[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

Network Plan

Hi All,

I have been asked to put a proposal together to help our small organization to interlink between all of our five sites.
What is the best / secure / fast way to setup & configure a permanent  wide area network. We are currently running Windows 2008 server at our head office and Windows XP on our workstations and we would like our 4 other sites to have a permanent  connection to our Head office automatically. We are flexible and are able to purchase additional hardware if required.
Thanks for your help
Wayne
0
Waynepre
Asked:
Waynepre
  • 4
  • 4
  • 3
  • +3
2 Solutions
 
Neil RussellTechnical Development LeadCommented:
Depending on your resources, budget and technical abilities, you may be best advised to go for a fully managed MPLS network from a good named network supplier. There are many and speaking from experience in the UK I would recomend you talk with the likes of Verizon and Viatel.
0
 
giltjrCommented:
I agree with Neilsr, a managed MPLS network is your best bet.  

If that is too expensive, then you might what to try a fully managed VPN over the Internet from a single ISP provider.
0
 
notacomputergeekCommented:
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
giltjrCommented:
Well actually you do need/have a VPN.  If you read the documentation a IPSec connection and tunnel is required which is a VPN.  

Based on what I have read, DirectAccess is not a site-to-site technology, but a client to site.  Not sure if that would work for multiple sites.  That means each desktop would need to have a IPSec connection to a DirectAccess server at all of the other sites.  Seems really messy to me.  It looks like DirectAcces is meant for corporate computers that are traveling on the road or a remote site that has just a few computers.  Not a 5 site network.

0
 
a1aaitCommented:
One solution that has worked well for me to connect several offices is using router-to-router VPN.  This type of setup does not rely on your servers or workstations to be configured for VPN, and once set up, is quite transparent to users.  You will need adequate bandwidth and reliable connectivity to the internet from each office.   This might not work as well as a dedicated third-party service, but is likely to be a lot less expensive to operate.   The same routers may allow "dialup" VPN access for users who travel but still need access to the office network.  VPN routers by Juniper and Netgear can do this reliably.

Its far easier if you have the same router model at each location, but it can be done with heterogeneous routers as well.
0
 
WaynepreAuthor Commented:
Hi all firsty thank you all for your replies. I was thinking about going down the route of router to router VPN but had never used it before. We currently use draytek routers which we know can do that job but I don't know how secure it is.

With regards to the using MPLS i have heard of it it but have no idea on how to implement it. What sort of cost does this cost?

I don't think going down the route upgrading all pcs to win7 and using DA is an good idea as it is just going to get confusing for our users.

Thanks all wayne
0
 
a1aaitCommented:
Wayne:
I think you are on the right track re: users.  The less they have to know to get connected the better for all concerned.

Properly implemented,  VPN is very secure, provided you take all normal precautions such as changing the default login of all your network gear, and avoid advertising your IP addresses and Pre-shared key (if you use one).

If you don't have static IP at your sites already, do yourself a favor and get them, as it will help your VPN be more secure by allowing VPN to only connect with specified IP addresses (not hostnames) and avoid any issues with Dynamic IPs and Dynamic DNS.  It will be much easier to manage this way.  (This does not apply to "dialup" roaming VPN users.)

The router-to-router method keeps all that networking overhead off your servers so they can do other stuff faster.
0
 
giltjrCommented:
What type of Internet connections do you have?  If you have asymmetrical connections you need to check what your upload speeds sare because that is what you will be limited to.

MPLS networks are typically managed and are priced based on location, total bandwidth, and guaranteed bandwidth.  They can be VERY expensive.  I have paid about USD $4,000 per month for a T1 with a CIR of a T1 for a central site and USD $2,000 for remote sites  for 768Kbps with a CIR of 512.  Central sites was in USA, remote sites were in Canada and the U.K.
0
 
a1aaitCommented:
giltjr is right.  Upload speeds are usually the limiting factor and where things start to get expensive.
0
 
WaynepreAuthor Commented:
Thanks guys, my mind has been made up and I will go for the router to router idea. I am not sure what the bandwidth is like on the 4 sites but I am going to upgrade them to the fastest possible.
 
Many thanks for your help :D
0
 
WaynepreAuthor Commented:
Thank You!
0
 
premillardCommented:
I have the same type of setup, you are making the right choice and you will be saving your company a LOT of money in the long run. Also, users will be very happy because they will just be automatically connected, zero frustration.

If I may throw in another 2 cents. I am assuming you are on a domain. If you don't already have an AD server at the other sites you may want to invest in them. You must think, "what if a VPN connection goes down" will my users still be able to access the internet? And of course, you will need to evaluate based on the business needs what users need access to in order to continue business in the case of an outage.
0
 
WaynepreAuthor Commented:
Hi Premillard,
Thanks for your comment,
My Plan, is to install 4 new servers at the 4 other sites and install Draytek routers on each site and configure just incase as you say the VPN goes down.
Thanks very much and thanks to everyone hope you all have a good xmas.
0
 
Neil RussellTechnical Development LeadCommented:
Just remember that saving your boss several thousands of pounds is onething, runninbg a company across multiple sites with your OWN vpn that YOU are responsible for, with NO SLA or back up, can be painfull when it goes wrong and you have no support. Just my final thoughts. MPLS! ;)
0
 
giltjrCommented:
I will have to sort of agree with Neilsr, you are responsible and if you have the bandwidth VPN's over the Internet can work you also have to evaluate what you use the Internet for and how much traffic you will add by doing VPN over it.

If you use your Internet connection at any of the site for hosting services or for accessing services that are business critical to you, VPN traffic will cut into that bandwidth.  Also, the next thing they may ask you do to is VOIP between the offices.  Trying to do this over a VPN tunnel over the Internet will encounter problems.  Doing VOIP over MPLS is not a problem because the MPLS back bone will prioritize the VOIP traffic end to end.

You may want to research MPLS costs and provide two options.  

MPLS: higher cost better reliability, less impact on Internet traffic, better for future services between the remote offices.  

Self-managed VPN over the Internet: less cost, more impact on Internet traffic, limited expandability for future services.

If you do go with self managed VPN over the Internet you may want to research "WAN" accelerator products. They provide dynamic data compression and other services that reduces the amount of traffic flowing over the VPN tunnel, thus reducing bandwidth requirements.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now