SUGGESTIONS NEEDED TO CONNECT TWO SMALL OFFICES

[Evil8]

The issues...

Main office (JIC) is using Windows 2007 Server, has less than 15 users and has broadband cable ISP. Client computers are running Win XP Pro

Second office (SFI) has a Windows 2003 SBS Server with less than 10 users and broadband air fiber ISP. This office needs to be split in two. One group (5 users we'll call MEDI) will remain by itself while the other group (5 users we'll call SIS) needs to be connected to the mail office. All client computers are running Win XP Pro.

I've suggested that the WIN 2003 SBS get a clean new install and setup for the MEDI group, they keep the broadband air fiber ISP and current router configuration. A new Windows Server be purchased and setup for the SBS group and dust off the old sonicwall router and place that back into service setting up site-to-site VPN with the Main (JIC) office through the same ISP the main office has. I suggested doing this as the new SIS Domain being a sub-domain of the JIC domain.

One of the most pressing issues is database access between the two offices connected via VPN. The SIS office is using MS Office 2003 Access with some 2000 records and a mass of tables in two connected databases. The JIC office is using an off the shelf CRM software, at this time I don't know if it's installed on their server or they have web access.

The next most pressing issue is cost. As usual they don't want to spend anything they don't want to do, when I mentioned that Microsoft support for Windows XP will end in 2014 and any plans should include upgrading to machines running Windows 7 Pro, I was told to make them all dumb terminals to login to a remote virtual server... A solution that isn't beyond acceptance, but has it's own disadvantages. They don't understand how any of this works only that it needs to and they through out the term "cloud computing" like it's the answer to all their issues.

Other issues and software is Exchange email and MS Office. The JIC office is using 2007 and the SIS office is using 2003.

All input is appreciated. Thanks!

 

[chieftan]

What connectivity are they utilising between the two? As in, WES10, 100, 1000 or ADSL?

Database access and transfer between sites is usually quite intensive. To say 10 users is a bit vague because it depends on what those 10 users are doing...... for example, a PA saving a word doc is a bit different from a programmer or database administrator transferring large amounts of data.

The main problem with ADSL is always the upload speed rather than the download speed.

Your bottleneck is going to be the VPN.

As this is in the VPN section, I am guessing you dont require any information on the windows side of things?

Setting up a terminal server at the far end may help and utilising destination NAT for RDP (Remote Desktop).... Someone esle may be able to come along and offer slightly better information

From the perspective of just Site-to-Site VPNs, I tend to use Route based rather than Policy based and then IPSec, but entirely up to you I guess. I am mainly a Juniper guy with regards to FWs, so I would, in this case probably go for a medium class, like an SRX240, or even an SSG140, but again, they are Juniper boxes.

 

[Evil8]

Thanks for the input chieftan. As of right now this project is in the planning stage. I'm to present them with options - including costs and benefits. The SFI group that's being split tried to work with database access transfer in the past and always ended up disappointed. This is a major concern. As many as 10 of the users at any time during the work day may be one or both databases, have MS Outlook, a web browser and have MS Word open at the same time. As of now there is a basic VPN desktop client utility (shrewsoft) at the SIS site being used to access word documents on the JIC server. Only one person there has access at a time and it is slow at best and very, very slow on one desktop.

If we end up going with site-to-site VPN IPSec will be the way to go. I have a sonicwall at the SIS site not being used currently. I'm not sure what the JIC site is using yet.

 

[jimbopalmer]

I would use Cisco RV042 routers for that small an office, but with ANY VPN you will only get upload speeds, not download speeds. so be sure that is an acceptable speed.



I tried to remain child-like, all I acheived was childish.

 

[Evil8]

Good advice! Thanks.

 

[chieftan]

The Sonicwalls are pretty simple to set up for IPSec tunnels, just be aware of the weird way they impliment the routing on them. There is some good documentation for this though on their site. Dont have the link to hand, apologies.

Upload speeds for ADSL are typically in the 250 - 350k mark and that is it, so dragging data to the site may be okay, but uploading is going to be incredibly slow over this link.

I guess, as anything, it is going to boil down to cost. The better the comms the more you will pay. It's a fine balance.

We implimented the 5500 Sonicwalls, not sure what you guys have.