Setting up first VPN in workplace

[DaVinci135]

I work for a company that is about to open a remote branch in another state. We already have a LAN in place in the home office and now would like to setup a VPN to share resources with the new office. One of our main goals will be to share a MS Access database that resides on a computer within our office. I have done some research and gathered that I would most likely need a VPN with a Terminal Server for the best performance. I was wondering if you could provide me with some advice on the hardware, software, and procedures necessary to fully implement this idea. Our current configuration is as follows:

- DSL connection to Broadband modem
- Broadband modem to Netgear Wired/Wireless Router
- 5 PCs (one acting as a "server" or shared file resource)
- 2 Netgear switches to network 4 other PCs

 

[technome]

For a start...
Server of bare min 1 Ghz, your better off with fairly recent offers, but you do not need the faster server available. I would recommend a minimum of mirrored drives on the Terminal server, and the ability to back it up. The TS server needs to be a dedicated machine, you don't want users working on this machine.

mucho ram, my units all have 2 Gig to start.

Connecting to Terminal servers through VPN tunnels is the most secure. Accessing a database via VPN directly will cause heartache and corruption, straight VPN connections access files slowly.. go with the VPN to Terminal server approach, speed is excellent.

The office side should have a static IP address for the broadband line. the remotes are not critical.

UPS units on the TS and all devices used for the broadband communications. . TS servers are a bit more work than a standard server build. Do not make the TS a domain controller, a member server is more secure.

 

[DaVinci135]

Just a few questions:

1. Are the VPN server and Terminal server two separate machines or can you use one box for both purposes?

2. Being that I'm behind a router, what do you suggest in terms of static IP addresses? The VPN server will be behind a firewall (which is behind the router). Should I acquire a static IP for each device or will one do?

3. In terms of the hardware involved, what devices would I need to get this up and running? For instance, do I need a VPN server (hardware) or can this be handled with software? Do I need a new router in addition to what I already have or can I use my netgear?

Thanks for the reply, it is much appreciated!

 

[technome]

Preferably two separate boxes for the servers. But it is possible to have it on one, but security issue abound especially with domain controllers.

On the positive side, like I said, the TS need not be a super server. A 2.8 Ghz
single process, 2G ram, with 2 72 gig drives mirrored, preferably scsi, preferable dual power supplies will suffice; a cheap monitor or a shared monitor via a KMV device will do, as no one will be using the TS server console execept for setup and maintenance. A deluxe TS server would have a raid 5 array on a hardware raid adapter, with a min of (3) 36 Gig disks.

One VPN enable firewall is all that is needed at the office, along with VPN software on the remote side or cheap VPN gateway routers. Personally I would not run OS based VPN except for a large office, VPN equipped gateway router are fairly cheap, require little maintenance, basically nothing to go wrong. Netgear has VPN models, Sonicwall is another, I have primarily used Sonicwall units for the office side; your netgear my be usable if it has VPN capabilities. If you have not setup a VPN system before I would recommend you get a consultant to do the initial setup, getting the system going can be extremely aggravating for a novice, (been there/done that 6 years ago). VPN initially is like learning a foreign language, difficult at first, easier as time goes on.

I use Linksys BEFsx41 or Befvpn41 for remotes if the remotes are stationary machines, Software VPNs clients for mobile laptops, though they have small USN VPN routers for laptops (linksys). One static for the office would be needed, the remote with work with either static or dynamic broadband addresses, on cable or DSL. The line speed need not be super fast, as key strokes and video updates are the main traffic( 768k down and around 278 up is sufficant).


With 5 users, I would have DHCP setup, with static addresses reserved for the five users and the TS and regular server, and the office router; a few static address are very easy to manage, the DHCP server could dole out dynamic address to a user from outside the office, who brings a laptop in.