[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Network branch offices

Posted on 2008-11-13
25
Medium Priority
?
465 Views
Last Modified: 2012-05-05
Hi all,
  The company intends to connect all branch offices throughout the world, so that Files
can be shared and computers can be remotely managed.

One way is to setup a site to site VPN between all branches eg. using Cisco firewalls.
Are there any other ways to connect the branches eg. Citrix......??

I am looking for the best option that should be easy to configure.
0
Comment
Question by:anarine
  • 9
  • 7
  • 4
  • +2
25 Comments
 
LVL 9

Expert Comment

by:hodgeyohn
ID: 22951487
citrix is a usefull technology for remote access.
if you have applications, and data files that are remote from the users, you can use citrix for remote access to the applications, and file.

vpns are more for direct connectivity.

hope this helps.
0
 
LVL 6

Expert Comment

by:kdtresh
ID: 22951547
From a hardware side, you could drop an ASA 5505 at each site, the default bundle comes with 10 IPSec VPN peers, so you could connect 10 sites to each ASA. It would probably run you $400-500 per unit, and it would be hard if you didn't have static IPs at all the locations. You can also use a software VPN client at dynamic locations to connect to a home office ASA, which would only require the home office unit.
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22951612
Your stated objective is file sharing amongst people in various branch offices and management of the client computers.  We have this same situation and have used 2 products:  1) Citrix to provide a "remote desktop" type of experience whereby users remote control a session in our HQ office, and therefore have access to all the same stuff as people in the HQ office, and 2) SMS for desktop management and application deployment.  And even though we use Citrix for the field users, we also use SMS to give them all the same applications and updates as everyone else, so the have the option of working locally when they want to.
The standard Citrix approach would be to put your file servers in an HQ office of datacenter, and then set up Citrix servers in that office so that your remote users in effect remote controlling sessions to get network performance "as if" they were located in the HQ office.  This could be done by published desktop (very similar to Remote Desktop but with better WAN performance and other advantages), or published applications.  Citrix also offers other products like application streaming but we use SMS to deploy apps.
Another approach would be to rely on just having the a VPN to each field office, but then investing in "WAN Acceleration" appliances which basically cache copies of files people are using so they don't have to pull them across the WAN unless they change.
Different approaches depend on what kind of expertise you have in house and where you want to spend your money / resources.
 
 
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:anarine
ID: 22951790
Ok so this comes down to what are the advantages/disadvantages of site to site VPNs Versus Citrix or any other technology. Can anyone shed some light ?
0
 
LVL 9

Expert Comment

by:hodgeyohn
ID: 22951817
based on what you wrote above, i would say that a vpn is probably the correct option for you.
the initial setup of a vpn isn't that hard.  you will have to work out some details such as name resolution.
a vpn will put your computer on the network.  this will give you maximum flexibility.
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22951858
Bandwidth is the main issue.  Do your users work on large powerpoint decks or other large files?  Where do you want them to store the files?  Locally on their PC is not good because if their hard drive crashes the data is lost.  But if you don't plan on file servers in each office, and expect them to store things on a remote server, then you better either provide lots of expensive bandwidth, or use some other technology like Citrix or WAN acceleration.
Citrix requires an investment in expertise to learn and manage it, but then costs go down.  Bandwidth is an ongoing cost, but if you can afford huge bandwidth, then you dont need to learn Citrix.  Or if your users really only use tiny files anyway, and would not be burdoned by slow WAN performance, than maybe just T1's to each office is adequate.
0
 

Author Comment

by:anarine
ID: 22952022
I do plan to place file servers in each branch. Each site has a 1 MB connection at least to the internet.
Each site has about 20 Users. 10 Sites in all.

Is the training for Citrix really necessary ? I've configured cisco routers before.
Can you provide the name of the Citrix  product that I can research ?
0
 
LVL 6

Expert Comment

by:kdtresh
ID: 22952128
If you go with the hardware VPN units, each one could connect to all the others and once it was all configured, connectivity between the properties would be transparent to the users. You could also just connect them all to the home office, rather than to each other, if they don't need to talk between offices.
0
 
LVL 8

Accepted Solution

by:
Herrmannator earned 225 total points
ID: 22952308
I did not mean to suggest Citrix training is necessary, just that there is a significant learning curve.  If you are going to use file servers in each office, then you may not need Citrix because users can store files on those local file servers.  Citrix is great when you have smaller branch offices that are too small to justify servers.
So I guess the question is, will each office pretty much have its own stuff they work on and store on the file servers, or does everyone truely need to store everything on the HQ file servers where it is therefore available to everyone?  Assuming the local file servers meet 90% of the need, then maybe you could have an HQ server that is used for "Common" storage.  For example maybe everyone has a U drive (Universal) that maps to this HQ server, where common stuff is stored and accessible to everyone via vpn.  
And to clarify the bottom line issue with an example, consider this:  
Scenario #1:  Lets say you have users in Texas working on files located in NY that are several hundred megs in size.  That will be challenging across a VPN link, because it would take substantail time just to copy the file across the WAN.  So the user would need to copy the file across the WAN to his local PC, then work on it, then copy it back to the NY server.  In the mean time, someone else might have modified it on the NY server, so now you have version control issues.
Scenario #2;  Now lets say the same users use Citrix (just like "remote desktop")  to remote control a session on a computer located in the NY office.  Since the large file is also located in the NY office, they can open it, work on it, and save it instantaneously, and they would get performance as good as if they worked in the NY office.
But if those scenarios are not they way your users work anyway, then you may not need Citrix.  And regardless, I would say VPN is the way to start.  Then if you find it does not meet the need, you can consider adding Citrix.
 
0
 
LVL 9

Expert Comment

by:hodgeyohn
ID: 22952322
training for users is minimal for either solution.
the good news with a vpn is that once it is setup you do not need to know much else.
Citrix there is a whole new product that you need to understand.  unless you are looking for an outside party to manage it.
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22952348
Right -- I can't see any reason you would not want a VPN as a minimum requirement, so you should do that as step #1 then evaluate whether you still need other solutions.
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22953574
Oh -- you had asked the name of the relevent Citrix product.  The new name is Citrix XenApp (used to be called Citrix Presentation server, and Citrix Metaframe before that).  But I would still focus on the VPN at this point!
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22957730
I'll second (or third?) the VPN solution.

Drop a Cisco ASA5505 in each site.

About $500 for a ASA5505-50-BUN-K9
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html
0
 

Author Comment

by:anarine
ID: 22958676
Will the VPN solution work behind a DSL modem  in each of the sites?
And are there any alternatives to a VPN or Citrix solution ?
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22958911
Are these ADSL or SDSL modems?  ADSL is better for networks and vpns, but either will "work".  If it is the cheaper ADSL, then your through-put (up and down) is different, typically download speed is much faster than upload, and the same pipe gets used for both upload and download which creates traffic bottlenecks.
But you will want so type of firewall protecting each office anyway, so VPN will be part of that implementation, so there is still not reason not to do VPN as step #1.  If you can do T1's to each office, you'll get better performance and a more stable network.  But it can be done no matter what the connectivity constraints.
As far as other solutions, it depends.  Is it a REQUIREMENT to be able to directly manage the computers at the other sites?  If so, you should have a VPN.  Will their be servers that need to connect back to the home office in each office?  If so, you should have a VPN.  Do you want any centrally managed items (like a cental Symantec Antivirus server) to keep tabs on AV for all computers?  if so you should have a VPN.
There are cheaper alternatives that can meet the file sharing need such as "just put up FTP server in the home office and let everyone use it to share files" but that has security downsides.  Or maybe you could just put a firewall in your home office, and then give everyone a VPN client so that they can connect back the home office if/when they need to.  So depends what your REQUIREMENTS are, and your budget.  The standard answer most would choose is to start with a VPN between the offices.  But if that is not a buget option, let us know.
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22958987
Sorry -- I meant "SDSL is better for networks and vpns, but either will "work".  If it is the cheaper ADSL, then...."
But really it depends on what you will try to do with it.  If you have a home office that will want to manage the remote office computers with products like SMS, then you need the dedicated bandwidth both ways that SDSL would provide.  But if they mostly need high speed internet and rarely need conectivity between offices, ADSL may be fine.
Here's a link describing the characteristics of each if not familiar:
http://www.buytelco.net/NetworkApplications.asp?ID=609 
0
 

Author Comment

by:anarine
ID: 22959040
Yes we need to remotely manange branch office computers, because we
may need to install software eg. Ms Office on the clients. Yes we are using ADSL. After reading your comments, I intend to go with ASA 5505 routers in each site. I hope the ASA 5505 can operate as a 'hardware vpn client' since this I beleive is easier to setup than a site to site vpn.

The only problem is that remote sites each have their own local windows domain.
Is this a problem ?
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22959333
There own domain all within the same forrest?  Or completely independent of each other with no knowledge of the other domains?  You can set up "trusts" between domains, but you will probably want to migrate all users onto a single domain in the future, and then you would still have separate sights within the domain.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22959434
With the ASA5505, setting up site-to-site VPNs is relatively easy.

I think the more difficult part of the project will be the file sharing, domain trusts, etc.
0
 

Author Comment

by:anarine
ID: 22960185
It may be easy to setup the ASA to ASA Vpn in a test lab, but it becomes more difficult to passthrough IPSEC traffic when ADSL modem running NAT is in front of the ASA. So we have a double NAT situation - on the modem and on the ASA. I've read about this being a problem, any thoughts ?

Will I be able to get tech support from Cisco with this issue?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22960405
It's usually a god idea to put the ADSL modem in bridge mode.
That way the ASA is the only L3 device and it has a public IP.
0
 

Author Comment

by:anarine
ID: 22961007

In the branch office, the ADSL router has a static public ip. The Windows NAT server behind
the ADSL modem has a private ip.
If I put the ADSL modem in bridged mode, will the public ip then be assigned to the Windows computer ?
I am not sure how the bridge works. Please explain
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22962349
Well, you're going to want to put the ASA in front of the server so protects the network and it gets the public IP
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22962408
Boy, this is lots of work by lots of people for 75 points - maybe you can boost the points!
0
 

Author Comment

by:anarine
ID: 22971331
I cannot bridge the DSL router. since it cannot bridge a PPPoA connection, only PPPoE
I'll try purchasing adslnation's X-modem or buy another DSL router that can bridge PPPoA.
Thanks to all for the help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question