Solved

Branch Office File Replication or LAN type speeds to WAN files

Posted on 2006-06-20
12
863 Views
Last Modified: 2008-01-09
This is my first question on ee, so please bear that in mind as we move forward.

First, a brief overview-

The Network:

I have one central set of servers here in our central office (lets call them Chicago1 (file server), Chicago2 (email server), Chicago3 (terminal server), Chicago4 (backup/scans/console/printserver).  All of my servers run MS 2003 Server (Fully updated, release 1).  

I have several branch offices with NO remote servers.  Lets call the branch offices Oregon, Minnesota, California, Florida, Oklahoma, etc etc, you get the point.

Each office (branch and central) has 2 T1 lines coming into a Cisco 2800 series router that also provides a permanent VPN tunnel between them all.  Some smaller offices may just use a PIX for this, but that isn't the issue right now.

I have 100 users, which will be expanding to 200 quickly, most of which are in these branch offices, and most of which are constantly-on-the-road laptop users.

For file sharing and backup to our central server, we use group policy to redirect and sync mydocs and desktop folders for each user.  Each user has exclusive rights to their mydocs/desktop, which is located on Chicago1 and synced via offline files to their laptops.

We also use mapped drives back to server shares on Chicago1.  These are not persistent (they are used via group policy set logon script) and not synced.  Users must be in a branch office or connected to the Cisco VPN software back to our Chicago office to get these mapped drives.

The issue:

After many registry tweaks and QoS hassles the branch offices are "ok" as far as mapped drive file browsing, and offline files synchronization.  However it is still not satisfactory.  To open, for instance, a 1.5mb excel file on the K:(mapped) drive takes longer than my branch users are willing to tolerate.  When they are in the Chicago office, however, they open the file without complaint.

When someone from marketing opens a large PDF file (60 megs or so sometimes) or a large powerpoint (20 megs or so sometimes) it might take 10, 30 mins, or sometimes an hour or more to open.  

I realize that this is a limitation of bandwidth/dropped packets/everything else, involving the WAN.  

The question:

I have looked into many solutions, such as MS Server 2003 R2 with DFS and/or FRS, Cisco WAFS, and various other "High Availability" and "File Replication" solutions by third parties, but none have really satisfied me.  The MS solution does not have write protection, so would only be useful for the mydocs/desktop redirection, but the hardware, licensing, research, and setup time and costs are all too high.  Most 3rd party solutions are only for Desaster recovery, or are Citrix type solutions I do not want (and I'm trying to get away form Terminal Server for everything except our financial software, which is dictated by higher ups).

The Cisco WAFS seem promising (but most hardware seems to be reaching end of life), but even after reading whitepapers and data sheets, I'm still unsure if they are right for me.  This is where I am leaning, but would its myriad of QoS and prediction things do the trick?

So the question really boils down to, how can I get as close to LAN speeds, on WAN accessed files, from a central server, and have these central files be available and write protected, in several locations at once?  And how can I do this with minimal dent in my IT budget?
0
Comment
Question by:DEoff
  • 6
  • 4
  • 2
12 Comments
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 500 total points
ID: 16956043
DEoff-

I think Citrix is a great solution, but if it does not work for your environment and you must do it this way you have to optimize your WAN connection.

I've seen these products in action, and frankly they are AMAZING.  The packeteer iShared may be your best bet, but the HP has a lot of nice features.

If you can throw your weight around a bit, get a demo device from each company and see which you like best.


Packeteer - Packet Shapers & iShared Devices
http://packeteer.com/products/

HP Wan Accelerator
http://h18006.www1.hp.com/products/storageworks/efswanaccelerator/index.html

0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16959001
My advice is each office needs at least a local server, and use DFS.  R2 is not necessary, although it gives you more tools for managment of DFS.  Tell managment it adds to the redundancy.  Reliance on backups become a thing of the past when you use several geographically separate servers, different ISP's and DFS/FRS.  You and your users will have access to at least as many replicas of data as sites you have, plus VSS copies.

Microsoft does not offer write protection... what do you mean by this?

You have insufficient bandwidth to expect so much browsing and over the wire file access.

The other way to do this without all that hardware is to switch to a 2000 terminal server based system.
0
 

Author Comment

by:DEoff
ID: 16959672
NYtechGuy,

Thank you, I will be looking into those products and possible "proof of concept" demo's over the next few days.

Carl,

The drawbacks I see to remote file servers are remote maintenance, as well as the write protection.  What I mean by this is, in the MS whitepapers I have studied, there is no write lock if a person in Oklahoma gets on a file on the K: (mapped) drive, and changes that file, and a person in Chicago does so at near the same time.

That person in oklahoma is accessing the file on their branch file replication server, while the chicago user is accessing the central file server (as are people on the road).  They both open it with no problem (I don't feel like hunting down the article again, but it's in technet somewhere, or possibly in a channel partner area, im not at work right now, but could quote the printout when I get there).  However when they save the file, the last person to save (the latest timestamp) actually overwrites the first person to open it, because the FRS/DFS system does not recognize to lock the file on both servers as if it is the same file.

As for bandwidth.  Actually, traffic tests show that currently, at no site, do we reach peak bandwith during normal operation.  

Also a file server, with setup and even minus maintenance time and cost (points of failure at each site are OS, many different hardware parts, etc) is more expensive than these WAFS type devices.

Terminal server does not solve the nature of our highly mobile workforce, at any given time 10% of our workforce is on a plane, and 25-50% of the time they are out of their main office.

I need to be able to provide good "hub/docking" sites, where they can expect to come in and get work done, for sure, but I also need some sort of WAFS or DFS no matter what, so that they can quickly (within an hour) sync their files locally, somtimes up to 2 gigs worth of new files.
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 16959754

DEoff-

I understand your situation a little better and see why DFS remote servers and/or citrix won't work for you - understandable.  

I'd like to stress my point again that the devices I have mentioned I have seen tested side-by-side with a standard WAN connection and they were SO much faster, and intelligent.  They got faster as time passed and more files were opened, caching redundant information at a low level (ie changed bits within a large file, etc) and serving it locally the next time.  This is especially helpful if your users are touching a lot of the same info again and again (templates, documents) and also speeds application/data access signifigantly.

best,

Justin
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16963217
re: file locking; ok I agree, however why would this happen?  Why would your file structure have even the slightest chance that a users's files be overwritten by another user?  My philosophy is to not have this happen via the way the heirarchy is setup.  To me that just means it is inappropriate for something like access database.

Agree the dedicated hardware solutions are very nice, however at 25k per box.... expensive.  How many boxes are needed?

0
 

Author Comment

by:DEoff
ID: 16963336
The Cisco WAF 512's will run me in tune to 5k, not 25k.

I have not looked into the solutions provided by Justin above, yet. (so very swamped)  To start I would need just the 2 boxes, to test (the one at our central site, and once branch office) but eventually, 5 for the initial rollout, and up to 10 in the next year or so, with more possible.

As I say, the Cisco solution seems to be inline with the costs of a dfs type file server.

As for why files are opened by more than one person at once.  It isn't that these mapped drives are for one user.  The Mydocs/desktop is for one user, yes, as said above.  But also as said above:

"We also use mapped drives back to server shares on Chicago1.  These are not persistent (they are used via group policy set logon script) and not synced.  Users must be in a branch office or connected to the Cisco VPN software back to our Chicago office to get these mapped drives."

These are community files.

Certainly something like sharepoint might be more practical for these type of files (there are about 120gb worth of them) but this is a dead horse, our users are executives, and it is a top down problem that I simply cannot get them to accept this solution.  Thus once again, back to DFS or WAFS soltuions.

So to recap, the dead horses in our org are:

Any Terminal serv/Citrix solution for file/app access
Any Webserver based file checking in/out solution (aka sharepoint, or that lotus one)

Other than those dead horses and the File Server or WAFS appliances, is there another possibility?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:DEoff
ID: 16996338
These links were helpful and pointed me in some more directions other than Cisco WAFs.  Thanks for the input!
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 16996398
DEoff-

You would need a box at each end of a connection for those solutions - but I believe only ONE (1) in the main location.

What do you think you'll be doing, out of curiousity - and for future reference

thanks!

0
 

Author Comment

by:DEoff
ID: 16996467
I'm working on getting some proof of concept (demo) rollouts from Cisco and Packeteer.  The cisco WAF is still tempting, if I can see it proven, as some of our routers would just need a module inserted to be ready.  And similar to your suggested solutions, would only need one piece of hardware at our main location.

But if Packeteer will provide an actual demo in both of our locations before Cisco (which is likely... as Cisco's old WAFS are reaching end of life, and their new ones arent out yet I dont think, plus they are a bit full of them selves and would just say "it will work") then I'll go with them.

I'm also going to be using webfolders (via sharepoint) from behind our VPN for smaller branch offices or home users.. and will maintain our current Terminal Server liscensing for our accounting software, to be used as an alternative to access the mapped drives if need be.

But I think, after showing the CFC the price of any solution such as this (File server, Citrix, WAFs) he gave me the green light to try to work with our already purchased Sharepoint.  Oh goodie, maybe I will be able to use our projectserver finally too!  (opens the can of worms)

SP will not decrese the time to download and open these files of course, but as it will not look like windows explorer, the users may (stress may) be willing to download and open the file.

In the end though, I think what I mentioned above, (a WAF at our main branches) with sharepoint in the smaller corners of our network, will be a good and workable blend.
0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 16996504

If the $$$ is there, you can combine the solutions.  WANs can always use optimization/packet shaping (Packetteer) in addition to filesharing/SP/TS...  see if they go for that :)

good luck!
0
 

Author Comment

by:DEoff
ID: 16996541
They are willing to let me put their money where my mouth is, so long as my solutions continue to satisfy.  So there's a good hope I can get the bankroll for it, though I'd still like to accomplish as much as possible with as little expense as possible.

Mouth don't fail me now!

0
 

Author Comment

by:DEoff
ID: 16996548
I'll try to remember to update this thread either way when this is resolved.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now