[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

Alternatives To WAN

I currently have a 2 sites with a dedicated T1 between them creating a WAN. The remote site goes through the dedicated T1 to get email, file shares, and other applications. We are about to open another site, and I would like to see if I could share the file servers with that location over the internet, rather than over a WAN. Has anyone had any sucess with any hardware or software products to make this happen? I do have the ability to have remote users connect with a VPN but I am tryiing to avoid the user from having to use the VPN to get to the file shares.

Thanks
0
vtjp1
Asked:
vtjp1
  • 3
  • 2
1 Solution
 
whermansCommented:
You have a few possibilities, with each its advantages and drawbacks:

Setting up a VPN tunnel between two servers that connect both sites is the cheapest one: you only need internet connectivity on the two sites, and can handle the VPN tunnelling yourself.  The drawback is that you won't have any guarantees on bandwidth.  Even if your ISP guarantees 2MB on each site, the connection between the two sites is out of hands of your ISP.  Security-wise is a well-set up VPN not a security issue anymore, not more than having a firewall and allowing users to visit websites.  Offcourse, since all is in your hands, you cannot have SLA's unless you are ready to invest in having an on-call service desk yourself.

You could go for another leased line.  The advantage is that, whatever happens to the internet, you have your connection with the other sites.  Drawbacks is that leased lines with guaranteed bandwidth are costly, and you need to supply internet access yourself on top of the cost of the leased line.  SLA's are pretty good here, but costly.

A third option is one I like most for medium sized organisations who don't want to do the leased line thing, but have grown bigger than just setting up simple VPN's.  Some providers provide nowadays some sort of VPN which they manage, with a guaranteed bandwidth throughput.  This is cheaper than a real leased line, but you get the advantage of a minimum guaranteed throughput and good SLA's.
0
 
whermansCommented:
In the first bit, I offcourse meant setting up a VPN between VPN-capable routers or servers that function as VPN-capable routers (such as ISA-Server).
0
 
vtjp1Author Commented:
I like your VPN cabable routers idea. I think i will research that. Thanks. How would I be able to figure out what their throughput would be on such a setup, and would I be able to router them around the VPN connection to get to the internet so they wouldn't have to come through the central site?
0
 
whermansCommented:
Most non-home routers can be used to set up a VPN tunnel.  You could go with a Netscreen 5GT on each side, and you could use these router/firewall devices to route all traffic through the internet, except for traffic on a separate subnet which then is routed through the VPN tunnel.

When the tunnel is made, you can measure throughput, but you have to realise that your tunnel is very dependent on Internet quirks: if a router in between goes down or is experiencing heavy traffic because something along the line asks alot of bandwidth too, you will experience influence on your VPN tunnel.  But for a basic 2 site company, it is an interesting and inexpensive way to hook up two sites in a secure way.
0
 
vtjp1Author Commented:
Thanks for all of your help. I will let you know how it goes.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now