How to setup a WAN properly, assistance and advice.?

Posted on 2007-10-10
Last Modified: 2010-08-05
I work for a medium sized retail store with 15 locations spread out in a 100mile radius.   I have been planning to implement a system to use some new retail software.  We have here some outdated stuff.  I would like to know if any experts have performed a new WAN configuration.  I am thinking of going with a good sized server running windows 2003 for our main server room and small servers for domain servers only at the retail locations.  The locations do not need to talk to each other, only the locations to the server and so forth. Asides from that, I know I am going to need some routers capable of handling VPN connections.  My question is if having domain servers at each location necessary?? or can the workstations link up to the main server directly?? Also what routers do you recommend for this type of WAN config.
Question by:FENDERGUY
    LVL 11

    Assisted Solution

    if you plan on having single connections between the branches and hub, yes you need a server at each location to be able to log on and access resources. Workstations may stil be able to log on without a domain with cached credentials ut if you plan to use central server shares for user folders, etc, then you would need a local server. Otherwise, you can go with a few domain controllers at the central sites and nothing at the remote sites except for the real important ones

    For routers, at the main site you can go with a Cisco 2821 and remote sites a 2811 or even 2801 should do fine. It all depends on the number of users and if it's under 30-40, you can even explore the inexpensive 1800 series
    LVL 6

    Assisted Solution

    It depends on the type and amount of traffic you're sending/receiving and how sensitive to latency your applications are.  The workstations can probably login directly to the main site, but if you're moving across 500MB files across a 56k link then you're going to have some problems.  Or if you're doing thousand of database transactions.  A basic setup would include a Cisco 3600/3800 at your main site with spokes going to each store with a 1700/1800 for the connection there.  The routers can support a VPN, but if you're expecting throughput better than 170 Mbps at your mainsite or 40 Mbps at each store then you're probably better off with putting the VPN on a PIX or an ASA.,
    LVL 12

    Assisted Solution

    I'm assuming this is a client/server app you are talking about.  

    The first thing you need to map out is what speed connections you will require.  This will pretty much be defined by the application you are planning on rolling out.  You might find that the program is network inefficient and requires a high bandwidth connection to the server.  Basically, can the program function at a remote office if the central server is only accessible by a DSL link with VPN encryption overhead.  Doing a test install with a slow link is the only good way to test this.

    Once you map out your required speeds, you can map out what type of connectivity you will have.

    Once you know what type of WAN connectivity you will have, you can choose your routers and hardware.

    You do not need domain controllers at each site, they can authenticate to a central Active Directory DC.  Routers can provide DHCP.  Location of DCs in our organization is based on number of users and stability of WAN connection.
    LVL 6

    Expert Comment

    Curious what you've decided to do and how you're going to do it...
    LVL 22

    Accepted Solution

    1. consider what kind of connectivity you need at each site. If you want a private network (which it doesn't necessarily sound like you need, you want point to point T1's/Fractional T1's at each site or an MPLS setup. In either case your router hardware is about the same, Cisco 28XX series is a good suggestion for the branch sites. Depends on your budget. Adtran NetVanta 4000 or 5000 is another good option for the main site, particularly if you're price sensitive. You'll also want to consider a good firewall since all the traffic is going to be coming to the same place. Sonicwall, ISA maybe if you're happier with a software package instead of an appliance. Symantec makes some decent firewall products.

    site a ------ Main-----site b
                    public internet

    1a) If you're going with a public connection at each site then you'll want the VPN's (IPSec probably easier for you to setup) at each site running back to the main. Again Cisco or Adtran would be my reccomendation. Adtran has some smaller NetVanta boxes that are nice on price and modular.

    In either case, consider how much bandwidth you need. If you go with a single domain setup then each one of the PC's is going to hit the AD at your main site, not just for domain login and email but everything else. Make sure you have enough bandwidth. You can distribute this out but then your sites are treated almost independently so you may need to split off into muliple DC's and setup your forest that way, say site A, B, C are in one group and run to a single DC. Sites D, E and F, go to another and those two DC's come back to main. Depends on how you want to organize it.

    Author Comment

    Thank you guys for your suggestions, I will take into consideration all of what you guys mentioned. Since all you guys replied with good answers I had to split up the points.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now