• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 849
  • Last Modified:

How to setup a WAN properly, assistance and advice.?

I work for a medium sized retail store with 15 locations spread out in a 100mile radius.   I have been planning to implement a system to use some new retail software.  We have here some outdated stuff.  I would like to know if any experts have performed a new WAN configuration.  I am thinking of going with a good sized server running windows 2003 for our main server room and small servers for domain servers only at the retail locations.  The locations do not need to talk to each other, only the locations to the server and so forth. Asides from that, I know I am going to need some routers capable of handling VPN connections.  My question is if having domain servers at each location necessary?? or can the workstations link up to the main server directly?? Also what routers do you recommend for this type of WAN config.
4 Solutions
if you plan on having single connections between the branches and hub, yes you need a server at each location to be able to log on and access resources. Workstations may stil be able to log on without a domain with cached credentials ut if you plan to use central server shares for user folders, etc, then you would need a local server. Otherwise, you can go with a few domain controllers at the central sites and nothing at the remote sites except for the real important ones

For routers, at the main site you can go with a Cisco 2821 and remote sites a 2811 or even 2801 should do fine. It all depends on the number of users and if it's under 30-40, you can even explore the inexpensive 1800 series
It depends on the type and amount of traffic you're sending/receiving and how sensitive to latency your applications are.  The workstations can probably login directly to the main site, but if you're moving across 500MB files across a 56k link then you're going to have some problems.  Or if you're doing thousand of database transactions.  A basic setup would include a Cisco 3600/3800 at your main site with spokes going to each store with a 1700/1800 for the connection there.  The routers can support a VPN, but if you're expecting throughput better than 170 Mbps at your mainsite or 40 Mbps at each store then you're probably better off with putting the VPN on a PIX or an ASA.,
I'm assuming this is a client/server app you are talking about.  

The first thing you need to map out is what speed connections you will require.  This will pretty much be defined by the application you are planning on rolling out.  You might find that the program is network inefficient and requires a high bandwidth connection to the server.  Basically, can the program function at a remote office if the central server is only accessible by a DSL link with VPN encryption overhead.  Doing a test install with a slow link is the only good way to test this.

Once you map out your required speeds, you can map out what type of connectivity you will have.

Once you know what type of WAN connectivity you will have, you can choose your routers and hardware.

You do not need domain controllers at each site, they can authenticate to a central Active Directory DC.  Routers can provide DHCP.  Location of DCs in our organization is based on number of users and stability of WAN connection.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Curious what you've decided to do and how you're going to do it...
Reid PalmeiraTelecom EngineerCommented:
1. consider what kind of connectivity you need at each site. If you want a private network (which it doesn't necessarily sound like you need, you want point to point T1's/Fractional T1's at each site or an MPLS setup. In either case your router hardware is about the same, Cisco 28XX series is a good suggestion for the branch sites. Depends on your budget. Adtran NetVanta 4000 or 5000 is another good option for the main site, particularly if you're price sensitive. You'll also want to consider a good firewall since all the traffic is going to be coming to the same place. Sonicwall, ISA maybe if you're happier with a software package instead of an appliance. Symantec makes some decent firewall products.

site a ------ Main-----site b
                public internet

1a) If you're going with a public connection at each site then you'll want the VPN's (IPSec probably easier for you to setup) at each site running back to the main. Again Cisco or Adtran would be my reccomendation. Adtran has some smaller NetVanta boxes that are nice on price and modular.

In either case, consider how much bandwidth you need. If you go with a single domain setup then each one of the PC's is going to hit the AD at your main site, not just for domain login and email but everything else. Make sure you have enough bandwidth. You can distribute this out but then your sites are treated almost independently so you may need to split off into muliple DC's and setup your forest that way, say site A, B, C are in one group and run to a single DC. Sites D, E and F, go to another and those two DC's come back to main. Depends on how you want to organize it.
FENDERGUYAuthor Commented:
Thank you guys for your suggestions, I will take into consideration all of what you guys mentioned. Since all you guys replied with good answers I had to split up the points.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now