Citrix @ 2 Locations connected via Site to Site T1, Looking for alternatives

jgutz20 used Ask the Experts™
Hey, so i am new to citrix, i've been doing a lot of research on it as of late and have 1 bridge to cross.  The Dental office with 2 locations is paying $500 a month for at most, 5 remote Citrix sessions.   Now these computers are part of a domain that is located in 1 location with access to shared resources in both locations (print an invoice over to the other office etc)

So my question is this,  Would switching to a VPN solution be a reasonable solution for this office?  they do not plan on adding additional machines to this remote location.  They curently have a DSL Service with a 3Mbps Upload and do have the capacity to upgrade that to at least 5Mbps.

I was thinking of throwing in a couple Sonicwalls that keep the tunnel open 24/7 or setting up RRAS and just purchasing 1 Router for the remote office.  

I've been reading abuot the Citrix Access Gateway as well.   Would this also work?  From what i understand its just a means to connect to a remote server in a secure manner?  I know this does not link to 2 networks to act as 1 single network like the VPN would but i could replicate DNS on another Windows 2003 Server that is doing nothing thx to the previous IT guys.

Just looking for ideas to send me in the right  direction for this and what other people think of ditching the T1 line for this (I understand the bandwidth of a T1 as well as the DSL with the VPN overhead) but hoping that someone has done a configuration like this and is completely happy with it!

Also, does anyone think i should dump Citrix all together and just use a VPN with RDP?

Oh and i guess i may as well throw in this:  Are there any problems with Server 2008 x64 hosting citrix that i should be aware of? (All software used by users will support it just fine)

Thanks in advance, i will distribut pts to the first Author who posts that sways me into making my decision one way or another

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Okay let me see if I can help with some of your questions, but I do have some of my own.

So this remote office, do you want to get rid of Citrix?  That would mean local domain controllers, file shares, replication, etc etc that would be required in order to get a good local experience.  Also the applications would all have to run locally which means workstation installs etc etc. I'm not sure what you are asking for the VPN situation.

The Access gateway can create VPN sessions for you by users but this is used to secure Citrix sessions.  So are you just looking for something to secure your Citrix sessions with?

Here is a link to Citrix 2008 known issues:  Its a good read.

Normally I vote staying with Citrix, but I am kinda biased being a Citrix partner and all.  If you can give me more information, I can hopfully help you further.


OK... So i know how the Citrix works with Terminal Services and there is a need for Windows Licensing as well as the citrix boxes..  So the question in regards to getting rid of citrix..Is it worth keeping Citrix around over Microsofts RDP?  I can look up a comparison of features RDP has to Citrix so just in general, but with the volume im trying to decide which is best.  They have 5 remote users currently and then 3 at the main office so 8 total using the Citrix server (all of these are the small HP Thin Client machines) and i could only see up to 12-15 realistically using citrix down the road.   But that part of the question is just a preference type question based on  experiences.

The important question is regarding getting rid of the SIte to Site T1 line.  i'm just not sure how VPN works with Citrix, i've looked all over the place and come up with 20-30kbps for each session, so even with the 3mbps upload currently DSL provides, should be plenty to handle.  Is this true? Will the VPN work fine with this number of clients remotely with Citrix?  They are not likely to add any more to the smaller office..

So would you recommend sticking with the T1 or setting up an always on type VPN tunnel to accomplish the same thing?  

All the computers are member of a single domain, and i have an extra Server 2003 box that i could use at the remote location to replicate Active Directory to keep things running smooth

From what you are describing with only 5 users activly using Citrix a T1 line should be alright with a DSL line as backup. Something to consider before changing your connection method: Are other users at the location not using Citrix and streaming radio or video from their PC?  I have always learned, your pipe is only as good as the person who is streaming music or downloading torrents.

With Citrix already setup to work remotly, I don't see a need for a always on VPN unless you were looking to secure the connection to the Citrix box.  Then you could setup an Always on VPN, or purchase an Access Gateway to help secure the connection and not leave it open on the public internet.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

I would say there is no need for a VPN at all. You can use the free Citrix Secure Gateway (CSG) in conjunction with the free Citrix Web Interface (WI) and provide access through it. All HTTPS, all encrypted.
Keep in mind that not all thin clients are created equally. :-)
This means some thin clients will simply NOT support any other Citrix access methodology other than a plain ICA protocol connection. You do not mention which OS these run; if it is Windows XPe (embedded) your chances of getting them to work with the CSG/WI are much higher. If they are Linux or Windows CE make sure you contact the vendor to check if they would support the CSG.
Would you be able to dump Citrix and use plain TS? Given my experience, in 80-90% of the cases this is possible. Citrix does offer a lot more but these features are usually more relevant to large, heterogeneous environments with several Citrix servers.

Cláudio Rodrigues
Citrix CTP


Thanks everyone for their input.  I went through with dropping the T1 connection which was just overkill for this small network and i was able to purchase a more powerful server to host the remote clients and it will have paid for itself  within the first 10 months considering that the T1 was $500 a month.  We bumped up the DSL speeds and i used the old Citrix server as a Backup Domain Controller at the remote office replicating Active Directory and other important data to keep user authentication quick and file access  even if the VPN Tunnel has been compromised. The PDC and BDC also have RRAS installed to establish their own VPN connection should the Sonicwall endpoints go down.  I then got the Citrix server back up and running on much more powerful hardware and it has drastically helped with slow applications.   I've also decided to start getting rid of Citrix, we've paid for Terminal Services Licensing and starting to purchase new licensing for Office products and we are gradually moving ALL computers over to utilize the 8 Core (2 Quad Xeon E5540s) and 24GB DDR3 ECC RAM.   And gradually start to replace aging full sized desktops with small ThinClient machines except for on the large 360 degree X-RAY machines, i've left a little more power there

"From what you are describing with only 5 users activly using Citrix a T1 line should be alright with a DSL line as backup. Something to consider before changing your connection method: Are other users at the location not using Citrix and streaming radio or video from their PC?  I have always learned, your pipe is only as good as the person who is streaming music or downloading torrents."  

I know the T1 with DSL backup is alright as this is what they have been using for quite some time, i was just trying to find a work around to avoid the expensive and overkill T1 Lines!

Thanks all


AcceleraSolutions - I did use File Replication across the Tunnel so that clients could access files much quicker and then also the Authentication process is quicker with AD replication.

tsmvp - I originally wanted to get rid of Citrix and after i realized that i needed Term Service Licensing AND Citrix on top of that it made the migration decision very easy. I've implemented more complex TS installations so i was comfortable doing this in the first place.  But i gave u an edge in points for coaxing me into making the big decision which i believe will speed things up and make life easier for everyone because I too could find no advantages of Citrix until you get to much larger networks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial