IT Strategy (infrastructure)

Posted on 2005-05-03
Last Modified: 2008-03-10

Need your expertise on some IT strategy or infrastruture (Advice).

Our company has three different location as in Singapore, Malaysia and Thailand and each country has their own set of network and server. These 3 locations currently are not linked.

Meaning to say, each country has their own exchange server, SQL server and a domain controller.

Is there any good IT strategy that i can adopt (implement) so that i could have more cost effective and simple ways to manage these locations.

Is there any strategy and technology i could get in the market?

Please help!


Question by:whsean
    LVL 2

    Expert Comment

    well. why not using the INTERNET to link them together
    lets say if you keep SQL server in Each country to store temp records and at specific time they connect to the internet and upload all the temp records to a Server located on the internet to be saved permenently
    this way you can improve your work as well to be able to make a web based application for read/write records later on if its neccery
    LVL 27

    Accepted Solution

    You could use a Virtual Private Network (VPN) over the Internet to link them together.  I would recommend some kind of reduncant solution such as two different Internet Providers for each location.  You could advertise each location's network with BGP so that it could be reached via either provider.  Then you could have your VPN tunnels running and connect each location virtually.  On your servers and your network equipment, you could connect Terminal Servers which could be reached via IP so that you could remote console to any server, network box.  You can do this with Windows, Unix, or Network Gear such as Cisco or Nortel.

    Hope this helps.
    LVL 8

    Expert Comment

    I agree with pseudocyber, not sure if this is what he ment, but...

    I would have the VPN connections connect to a central location. Like the office your at, if you are going to be managing the network.

    This way you could replicate the SQL servers to a central office, thus if you need to restore you can do that remotely from the central office.

    Everything he said is right on the money...

    LVL 27

    Expert Comment

    A "hub and spoke" would work - but I was thinking with 3 locations of doing a "full mesh" - a triangle.
    LVL 8

    Expert Comment


    Yes and no, I think we need to know if he wants each location to have access to the other locations... We have manafacturing plants in each of those contries also, and there is no way we want them to have access to each other. It would be very bad...


    LVL 27

    Expert Comment

    Hmm.  OK, well given the specs of "more cost effective and simple ways to manage these locations." that's what I was recommending.    Also, there's no indication as to which is the Headquarters - where a hub would be.  The question sounds like all three sites are equals.

    As far as limiting access, there's no difference in topologies between hub and spoke and mesh.  It's a matter of access control.  If that's important, then a centralized hub with the other two connecting in with ACL's or Firewalls in between perhaps.
    LVL 26

    Expert Comment

    by:Leon Fester
    Same as what pseudocyber said.

    Your ultimate solution would be a VPN, here some people would disagree about Terminal Servers connection, and suggest that you rather have Leased Line connections. Depending on your Company budget, data security concerns and such, it may decide that it would be a safer option, to use Leased lines. These are fixed digital lines that you're Company would lease. Here cost is a factor, but unlike the Internet you will not be governed by other peoples Internet traffic.  Your local Telecommunications provider should be able to assist with cost and other options. Generally when looking for a wide-area VPN solution you need to consider the impact of other traffic and the sensitivity of the data being transported around the Network.

    Another problem that you'll only realise, usually too late is that your ISP generally won't manage your Internet Connection. Your Local telecommunications company should have a solution that offers you management of your link, with a guaranteed uptime. Another reason to choose a leased line is also, should something go down, your ISP is gonna be dependant on his upstream provider as well as the local telecom co, to assist and suppose. But since they do not own any of the equipment or line,(remember most ISP, rent bandwidth from the local telecom co's), they can't do much. If you've got a manage Leased line option from your Local telecom company then you have a binding contract for them to ensure you network availbility.

    Personally, my suggestion, is that if it's just for site support, and not mission critical data. Then you can use the Internet.

    For anything of a sensitive nature, then explore the local telecoms offerings for managed leased lines.

    Your final solution would incorporate a site-to-site VPN that triangulates all your locations,i.e. Location 1 links to 2&3, location 2 links to 1&3, location 3 links to 1&2 will ensure that you have redundant links. Using the VPN to create two-way trust between the locations so that if Site 1 trusts, site 2 then automatically it will trust site 3 since site 2 is already trusted. This ensures passthrough authenication to the other remote sites.

    And if this doesn't help....then I'm gonna bill you for plasters, 'cos I just typed alot :)

    LVL 4

    Expert Comment

    As stated above, VPN is the way to go.

    We have a similar situation to you - I have offices in Aus, Singapore, Europe, USA etc....all linked via Cisco VPN products. I manage centrally and can allow or deny access from any site to any site.

    I would look at a Cisco PIX maybe as you only have 3 sites. You can do PIX to PIX sessions easy enough on the PIX so traffic goes direct from site to site - if you want it to.

    There are loads of sample configs out there for Pix's.

    LVL 10

    Assisted Solution

    ...and if you need to have multicast traffic over the VPN, use GRE IPSec tunnels like in a DMVPN:

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Article by: IanTh
    Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now