jessmca
asked on
Remote Access Upgrade
Hi,
I would appreciate some experienced advice on this so just going to throw points at it for valued opinion and reference back to this setup description.
Two of our offices buildings are connected via a leased line with the unused one having another leased line which all Internet access goes through.
The building with the Internet facing leased line is no longer used by us and leased out to tennants who do not have any access to the network infrastructure other than their own switches linking the existing lan for each building and an adsl connection.
Office2 still tunnels through Office1 to access the Internet.
All Servers, Exchange, Active Dreictory file server etc. are in Office2
Everything has been working spot on and I want to make as little hardware changes as possible.
I have been asked to look into remote access requirements for currently 70 users but would like to base this scenario on up to 100
The remote users need access to one file server to upload files to. Usually files too big to be sent via Outlook. Also to store office documents which they work on.
Basically, Word, Excel, Powerpoint and PDF files.
And Intranet access to diary, timesheet and expense claim forms etc..
Anti Virus updates are via LAN also
This acccess is provided via IPSEC VPN to the Cisco 3030 using Cisco client software
Since the company provided adsl, connectivity has been good.
When using dialup, was not so good.
Only current conection problems would be occasionally large attachments in Outlook and sometimes slowish web browsing.
Dialup acces is still barelyt usable though.
The problem is that they have been using their computers for personaly stuff as well as work.
While work documents would probably a well under 100 MB, their MyDocs and folders are backing up 600Mb, mainly digital camera images.
They also cant be trusted to regularly backup files and occasionally lose things.
Management have asked for offline access to the c drive be blocked completely so all files worked on never leave the server, while still having access to Outlook email.
Here is more or less the current setup
Remote User
Cisco Client VPN
|
576Kb ADSL
|
Internet
|
256k Leased Line
|
Cisco 3030 Concentrator
|
Cisco 2611 SRA Router
|
==================
Office 1
==================
256k Leased Line
==================
Office 2
==================
|
Cisco 2611 SRA Router
|
24 port Switch
VLAN1 VLAN2 VLAN3
| | |
Firewall ***** *****
| LAN2 LAN3
Switch
|
========
LAN
========
A Sharepoint or similar document management system will allow them to work on files centrally over the VPN connection but will rely heavily on connection speed and latency.
They are on the road all day and use their broadband mainly in evenings to write up reports and send to server. During the day, notes are taken in word, files copied to their laptop or to the server if this is restricted which will be via GPRS datacard and is more or less 40k dialup speed due to locations they travel to.
I was not part of this setup and will be travelling from Monday on to these locations to research preformance etc... and come up with a solution.
The LAN is running Active Directory 2003 and Exchange 2003 in mixed mode as I believe there is an NT4 domain controller involved for some reason. Hopefully will learn more about this tomorrow when I travel to Office2.
Before I go, I would like some advice on possible areas I should be looking at.
Q1
http://www.cisco.com/en/US/products/hw/routers/ps259/prod_eol_notice09186a008032d4c2.html
The router model is discontinued and Cisco link above recommends it be replaced with this one, which has updaterd OS and more memory and processing etc.
http://www.cisco.com/en/US/products/hw/routers/ps259/ps4830/index.html
At £1500 each, would this be value for money per performance increase? Or would the money be best spent elsewhere such as load balancing a central access solution?
Q2
If we implemented centralised document management such as Sharepoint. Say 50 simultanous users accessing documents this way.
From what research I have done so far, I feel a hardware solution between the Lan and firewall providing Load Balancing and acceleration may be a netter option than Windows Load Balancing or software only.
What is the best value for money hardare solution to beef up Intranet access if we throw document management and file storage onto it as well?
I won't have more detailed hardware info until early next week infortunately.
I dont skimp on points and will throw additional 500s for any followup info. Really appreciate any advice.
Jess
I would appreciate some experienced advice on this so just going to throw points at it for valued opinion and reference back to this setup description.
Two of our offices buildings are connected via a leased line with the unused one having another leased line which all Internet access goes through.
The building with the Internet facing leased line is no longer used by us and leased out to tennants who do not have any access to the network infrastructure other than their own switches linking the existing lan for each building and an adsl connection.
Office2 still tunnels through Office1 to access the Internet.
All Servers, Exchange, Active Dreictory file server etc. are in Office2
Everything has been working spot on and I want to make as little hardware changes as possible.
I have been asked to look into remote access requirements for currently 70 users but would like to base this scenario on up to 100
The remote users need access to one file server to upload files to. Usually files too big to be sent via Outlook. Also to store office documents which they work on.
Basically, Word, Excel, Powerpoint and PDF files.
And Intranet access to diary, timesheet and expense claim forms etc..
Anti Virus updates are via LAN also
This acccess is provided via IPSEC VPN to the Cisco 3030 using Cisco client software
Since the company provided adsl, connectivity has been good.
When using dialup, was not so good.
Only current conection problems would be occasionally large attachments in Outlook and sometimes slowish web browsing.
Dialup acces is still barelyt usable though.
The problem is that they have been using their computers for personaly stuff as well as work.
While work documents would probably a well under 100 MB, their MyDocs and folders are backing up 600Mb, mainly digital camera images.
They also cant be trusted to regularly backup files and occasionally lose things.
Management have asked for offline access to the c drive be blocked completely so all files worked on never leave the server, while still having access to Outlook email.
Here is more or less the current setup
Remote User
Cisco Client VPN
|
576Kb ADSL
|
Internet
|
256k Leased Line
|
Cisco 3030 Concentrator
|
Cisco 2611 SRA Router
|
==================
Office 1
==================
256k Leased Line
==================
Office 2
==================
|
Cisco 2611 SRA Router
|
24 port Switch
VLAN1 VLAN2 VLAN3
| | |
Firewall ***** *****
| LAN2 LAN3
Switch
|
========
LAN
========
A Sharepoint or similar document management system will allow them to work on files centrally over the VPN connection but will rely heavily on connection speed and latency.
They are on the road all day and use their broadband mainly in evenings to write up reports and send to server. During the day, notes are taken in word, files copied to their laptop or to the server if this is restricted which will be via GPRS datacard and is more or less 40k dialup speed due to locations they travel to.
I was not part of this setup and will be travelling from Monday on to these locations to research preformance etc... and come up with a solution.
The LAN is running Active Directory 2003 and Exchange 2003 in mixed mode as I believe there is an NT4 domain controller involved for some reason. Hopefully will learn more about this tomorrow when I travel to Office2.
Before I go, I would like some advice on possible areas I should be looking at.
Q1
http://www.cisco.com/en/US/products/hw/routers/ps259/prod_eol_notice09186a008032d4c2.html
The router model is discontinued and Cisco link above recommends it be replaced with this one, which has updaterd OS and more memory and processing etc.
http://www.cisco.com/en/US/products/hw/routers/ps259/ps4830/index.html
At £1500 each, would this be value for money per performance increase? Or would the money be best spent elsewhere such as load balancing a central access solution?
Q2
If we implemented centralised document management such as Sharepoint. Say 50 simultanous users accessing documents this way.
From what research I have done so far, I feel a hardware solution between the Lan and firewall providing Load Balancing and acceleration may be a netter option than Windows Load Balancing or software only.
What is the best value for money hardare solution to beef up Intranet access if we throw document management and file storage onto it as well?
I won't have more detailed hardware info until early next week infortunately.
I dont skimp on points and will throw additional 500s for any followup info. Really appreciate any advice.
Jess
scrathcyboy
too many issues wrapped into one Q here. Please list the 3 most important issues, one sentence each.
ASKER
There aren't really any issues as yet. At this point it is your advice I seek
There is a lot of info so I will try to summarise.
Background Info
Remote users need to access Outlook email, Intranet facilities, Anti Virus updates and manage documents and files over a VPN connection by Adsl and remote GPRS which is the equivalent connectivity of a dialup connection.
Currently, they work on files locally on their laptops, go home and write up reports which are copied to a file share on the server and access over an IPSEC VPN to a Cisco 3030.
We now want to restrict access to their laptop storage and have all work documentation on the central server only using Sharepoint or something similar.
This will put more load on the connectivity and servers.
My first question was regarding the Cisco 2611 SRA Router linking the two offices.
Question 1
Cisco have posted an End-of-Sale Announcement basically saying that replacing this with the Cisco 2611XM will provide "Up to 33% performance increase for processor-intensive services ", more memory etc..
I wanted opinion on whether this is a sales pitch or if the expense would give a worthwhile performance increase. They are £1500 each.
Question 2
With 100 users accessing documents, Emails etc.. I was considering some load balancing options.
http://www.f5.com/solutions/deployment/
http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=21855
http://www.zeus.com/solutions/int_systems/
http://www.f5.com/solutions/deployment/iis_bigip9_dg.html#1034459
This is new to me so any advice really on this. I will go off read up on it and come back with additional follow up questions later linking to this thread as background info.
Thanks
Jess
There is a lot of info so I will try to summarise.
Background Info
Remote users need to access Outlook email, Intranet facilities, Anti Virus updates and manage documents and files over a VPN connection by Adsl and remote GPRS which is the equivalent connectivity of a dialup connection.
Currently, they work on files locally on their laptops, go home and write up reports which are copied to a file share on the server and access over an IPSEC VPN to a Cisco 3030.
We now want to restrict access to their laptop storage and have all work documentation on the central server only using Sharepoint or something similar.
This will put more load on the connectivity and servers.
My first question was regarding the Cisco 2611 SRA Router linking the two offices.
Question 1
Cisco have posted an End-of-Sale Announcement basically saying that replacing this with the Cisco 2611XM will provide "Up to 33% performance increase for processor-intensive services ", more memory etc..
I wanted opinion on whether this is a sales pitch or if the expense would give a worthwhile performance increase. They are £1500 each.
Question 2
With 100 users accessing documents, Emails etc.. I was considering some load balancing options.
http://www.f5.com/solutions/deployment/
http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=21855
http://www.zeus.com/solutions/int_systems/
http://www.f5.com/solutions/deployment/iis_bigip9_dg.html#1034459
This is new to me so any advice really on this. I will go off read up on it and come back with additional follow up questions later linking to this thread as background info.
Thanks
Jess
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To add on to Scrathcyboy's comments
You can create a GPO to have a users My Documents folder redirected and sync'd to a file server which you do backup. That setup is not without it's own problems on bandwidth and the occasion error in syncing which is sure to generate some help tickets.
I can't say for sure how I would set this up without your additional information, which I'll wait for. I've used F5 products before. They've been really reliable and easy to manage for me. They are a good front end product.
On the backend.
Sharepoint is a great application. You can even created mapped drives directly to sharepoint folders. In larger farms it requires more servers than just clustering IIS boxes. You have to start to break up tasks indexing and such which requires more hardware and so on. All the data the users store in sharepoint will go into a SQL database which will also need to be a pig to handle the load of 100 users.
Hope that helps, if not I'll quit drinking while I type. :)
You can create a GPO to have a users My Documents folder redirected and sync'd to a file server which you do backup. That setup is not without it's own problems on bandwidth and the occasion error in syncing which is sure to generate some help tickets.
I can't say for sure how I would set this up without your additional information, which I'll wait for. I've used F5 products before. They've been really reliable and easy to manage for me. They are a good front end product.
On the backend.
Sharepoint is a great application. You can even created mapped drives directly to sharepoint folders. In larger farms it requires more servers than just clustering IIS boxes. You have to start to break up tasks indexing and such which requires more hardware and so on. All the data the users store in sharepoint will go into a SQL database which will also need to be a pig to handle the load of 100 users.
Hope that helps, if not I'll quit drinking while I type. :)
Oh one other thing, you're going to need much larger pipes than 256k if you expect your users to now start pushing 600mb files to you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for the feedback
scrathcyboy
I wont be able to make changes to the route to the Internet through both buildings.
I do agree that it adds uneccsary overhead, but overall the connectivity is pretty good.
So Cisco's upgrade recommendation would not be good value for money in your opinion on performance increase.
Thats good info
Currently, the VPN is via the Cisco 3030 concentrator.
It currently allocates an internal ip address which routes to the correct LAN via the Cisco 2611s and has been very reliable.
It also supports SSL-VPN.
What more efficient VPN option is there?
The users are not the best IT literacy wise. I can see major problems mapping MyDocuments to a central server. Especially when connected over GPRS at 50K.
shniz123 / nexusds
I think Terminal Services is where we should be going and woiuld be better value for money than implementing a Sharepoint option.
I know the Citrix ICA protocol gives better perfmormance than Micosofts RDP, but requires both Citrix and TS licencing for each user.
The applications are basically Office apps and web Browser.
The anti virus software is McAfee enterprise and is linked to the central server. SSL-VPN may lose this centralisation but give better performance.
Also ICA supports mobile devices which could be useful for remote access.
http://www.thinplanet.com/opinion/protocols.asp
Citrix appears to have the best solutions.
have shortlisted these two sites so far
http://www.citrix.com/lang/English/ps2/
http://www.marathontechnologies.com/products.html
Are there any other TS options I can look at so I can read up further before posting further questions?
Thanks
Jess
Thanks for the feedback
scrathcyboy
I wont be able to make changes to the route to the Internet through both buildings.
I do agree that it adds uneccsary overhead, but overall the connectivity is pretty good.
So Cisco's upgrade recommendation would not be good value for money in your opinion on performance increase.
Thats good info
Currently, the VPN is via the Cisco 3030 concentrator.
It currently allocates an internal ip address which routes to the correct LAN via the Cisco 2611s and has been very reliable.
It also supports SSL-VPN.
What more efficient VPN option is there?
The users are not the best IT literacy wise. I can see major problems mapping MyDocuments to a central server. Especially when connected over GPRS at 50K.
shniz123 / nexusds
I think Terminal Services is where we should be going and woiuld be better value for money than implementing a Sharepoint option.
I know the Citrix ICA protocol gives better perfmormance than Micosofts RDP, but requires both Citrix and TS licencing for each user.
The applications are basically Office apps and web Browser.
The anti virus software is McAfee enterprise and is linked to the central server. SSL-VPN may lose this centralisation but give better performance.
Also ICA supports mobile devices which could be useful for remote access.
http://www.thinplanet.com/opinion/protocols.asp
Citrix appears to have the best solutions.
have shortlisted these two sites so far
http://www.citrix.com/lang/English/ps2/
http://www.marathontechnologies.com/products.html
Are there any other TS options I can look at so I can read up further before posting further questions?
Thanks
Jess
There are many unseen cost savings that can easily go against the simple cost of TS CALS..overall you have all files on the servers for backup and recoveries, better security and beleive me, when a PC or notebook goes missing or crashes, it is soooooo easy to get back up and running or configure another pc without them loosing any settings. I generally use MS RDP and depending on the colour depth and features (local drive mapping and/or audio mapping) the performance will vary in comparison to citrix.. there really is only the two I woudl suggest to work with .. MS TS is all with one vendor and can make support easier, although citrix does make things like a single application sharing easier.
Actually the terminal services idea you awarded the accepted answer to is not a bad idea in this case. You will have problems with printers and shares when you go to TS, but they can be overcome, and it solves the bandwidth issue. No the cisco is not worth that huge cost for a fractional improvement. Good luck.