Solved

Network Solution

Posted on 2007-11-26
10
338 Views
Last Modified: 2013-12-23
I have three buildings on a campus.  They are very close together.  Each building has a cable modem and no more than 15 computers.  Up until now, there has been no server.  I am new to this environment and was asked to provide a solution.  We are going to buy 1 Windows 2003 server.  What is the best way to setup the network for all the machines to logon to that one server?  Should I get rid of the calbe modems and have one connection and run cable or wirless bridges to create one lan or should I just create a vpn?  Whichever solutions is suggested, please provide some general details as far as which hardware or software is suggested for either bridge or wireless, or vpn?  
0
Comment
Question by:zzASLANzz
  • 5
  • 3
  • 2
10 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 350 total points
ID: 20351125
The best bet is to physically connect them by wire or fiber. Copper has a 328' distance limitation, so it is probably out of the question.
A VPN is a good cost effective solution, but it will be limited to the maximum Internet bandwidth, quite possibly 1mbps, where as fiber can operate at 100mbps or even Gigabit, but probably much more expensive.
You can connect the buildings by placing a VPN router at each site. They can be purchased as inexpensively as $150 but I would recommend at least a Linksys RV042 which is about $200US. A Cisco router which is quite a bit more would be an even better solution, but still does not address the speed issue.
0
 
LVL 6

Assisted Solution

by:salvagbf
salvagbf earned 150 total points
ID: 20352169
While you could purchase dedicated VPN devices, of which I'd recommend Cisco's ASA 5505. They often run around $350 and can be used for dedicated point to point VPN connections. I'd highly recommend running fiber between the buildings. For cross building runs, copper should not be used due to varying ground voltages between the building's electrical systems, which could damage your switching gear.

Call around to some local cabling companies and have them come out to give you a quote on some fiber runs with fiber patch panels at each location. Then you just need to pick up some switches that you can plug the fiber into. There are plenty of switches that offer SFP, or dual-personality, etc. ports that you can buy a module to plug fiber into. HP's Procurve 1800-24G is an example of one.

Thanks,
Bernie
0
 

Author Comment

by:zzASLANzz
ID: 20352711
Gentlemen,
Thank you for the replies.  They are both very helpful.  I do not want to change the question, but let me tell you more about what we are doing and any suggestions are greatly appreciated.  1.  We are a non-profit and money is an issue (as if it isn't always everywhere).  Anyway, In addition to migrating to server based computing internally here (with thes two buildings), we are in the process of developing a database application that could possibly roll nationally.  The VPN solution seems attractive for this reason.  I realize that may change the scope of the question.  What we have is essentilally 11 different buildings now throughout New England.  This one location here has two buildings maybe 500 feet apart.  I would like the 15 or so machines in the other building to log into this domain here for authentication, resources, etc, but the main application they will use will be the database that will likely be a web-based front end, so that is why I was thinking the VPN solution will apply to all locations right?  Sorry if this is confusing or if I am changing a bit.  This is a work in progress.  I will gladly add more points here.  Thanks again guys.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20352969
Databases are a special consideration. Often folk want to run the application locally accessing a database on a remote server. This requires LAN speed capabilities. Databases are too "chatty" to work in this way over a VPN.
However, if you have a web based front end for the database as you have mentioned, you should be fine. It's a good solution.
Another possibility is to set up 1 or ore terminal servers located at the main site. Users logon by VPN or direct Internet access and run the application on the server. Though terminal server sessions are most secure over a VPN, thousands of people do this with out a VPN, as the sessions are encrypted, and there are ways to further secure the connection without the expense of the VPN.
0
 
LVL 6

Expert Comment

by:salvagbf
ID: 20353610
If you need to go "on the cheap" then VPN and possibly Remote Desktop (to handle the issues w/ database access over a VPN) is probably the cheapest/easiest.

If you have a WIndows 2003 Server (or even 2000) you have all you need to set up a VPN server for free.
http://articles.techrepublic.com.com/5100-1035-5805260.html

You can even make an XP machine a VPN server
http://www.gilsmethod.com/node/55

You'll of course have to open and forward the proper ports to the server in your firewall (specifically PPTP 1723  and L2TP 1701) and if you're doing Remote Desktop, you'll need 3389 too.

The only monetary issue you may have with Remote Desktop is licensing fees for Microsoft Terminal Services licenses. But again, you may not need Remote Desktop, give the VPN solution a shot first.

Bernie
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 77

Expert Comment

by:Rob Williams
ID: 20353784
salvagbf, one issue that will come into play with using the Windows VPN is multiple users will be connecting from the same site, and therefore the same public IP. This requires NAT-T which is not supported with XP and Server 2003. As a result when a second user connects it will "usually" drop the first. Also some routers will not support multiple PPTP pass-through sessions. For single users accessing from different public IP's it is a great option.
This is the advantage of a hardware site-to-site VPN.
0
 
LVL 6

Expert Comment

by:salvagbf
ID: 20355395
Rob,

Wow, you just explained the problems I've been having with my VPN! That's just not right! I've been using Microsoft's VPN server on Windows 2003 and for some reason, when all the sales people go out to a location, there are problems with random people having issues VPN'ing in while others are fine. I do have to say that more than 1 can get in, but usually the max is around 8-10 at a single location.

That's too bad, would've been a pretty cost effective solution. Hardware VPN it is!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20355440
If your MAX is more than 1 then the client site router is likely the problem. Most routers have a specific number of allowed pass-through tunnels. Quite a few are only 1, but I have seen specs for 1,4,5,8,10 and more. It varies from brand to brand and even one model to another. As a rule for multiple VPN users at one site you want a VPN router solution.
Newer SSL VPN's seem to get around some of these issues, but they are not overly common or cheap. The new Cisco 5500's I believe offer some SSL capabilities at an affordable price, but not sure of available options.
0
 

Author Closing Comment

by:zzASLANzz
ID: 31410990
Thank you both.  I think we are leaning toward a fiber run between the buildings here and a VPN solution (Cisco ASA's) between remote sites.  Thank you both.  I hope the point assignment is fair.  
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20361889
Thanks zzASLANzz. Good luck with your project.
Cheers !
--Rob
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now