IT Strategy (infrastructure)


Need your expertise on some IT strategy or infrastruture (Advice).

Our company has three different location as in Singapore, Malaysia and Thailand and each country has their own set of network and server. These 3 locations currently are not linked.

Meaning to say, each country has their own exchange server, SQL server and a domain controller.

Is there any good IT strategy that i can adopt (implement) so that i could have more cost effective and simple ways to manage these locations.

Is there any strategy and technology i could get in the market?

Please help!


Who is Participating?
pseudocyberConnect With a Mentor Commented:
You could use a Virtual Private Network (VPN) over the Internet to link them together.  I would recommend some kind of reduncant solution such as two different Internet Providers for each location.  You could advertise each location's network with BGP so that it could be reached via either provider.  Then you could have your VPN tunnels running and connect each location virtually.  On your servers and your network equipment, you could connect Terminal Servers which could be reached via IP so that you could remote console to any server, network box.  You can do this with Windows, Unix, or Network Gear such as Cisco or Nortel.

Hope this helps.
well. why not using the INTERNET to link them together
lets say if you keep SQL server in Each country to store temp records and at specific time they connect to the internet and upload all the temp records to a Server located on the internet to be saved permenently
this way you can improve your work as well to be able to make a web based application for read/write records later on if its neccery
I agree with pseudocyber, not sure if this is what he ment, but...

I would have the VPN connections connect to a central location. Like the office your at, if you are going to be managing the network.

This way you could replicate the SQL servers to a central office, thus if you need to restore you can do that remotely from the central office.

Everything he said is right on the money...

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

A "hub and spoke" would work - but I was thinking with 3 locations of doing a "full mesh" - a triangle.

Yes and no, I think we need to know if he wants each location to have access to the other locations... We have manafacturing plants in each of those contries also, and there is no way we want them to have access to each other. It would be very bad...


Hmm.  OK, well given the specs of "more cost effective and simple ways to manage these locations." that's what I was recommending.    Also, there's no indication as to which is the Headquarters - where a hub would be.  The question sounds like all three sites are equals.

As far as limiting access, there's no difference in topologies between hub and spoke and mesh.  It's a matter of access control.  If that's important, then a centralized hub with the other two connecting in with ACL's or Firewalls in between perhaps.
Leon FesterSenior Solutions ArchitectCommented:
Same as what pseudocyber said.

Your ultimate solution would be a VPN, here some people would disagree about Terminal Servers connection, and suggest that you rather have Leased Line connections. Depending on your Company budget, data security concerns and such, it may decide that it would be a safer option, to use Leased lines. These are fixed digital lines that you're Company would lease. Here cost is a factor, but unlike the Internet you will not be governed by other peoples Internet traffic.  Your local Telecommunications provider should be able to assist with cost and other options. Generally when looking for a wide-area VPN solution you need to consider the impact of other traffic and the sensitivity of the data being transported around the Network.

Another problem that you'll only realise, usually too late is that your ISP generally won't manage your Internet Connection. Your Local telecommunications company should have a solution that offers you management of your link, with a guaranteed uptime. Another reason to choose a leased line is also, should something go down, your ISP is gonna be dependant on his upstream provider as well as the local telecom co, to assist and suppose. But since they do not own any of the equipment or line,(remember most ISP, rent bandwidth from the local telecom co's), they can't do much. If you've got a manage Leased line option from your Local telecom company then you have a binding contract for them to ensure you network availbility.

Personally, my suggestion, is that if it's just for site support, and not mission critical data. Then you can use the Internet.

For anything of a sensitive nature, then explore the local telecoms offerings for managed leased lines.

Your final solution would incorporate a site-to-site VPN that triangulates all your locations,i.e. Location 1 links to 2&3, location 2 links to 1&3, location 3 links to 1&2 will ensure that you have redundant links. Using the VPN to create two-way trust between the locations so that if Site 1 trusts, site 2 then automatically it will trust site 3 since site 2 is already trusted. This ensures passthrough authenication to the other remote sites.

And if this doesn't help....then I'm gonna bill you for plasters, 'cos I just typed alot :)

As stated above, VPN is the way to go.

We have a similar situation to you - I have offices in Aus, Singapore, Europe, USA etc....all linked via Cisco VPN products. I manage centrally and can allow or deny access from any site to any site.

I would look at a Cisco PIX maybe as you only have 3 sites. You can do PIX to PIX sessions easy enough on the PIX so traffic goes direct from site to site - if you want it to.

There are loads of sample configs out there for Pix's.

plemieux72Connect With a Mentor Commented:
...and if you need to have multicast traffic over the VPN, use GRE IPSec tunnels like in a DMVPN:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.