VPN Setup in Windows 2000 Server 2

[romh]

I bought myself a Windows 2000 Server Manual and read the chapter on VPN's. At the office I have a linksys router, 16 port hub and Windows 2000 Adv Server-- hosting ftp, a website and serving an Access database to 10 other clients, which I designed. I setup everything in the Server myself and now I would like to setup VPN so that I could update the database when not at the office. I bought another NIC and installed it on the server. After that, an exclamation came up in the Device Manager next to the first NIC that was serving the Domain. It says that the network card is not working properly. I tried disconnecting it, reinstalling it and nothing happens. So I connected the network to the new NIC and everything is fine again, but the exclamation next to the old NIC is still there.
Could I have ruined the card? My final question is, I have heard people say that connecting a VPN can be done with one Network Card in the server and if so how? And is it just as good or is it better to have 2 cards? ThankYou

 

[Marcs41]

About the NIC:
All that happened is that the new NIC got a lower interrupt then the first, and the PC swapped them as first device.
Delete the old one from the device manager, reboot an reinstall.

VPN does not require network cards per se. You can run VPN on any open connection, re-read the manual, just use the existing adapter (to the internet if you need access from outside). If the solution is out there, let us know it was helpful, so others can benefit from it as well..

 

[romh]

You're right. After installing the second NIC, and tuning it on again, Windows switched the new one with the old one and started running the network with the new NIC. I was surprised and ever since, the old one has had the exclamation point beside it. I have already tried deleting it and reinstalling it. That didn;t help. Any other suggestions?
I will post a solution to the 1 NIC if I find it.
ThankYou

 

[John Lewis]

marcs41 has a good start to your nic problem -- I think. The cards have not swapped, one of them is not configured properly. I am guessing that you are using pci cards. If you are, the most common problem would be an IRQ conflict. Because the first card failed when you installed the second, it is somewhat safe to say that those two cards are fighting for an IRQ. Could be that one is fighting with something else, but not likely.

To find out what the problem is, right click on the device with the problem in device manager and select properties. Should give some idea what is wrong.

Assuming it is a resource conflict, easiest thing to do would be to move the offending card to a different pci slot. Avoid the slot closest to the power connectors, even if you have to move another card around to do so. If that doesn't work, you should be able to change the allocation of resources to the pci bus in your bios setup. Too many variables there to give much detail. If you need help, provide info for your motherboard -- manufacturer, model, bios flavor and version. Also report what you see in the properties box for the nic.

Now to the rest. As marcs41 said, it is possible to set up a VPN server with only one NIC. I wouldn't, but you are welcome to if you must. I would probably pull the web and ftp servers over to the new card as well. If you are running a lot of web/ftp traffic, I would consider a third card.

To qualify that a bit, there are different reasons to separate the different kinds of traffic. First and foremost, you should never have public internet traffic hitting the same interface as your private network. It is somewhat of a security risk and it can hurt the throughput of your server on the local net. Since you are passing FTP/web traffic through your router to this server, it qualifies.

Your initial VPN connection qualifies for the same reason. Once the link is established, the security risk diminishes for the most part, but if your other public traffic is heavy, the VPN can hurt performance there. One or two VPN clients and light to medium FTP/web traffic should be fine on the same NIC.

Last item this post. You mention Access db . . . be aware that unless you have a really big pipe on both the VPN server and the VPN client side, Access will be really really really slow and unreliable. Maintaining code should not be too bad, it will take a while to load and save, and I would save a backup just in case the connection drops in the middle. Running a query or updating records is the real problem.

Keep in mind when deciding if you have enough bandwidth to do this, you are limited by the narrowest segment. If, for instance you are connecting by cable from your home, you probably have a 2.5M connection plus or minus. But, the rated speed is usually your downstream bandwidth, your upstream is only a fraction of that, probably 768K. Therfore, when you initially open the db, you will be limited by the upstream on the VPN server side, unless you have a more direct net connection, and when you save/close the db you will be limited by the upstream on the client side. If you really must consitently and reliably edit Access, consider some sort of terminal service.

Hope this helps, and hope I haven't rambled too much. Good luck!

 

[romh]

Thansk alot marks41 and mhkwood for the info. Extremely helpful.
marks41: I'll try moving the PCI card around to different slots and see if that works later today. I'll let you know.
I have a couple of more questions for you. I have DSL here at the office building running at 368kbps upstream and downstream according to dslreports.com. I don;t know how accurate their test is, but that was the result. So the numbers are much lower than what you were talking about.
You see, the ultimate goal is to connect all the other 3 new offices that are about to open soon. The database that I wrote, will be the program that they will share. Is using a VPN the best way to connect all the offices to 1 database? Or do you set up one database in each office and then replicate them? Actually in an inventory database, replication wouldn;t be a good idea since current inventory quantities need to be current. Will I need a much faster connection between offices (T3?).
Furthermore, the server is not the fastest computer. It is only a 700MHZ with 256MB Ram. Will this be enough for it to host web server that uses ASP, ftp server, several VPN's connecting offices together, and serving a database that will have thousands of records? Thanks alot for the help.

Rom

 

[John Lewis]

The speed test is probably fairly accurate. DSL speed will vary depending upon your proximity to the DSLAM and how much money you are willing to part with.

I don't think you're going to be able to pull this off with an Access database. Any time you run a query, open a form bound to a recordset, or edit a record in a table with a primary key, a copy of the entire table is pulled across the network to the local machine. This can take some time, and if the connection is not 100% reliable, you can get data errors and/or a corrupted mdb. Splitting the mdb into a front end and a back end can help some, but not a lot.

A much better solution would be to migrate your data to some kind of sql server db. A client/server model would push only the data needed across the network, eliminating a vast portion of the bandwidth requirements. The good news with that solution is that you would still be able to use a good portion of your Access database as a front end. Microsoft even has an 'upsizing wizard' to help you transition to their SQL server, although I don't think I would go that direction. More on that shortly. You should look around forum181 (Microsoft: Access Other topics). Similar questions come up there fairly often.

Even if you do move to the client server model, 368K will not give you good performance and handle your web services. I would think on the order of 1.5Mb, (T1), although that may be a little slim depending upon how many users you will have connected. You would not need as much bandwidth at the remote sites, so you may be able to get away with DSL there. I would want more than the 368K you are seeing, but due to the factors involved, you might be able to get considerably more bandwidth at a different location. Unfortunatly, no matter what your provider tells you, there isn't any good way to tell what kind of performance you will see until the lines are installed. If you do go that way, make sure that you get SDSL, which is what it sounds like you currently have (upstream and downstream bandwidth are the same). You might also want to look into cable if it is available, keeping in mind you need to look at the upstream as opposed to the downstream.

The machine you have should be fine for web, ftp and vpn, although I would double the RAM. You will need a faster machine for a database server. I would not put it on the same box as the other services. What you really need will depend upon the size of the db and the number of concurrent users.

If this was my project, I would be leaning toward running linux with a linux sql server. Access doesn't mind what brand sql it is pulling data from, and linux has a lot less overhead than the M$ solutions. Also cost a lot less money. Only downside is the learning curve, but there is a lot of good (and free) documentation available. I would also consider moving the old box to linux and running the other services from there. You already have the Microsoft license there, so wouldn't be the huge money saver, but the overhead adavatage is still there.

Lot of info at once again, post back if you have any questions.

 

[romh]

When you say Linux SQL server. Do you mean any SQL server. Like MySQL for example? I think I'm going to use mysql on Windows 2000 instead. I know it might be a little slower than Linux but I want to stay with Microsoft. Also, the web site connects to the database via ASP, so I would like to keep Microsoft Windows. I have programmed in a Unix operating system before (MINIX), and I do like it. I have never actually installed or used LINUX but it shoudn;t be too hard considering what I learned and used, with UNIX in school. My last semester in Computer Engineering, I took a database class and I wrote a small application using MySQL with a Java front end. It was a lot of work though! Specially the Java GUI programming. And it was a basic database that stored and pulled user information. . So that;s why I chose Access, since its very easy to make Forms and Reports. But you;re right, I will use an sql server as a back end. Do you think the increase in performance will be noticable? I'm thinking that maybe right now, the performance will be similar, but once all 10 clients, plus the other stores, plus the VPNS's, then I'll notice a huge performance. Am I correct? Also in a true client / server environment, as you mentioned, the risk of corrupting the database is much lower.
What other options do I have besides Java, in order to make forms and reports? I wouldn;t like to change Access since the database is really big right now, with extensive VBA code. I was reading in the other forum, that Access works great as a front end to other database engines like Oracle or mySQL. Actually, after work I'm going to stop by the library and pick up a MySQL handbook and open the college notes up again.
One more note. I did as you told me. I moved the PCI card to the farthest slot and it worked. Thanks agaian mhkwood. Now I have to buy one more card, so that I can leave one PCI open for the LAN, one for website and FTP and the other for VPN. Also, would it be better to simply buy hardware VPN routers from linksys for example?
Hope to hear from you again.

 

[John Lewis]

It sounds like you have the right idea.

In the end, you need to use whatever sql server you are comfortable with. If you want to start a real fight, ask which sql server is best in the Access forum (I haven't seen a general sql forum here).

ASP does rule out Apache, but otherwise it is a very robust server and the price point is a lot better than the Microsoft alternative.

Also, your assumption that your unix background would make the linux learning curve easier to deal with is correct. I grew up with SCO boxes and found that linux was very easy to pick up. As I mentioned before, there is a lot of very cheap support available.

I don't think that moving to client/server will give you a big performance boost right away, but you won't see the drop off that would happen otherwise. The biggest factor that would cause a future problem is the remote traffic. I really don't see that working with Access as a back end.

I really would consider keeping Access as the front end. Once you take the tables and the queries out of the picture, compact and compile the database it should shrink considerably. Even though it is still going to be a larger file than a Java front end would produce, you will not be pulling the front end across the network, so it is not that important. The overhead is a good investment, considering all of the tools that Access provides for data manipulation and the coding you have already done.

As to the issue of hardware vs software routers: Another one of those areas where there are really good reasons for using either. Personally, I like the linux solution. Cheap, stable, and forever flexible. New technology is supported relatively quickly, and you can pick and choose what you want. Hardware solutions require less administration at the cost of flexibility. Your at the mercy of the hardware vendor for firmware updates for new technology. If you need something bigger, you often must trash what you have and start over. If you really must go the hardware route, I would not consider Linksys . . or Netgear, DLink . . . those are fine for a home network, but mission critical business use calls for Cisco. Solid hardware and great support.

Good luck with your project. The forum is always here if you need it!