[Last Call] Learn how to a build a cloud-first strategyRegister Now


How to setup a WAN properly, assistance and advice.?

Posted on 2007-10-10
Medium Priority
Last Modified: 2010-08-05
I work for a medium sized retail store with 15 locations spread out in a 100mile radius.   I have been planning to implement a system to use some new retail software.  We have here some outdated stuff.  I would like to know if any experts have performed a new WAN configuration.  I am thinking of going with a good sized server running windows 2003 for our main server room and small servers for domain servers only at the retail locations.  The locations do not need to talk to each other, only the locations to the server and so forth. Asides from that, I know I am going to need some routers capable of handling VPN connections.  My question is if having domain servers at each location necessary?? or can the workstations link up to the main server directly?? Also what routers do you recommend for this type of WAN config.
Question by:FENDERGUY
LVL 11

Assisted Solution

billwharton earned 120 total points
ID: 20053232
if you plan on having single connections between the branches and hub, yes you need a server at each location to be able to log on and access resources. Workstations may stil be able to log on without a domain with cached credentials ut if you plan to use central server shares for user folders, etc, then you would need a local server. Otherwise, you can go with a few domain controllers at the central sites and nothing at the remote sites except for the real important ones

For routers, at the main site you can go with a Cisco 2821 and remote sites a 2811 or even 2801 should do fine. It all depends on the number of users and if it's under 30-40, you can even explore the inexpensive 1800 series

Assisted Solution

Galtar99 earned 120 total points
ID: 20053255
It depends on the type and amount of traffic you're sending/receiving and how sensitive to latency your applications are.  The workstations can probably login directly to the main site, but if you're moving across 500MB files across a 56k link then you're going to have some problems.  Or if you're doing thousand of database transactions.  A basic setup would include a Cisco 3600/3800 at your main site with spokes going to each store with a 1700/1800 for the connection there.  The routers can support a VPN, but if you're expecting throughput better than 170 Mbps at your mainsite or 40 Mbps at each store then you're probably better off with putting the VPN on a PIX or an ASA.,
LVL 12

Assisted Solution

benhanson earned 120 total points
ID: 20054308
I'm assuming this is a client/server app you are talking about.  

The first thing you need to map out is what speed connections you will require.  This will pretty much be defined by the application you are planning on rolling out.  You might find that the program is network inefficient and requires a high bandwidth connection to the server.  Basically, can the program function at a remote office if the central server is only accessible by a DSL link with VPN encryption overhead.  Doing a test install with a slow link is the only good way to test this.

Once you map out your required speeds, you can map out what type of connectivity you will have.

Once you know what type of WAN connectivity you will have, you can choose your routers and hardware.

You do not need domain controllers at each site, they can authenticate to a central Active Directory DC.  Routers can provide DHCP.  Location of DCs in our organization is based on number of users and stability of WAN connection.
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.


Expert Comment

ID: 20067658
Curious what you've decided to do and how you're going to do it...
LVL 22

Accepted Solution

Reid Palmeira earned 140 total points
ID: 20069858
1. consider what kind of connectivity you need at each site. If you want a private network (which it doesn't necessarily sound like you need, you want point to point T1's/Fractional T1's at each site or an MPLS setup. In either case your router hardware is about the same, Cisco 28XX series is a good suggestion for the branch sites. Depends on your budget. Adtran NetVanta 4000 or 5000 is another good option for the main site, particularly if you're price sensitive. You'll also want to consider a good firewall since all the traffic is going to be coming to the same place. Sonicwall, ISA maybe if you're happier with a software package instead of an appliance. Symantec makes some decent firewall products.

site a ------ Main-----site b
                public internet

1a) If you're going with a public connection at each site then you'll want the VPN's (IPSec probably easier for you to setup) at each site running back to the main. Again Cisco or Adtran would be my reccomendation. Adtran has some smaller NetVanta boxes that are nice on price and modular.

In either case, consider how much bandwidth you need. If you go with a single domain setup then each one of the PC's is going to hit the AD at your main site, not just for domain login and email but everything else. Make sure you have enough bandwidth. You can distribute this out but then your sites are treated almost independently so you may need to split off into muliple DC's and setup your forest that way, say site A, B, C are in one group and run to a single DC. Sites D, E and F, go to another and those two DC's come back to main. Depends on how you want to organize it.

Author Comment

ID: 20080360
Thank you guys for your suggestions, I will take into consideration all of what you guys mentioned. Since all you guys replied with good answers I had to split up the points.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question