Is a VPN the correct solution to my problem.

gbinthehizzyhouse used Ask the Experts™
I have been asked to look into a VPN solution for our SMB. It would have up to 5 users accessing at a time but usually only 1 or 2. My question is this.....Is a VPN the right solution for us as the work required is mostly database driven?  We have a decent ISP but the speeds in this area are terrible (DSL 20mb D / 2mb U).  Obviously our upload speed is not the greatest and my understanding is that both upload/download speeds are crucial. We are currently using remote desktop but my concern is that we are leaving ourselves open for attack.

Suggestions and/or comments are welcome. Thanks in advance.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013
Probably not.  VPN's are not a good option for accessing databases, i.e. the application at the remote site and the data at the corporate site, due to the slow network performance.  The limiting factor is the upload speed at the corporate site.  Most database apps want >50mbps, and VPN's cannot achieve that.  As a result data corruption can often occur.

The better option is to set up a terminal server or a few PC that users can access over the Internet using Remote Desktop (RDP).  This will works very well even with very low bandwidth connections.
VPN is secure, so no worries there.  What I would instead by concerned with is, as you said, the connected speeds, but namely the upload rate.

A business I manage is of similar size to yours, and two of the employees wanted to work from home on their SQL-driven database that resides at the office.  So I installed LogMeIn Hamachi as a VPN solution.  Once the connection was established, I installed the client-side software they use, but the results were terrible: just to load the program required 15 minutes of data connectivity.

A better solution was to have them remote into the server via Remote Desktop and over the VPN.  While it's not instantly responsive, it has worked adequately.  So I would say to try it out and measure the results based on your experimentation.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
With DB driven applications the best approach is to use Terminal Services. Exceptions are if only small amount of data is exchanged.

The main issue with a server-driven database engine are the request-response-roundtrip times, not the bandwidth. Since the Internet connection introduces significantly greater delays, and VPN adds to that, small packets for which the receiver has to wait to continue need a lot of time, and the performance is disastrous. SQL DBs and applications tend to have small queries, retrieving a subset of data, and ask for other data based on the results.

If your DB does not use a centrally running engine, but is client based, like Access, it is even worse, as the file operations will get slowed down to almost a halt. File seeks are not very efficient over VPN (or any other public WAN connection).

In opposition, having Terminal Server is effective, as only graphical commands will get transferred. Unless the graphic engine renders stuff different all the time, that is. Watching graphs that way isn't effective, for example.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial