency affected to the usual degree), but any data handling through Outlook and the SQL agent is really slow. I am fully aware of the latency implications and reason for this, and I think that the slow transfer rate for Outlook is due to the way it or the PC handles packets i.e. it waits for acknowledgement of receipt before sending ther next packet of data. My aim is to find a method of increasing packet size or altering the way the PC's handle packets to speed up the process and get the data through faster. The alternative is to use modems to dial in to, which I want to avoid if possible.
Cheers,
Ben
I have a central offfice running Exchange, SQL and file sharing on a Windows 2k server platform. This office has a 1MB (down stream) satellite internet link. I have a VPN server/firewall (Watchguard) handling VPN duties using PPTP. Connection, authentication and file transfer are fine (although latency affected to the usual degree), but any data handling through Outlook and the SQL agent is really slow. I am fully aware of the latency implications and reason for this, and I think that the slow transfer rate for Outlook is due to the way it or the PC handles packets i.e. it waits for acknowledgement of receipt before sending ther next packet of data. My aim is to find a method of increasing packet size or altering the way the PC's handle packets to speed up the process and get the data through faster. The alternative is to use modems to dial in to, which I want to avoid if possible.
Cheers,
Ben
A simple fix to help speed up the Exchange interaction would be to use a LMHOSTS file on the VPN client. Putting the domain information and netbios names into cache may significantly speed up your experience.
That is typical of satellite links; it’s related to the latency, and the time it takes for the client to respond to the exchange server as the lists a synchronized. The best solution I have found for that problem is use the Outlook Web Client instead.
As for the SQL through a satellite link, that’s even worse, possible solutions are using Terminal Services to access the SQL server so everything runs there, creating a web interface for the SQL server, or a true front end, back end app so all data handling is done on the SQL server. The Terminal Services is the most popular solution as it’s the easiest to implement, even though it’s a real dog through a satellite link, but it’s still light years faster than trying to use an OBC connection.
As for the SQL through a satellite link, that’s even worse, possible solutions are using Terminal Services to access the SQL server so everything runs there, creating a web interface for the SQL server, or a true front end, back end app so all data handling is done on the SQL server. The Terminal Services is the most popular solution as it’s the easiest to implement, even though it’s a real dog through a satellite link, but it’s still light years faster than trying to use an OBC connection.
Do you have your DNS set to an external address?
Problem with the Oulook latency will be solved when the users will be using 2003 in the cache mode ( there will be the same user experience when the user is connected over the slow connection as on the lan.)
But there isn't probably way haw to improve SQL latency.
But there isn't probably way haw to improve SQL latency.
ASKER
Thanks for your comments so far... In response...
How would you go about lowering the encryption level further than PPTP?
I like the LMHOSTS idea. Is there a link or set of insrtuctions to go with that?
We use highly individual propreitry software with SQL, so a change of front end is not an option. Terminal services is what I use for server admin, but no good for the impatient execs who just want their email now!! Web access is a no-no partially because we have our domain hosted off site and run SBS, and partially because my guys don't want/<can't afford to> only have access to their emails online. We are talking execs who syncs exchange @ home 1st thing, and again at intervals during the day over WiFi or GPRS connections and need constant access to this data.
I use the satellite service providers DNS.
Cached exchange doesn't solve the problem... it still takes an age for the data to sync due to the packet handling mentioned in the question.
I guess i'm asking the impossible but I need a functioning exchange client and if possible SQL access even with the latency problem. Does anyone else know of any VPN standards, or alterations that would allow me to get closer? At present it will take 6-7 secs to bring up a text email in non cached mode and will take an age (i'm talking possible 1 hour plus) to sync in cached exchange mode..... Thanks again for all the suggestions so far...
How would you go about lowering the encryption level further than PPTP?
I like the LMHOSTS idea. Is there a link or set of insrtuctions to go with that?
We use highly individual propreitry software with SQL, so a change of front end is not an option. Terminal services is what I use for server admin, but no good for the impatient execs who just want their email now!! Web access is a no-no partially because we have our domain hosted off site and run SBS, and partially because my guys don't want/<can't afford to> only have access to their emails online. We are talking execs who syncs exchange @ home 1st thing, and again at intervals during the day over WiFi or GPRS connections and need constant access to this data.
I use the satellite service providers DNS.
Cached exchange doesn't solve the problem... it still takes an age for the data to sync due to the packet handling mentioned in the question.
I guess i'm asking the impossible but I need a functioning exchange client and if possible SQL access even with the latency problem. Does anyone else know of any VPN standards, or alterations that would allow me to get closer? At present it will take 6-7 secs to bring up a text email in non cached mode and will take an age (i'm talking possible 1 hour plus) to sync in cached exchange mode..... Thanks again for all the suggestions so far...
Where your domain is hosted is irrelevant with it comes to using the Exchange Outlook Web interface for Exchange access as it runs on the Exchange server its self. So instead of launching Outlook to get emails once you are connected to the VPN, you launch your web browser, and put in the name or IP address of the exchange server in it and log in.
The custom SQL app situation it the reason using Terminal Server to solve remote SQL server access issues is the most popular solution. As the cost for a Terminal Server license is a fraction of the cost of rewriting the code. I took advantage of the last rewrite of our database application to move it to a web interface because of remote access issues, so next time you do a major rework of it, you might want to add that to the list. In my situation the added cost was minimal, since they had to rewrite most of the front-end any way, and it made little difference to them to make it work through a web interface.
The custom SQL app situation it the reason using Terminal Server to solve remote SQL server access issues is the most popular solution. As the cost for a Terminal Server license is a fraction of the cost of rewriting the code. I took advantage of the last rewrite of our database application to move it to a web interface because of remote access issues, so next time you do a major rework of it, you might want to add that to the list. In my situation the added cost was minimal, since they had to rewrite most of the front-end any way, and it made little difference to them to make it work through a web interface.
ASKER
Will try the web access to see if it improves the situation...
Terminal server is not an option with this degree of latency, it is just to frustrating to use for these guys. For SQL, can I try using local copies that take published info from the master. If so, how would I do this?
Cheers
Terminal server is not an option with this degree of latency, it is just to frustrating to use for these guys. For SQL, can I try using local copies that take published info from the master. If so, how would I do this?
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for that... I'm away from the office for a few days but will try that upon my return. The replies are not being ignored and are appreciated. Will post again when I have had a go.....
Cheers
Cheers
ASKER
Ok,
I tried the LMHOSTS method, but it doesn't seem to make a huge improvement. Does anyone know if you can increase the packet sizes Windows sends over a VPN connection?
Cheers
I tried the LMHOSTS method, but it doesn't seem to make a huge improvement. Does anyone know if you can increase the packet sizes Windows sends over a VPN connection?
Cheers
ASKER
Hi all,
I seem to have at least improved the situation to a workable level using a combination of various tricks:
1. The LMHOSTS file as suggested by lrmoore
2. Tweaking the RWIN and MTU values to speed up comms
3. Changing the mail protocol to pop3 to eliminate the RPC chatter that exchange uses.
This will do for remote users at this point, for those demanding Exchange syncronistion rather than POP3 i'm going to put a dedicated Branch office VPN link in so that their PC's can update constantly and share the load out over time.
I will award the points ot lrmoore, as even though it wasn't a total fix it definately helped the situation
Cheers
I seem to have at least improved the situation to a workable level using a combination of various tricks:
1. The LMHOSTS file as suggested by lrmoore
2. Tweaking the RWIN and MTU values to speed up comms
3. Changing the mail protocol to pop3 to eliminate the RPC chatter that exchange uses.
This will do for remote users at this point, for those demanding Exchange syncronistion rather than POP3 i'm going to put a dedicated Branch office VPN link in so that their PC's can update constantly and share the load out over time.
I will award the points ot lrmoore, as even though it wasn't a total fix it definately helped the situation
Cheers
You could also try lowering the encryption level to see if that speeds anything up.