Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Connecting PC`s remotely to Dublin office and work as if I was there.

  • 03-05-2006 3:28pm
    #1
    Registered Users, Registered Users 2 Posts: 288 ✭✭


    Hi people,

    Any help on this would be much appriciated.

    I have an office in Dublin and its running a SBS 2003 Server. All is great with this network. I am opening a new office in Portlaios and I`d like to connect to the Dublin office and use the documents and one or two apps which database`s are stored on that server.

    I`m going to have three computers and possibly expand to six in the Portlaois office. There is broadband in both offices. The Dublin office has a Zxyel 662 router\firewall capable of VPN.

    What solution would you recommend for me? Would it be possible to connect the three systems over a VPN and connect to the 2003 on terminal services or would I need a dedicated terminal server for such a task?

    Would I be better going with citrix or another solution?

    Again guys and girls thanks in advance.


Comments

  • Closed Accounts Posts: 884 ✭✭✭NutJob


    I’d like to connect to the Dublin office and use the documents and one or two apps which database’s are stored on that server.

    A two meg broadband line will not be able to handle the traffic of everyday office use as the connection will be limited to 512kb/s due to the upload limits on these lines as one side of the connection will be always uploading.

    This will become a pain if there are x number people copying Documents off network drives and using a database at the same time.

    One of your offices will require a fixed IP address but there are ways round this but i would recommend one fixed IP.

    The Dublin office has a Zxyel 662 router\firewall capable of VPN.
    Id be looking for something a little more robust than this even Open VPN on an old pc running Linux is a better option and would reduce costs.

    Open VPN is also available on windows but licensing for extra pcs and hardware requirements go up.

    This will require a server at both offices.


    Would I be better going with citrix or another solution?

    IF you have an existing Citrix server setup this will require the bandwidth if large files are being used on network shares. This reduces the slower access times on copying large documents across a DSL line.

    Iv never been a fan of it but it works well for small office usage and duties.

    i would recommend seeking further advice on cost issues with these products.


    All these solutions depend on your dsl line and a backup may be no harm.
    You do need to find out what your average bandwidth usage would be and match your internet connection to handle it + a reasonable margin.


  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    I'm not familiar with the capabilities of the router you mentioned. However, you'll want a router with an IPSec VPN. This will give you a secure site-to-site VPN, which essentially joins the two networks allowing all PCs at each site to see all PCs at the other site.

    Unless the applications are pulling large amounts of data from the databases across the VPN you should be able to work fine. You will, of course, notice a drop in performance but it may be ok. We work regularly like this across VPNs to client sites supporting an application with a 2GB+ database with no problem (unless we need to generate reports).

    If you're going be pulling back data for reporting this is where you'll notice the biggest drop in performance. If this is going to be an issue then Terminal Services might be the way to go. Alternatively, you could use VNC (or maybe the single Terminal Services account that I think you get with SBS2003) to run the report on the remote network and then copy the generated report back to the local network for printing.

    One of the things to check is your Internet connectivity. Most connections are asynchronous - for example 2Mb down, 256K up. You'll probably want 2Mb down and up. Get an account with more bandwidth if possible.

    You may need to down the Terminal Service (or Citrix) route. But I wouldn't rush into it. See how you get on first.

    Regards,

    Liam


  • Registered Users, Registered Users 2 Posts: 288 ✭✭Cableguy


    Hi Nutjob, have got a static IP address in our Dublin office. Not sure about the Portlaios office but am checking that one. That’s a good point about the upload speed I didn`t think about that sort of restriction. Setting up a VPN on Linux sound complicated but I`d certainly test it out as I have a couple of old P3 systems lying about. Is there a certain version of linux you`d recommend for this sort of thing? Not sure what you mean by an open VPN and if I had another SBS Server 2003 in Portlaois I could setup a VPN that way without the routers and firewall?

    Hi Liamo, the router in question is capable of IPSec VPN. The database in the Dublin office is rather large and is even a bit slow on the internal network so running it over the net and a VPN would possibly corrupt it. When you suggest VNC would that be over the VPN?

    I’m thinking strongly about terminal services over the VPN because this would allow me achieve my goal without buying a new server but my only concern is will the server handle the processing and not substantially affect the current server’s workload. (If needed though a new server will be purchased).

    Again cheers lads.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    remote desktop works well too


  • Registered Users, Registered Users 2 Posts: 1,391 ✭✭✭fatherdougalmag


    www.logmein.com and www.foldershare.com are worth trying out. Don't know if it's what you require but both are free so you can at least try them out.


  • Advertisement
  • Closed Accounts Posts: 884 ✭✭✭NutJob


    Cableguy wrote:
    Hi Nutjob, have got a static IP address in our Dublin office.
    Again cheers lads.

    You only need the one to fix an end to the vpn tunnel portlaois wont need a fixed ip.

    The Linux solution isn’t too complicated 2 old lan cards per pc a copy of debian. This can be argued back and fourth but it is great for servers.
    Not sure what you mean by an open VPN
    Open VPN is an open source VPN tool/product which comes under the same licensing agreement as Linux.
    http://openvpn.net/
    The database in the Dublin office is rather large and is even a bit slow on the internal network so running it over the net and a VPN would possibly corrupt it.
    Am no its designed to take this kind of usage but would suggest the server is under heavy load.
    I’m thinking strongly about terminal services over the VPN because this would allow me achieve my goal without buying a new server but my only concern is will the server handle the processing and not substantially affect the current server’s workload.
    You can bet this will up the load on the server. Terminal services use the server to perform all the client work and if your servers already under load would look very carefully and performance logs before trying this.


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    An eircom DSL business plus is 512K up, 5 MB down. For 6 external users this is probably fine, depending on the application. For an always-on VPN it is preferable to have a static IP on both ends, just to restrict connection attempts.

    The specs on the Zyxel 662 (P-662HW-61?) suggest that you'd be better off using it, rather than requiring another openVPN box as suggested. What is the router on the Portlaoise side? Preferably the same?

    I guess that you're using SQL server as the database, as it's supplied with SBS.
    What is the client that your local users use to connect? MS Access, Crystal, intranet based or custom built? Might be able to give more info on the likelyhood of corruption when a fail occurs. Speaking from midlands with VPN to UK through business DSL, I find that a disconnect occurs maybe 3 or 4 times a year. If you ask your provider then you'll get a days notice emailed to you usually.


    I disagree with suggestions of VNC, remote desktop, they're designed to support one client at a time. I would go with terminal service licences if you're certain that the client apps cannot run remotely. Just keep in mind that you may need to buy multiple software licences for access or crystal on the server in this case.

    Will there be a file/print/authentication windows server on the Portlaoise side? Or just a workgroup and simple consumer devices for file & print sharing.


  • Closed Accounts Posts: 18 xephyr


    Cableguy wrote:

    I have an office in Dublin and its running a SBS 2003 Server. All is great with this network. I am opening a new office in Portlaios and I`d like to connect to the Dublin office and use the documents and one or two apps which database`s are stored on that server.

    Hi There,

    ***I work for this company so am probably biased***

    AccessMyLan (www.accessmylan.com) does just this and might be right for you. Theres a free fully functional trial at the above site and you can PM me if you'd like more details.

    Its a hosted, subscription based, ipsec VPN that might mean you don't need the Terminal Server and won't need a fixed IP at either end or changes to your network perimeter.

    The free solutions mentioned are all very good methods of getting the job done; it just depends on your internal resources. If the office in Port grows you would be better off with a Linux based site-to-site VPN but, as we can be up and running in 10-15 minutes, theres no harm in giving it a go.

    Cheers,

    X


  • Closed Accounts Posts: 884 ✭✭✭NutJob


    For an always-on VPN it is preferable to have a static IP on both ends, just to restrict connection attempts.

    Definitely a good idea.
    The specs on the Zyxel 662 (P-662HW-61?) suggest that you'd be better off using it, rather than requiring another openVPN box as suggested. What is the router on the Portlaoise side? Preferably the same?

    Still unsure on this cant get a full spec on the vpn technology used bar the encryptions ok and it used md5.
    I disagree with suggestions of VNC, remote desktop, they're designed to support one client at a time. I would go with terminal service licences if you're certain that the client apps cannot run remotely. Just keep in mind that you may need to buy multiple software licences for access or crystal on the server in this case.
    Completely agree with this


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    Nope, MD5 doesn't encrypt. It's used for authentication.

    You'd be looking for support for ipSec/L2TP
    encryption methods include DES 3DES and AES

    Theres a fairly decent introduction in the user guide Chapter sections. 19.10 describes each option in the VPN IKE configuration page.
    http://us.zyxel.com/web/download/200409092732002004101914365120040811211941_20041105_3.40-P662H-HW_UG_V3-40_2004-11-5.pdf


  • Advertisement
  • Closed Accounts Posts: 884 ✭✭✭NutJob


    You'd be looking for support for ipSec/Tkip
    encryption methods include DES 3DES and AES

    Cheers for the spec and md5 is technically encryption (single way cypher) even though its just for hashing. I use it in my own software for password storage plus a little seeding.

    Wont get int the nitty gritty of crypto here. :)

    in theory it looks capable but i wouldnt trust it

    Now if we havnt managed to confuse cableguy could he let us know what solution got implemented in the end.


  • Registered Users, Registered Users 2 Posts: 288 ✭✭Cableguy


    Thanks to you all for the input here and I will certainly let you all know the solution put in place, that’s when I have decided of course.

    Ressem it is a Zyxel P-662HW-61 exactly and the database is based on access and crystal reports too.
    “I would go with terminal service licences if you're certain that the client apps cannot run remotely”

    The Portlaois office will be getting brand new P4 machines with XP pro. Why would terminal service licences be needed I thought SBS 2003 entitled you to two users logged on in admin mode and ten users logged in simitaneouly in application mode but not sure will have to investigate futher on that.
    “Will there be a file/print/authentication windows server on the Portlaoise side? Or just a workgroup and simple consumer devices for file & print sharing.”

    I plan on logging into the Dublin domain over the internet. Well that’s the plan.

    Cheers Xephyr I might just try your companies software.

    So still very confussed :D after all your good advise but I am try testing some suggested solutions from home first to see how things go.

    Cheers all.


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    I'm out of date,

    Terminal services in application mode:
    SBS 2003 only supports terminal services in administration mode. Unlike 2000.
    Having multiple nontechie remote users with admin privilege on your main server, just isn't on really.

    So for terminal services or citrix presentation you need a seperate server if you want to run in application mode..

    http://support.microsoft.com/default.aspx?scid=kb;en-us;828056
    "
    Terminal Server is available on the Standard, Enterprise, and Datacenter editions of Windows Server 2003. In Windows Small Business Server 2003, only the Remote Desktop for Administration mode is available. "



    Licencing:
    TS client licences, not included per say with SBS. However if clients has XP pro license they only need a SBS CAL.
    If Access is installed then each client that uses it requires an Access or Office licence. Because MS are b*(&£""* an OEM license is apparently not sufficient. http://blogs.msdn.com/mssmallbiz/archive/2005/07/21/441327.aspx




    Where does that leave you?

    1. Set up the VPN. Using Router to Router VPN is my preference. I suppose the MS ISA Server isn't in your version of SBS, plus its VPN is more complex. Even xephyr's setup might be preferable to ISA.

    2.Rule of thumb is that Access DSN/ODBC based databases tend to have performance problems when they go above 10-15 clients. Even less if they do a lot of writing/locking.

    Maybe moving the tables and queries to a free SQL Server express 2005 database or better is a possibility for you.

    Well give remote access a try over the VPN using a client based in portlaoise without TS and with TS in admin mode.

    If insufficient then you've to choose between a new windows server running terminal services in application mode, or a database change which "should be straightforward" (tm).
    edit: or a hack like downgrading SBS 2003 to SBS 2000, think that you can just send off to MS for the disks.


  • Registered Users, Registered Users 2 Posts: 651 ✭✭✭sirlinux


    SBS 2003 wont run as a terminal server, a high end pc or a decent server running 2003 is a great terminal server, dsl would easily cover you for 6 users on RDP. But your going to need QOS on the dublin router to stop the line getting maxed out by other traffic so you have bandwidth for RDP.
    Consider also putting a 2003R2 server in the portlaiose office, setup a DFS between the two sites for file sharing, 2003R2 has some special features for this and it work very well on low bandwidth links
    SBS wil leasily provide you with a site to site vpn.
    Outlook 2003 in cached mode will hide a slow link from your users, they only see the mail when it's downloaded, and if your licensed for sbs your licensed for outlook 2003 clients.
    Put a copy of your database on the server in portlaoise and let SQL take care of keeping it in sync with head office (it also gives you an off site backup)


  • Registered Users, Registered Users 2 Posts: 3,464 ✭✭✭jamesd


    I work for an IT firm near enough to Portlaoise - that Zxyel will allow IPsec Vpn as we have it between 2 sites using a good broadband line - with 5 users on the smaller site accessing exchange and Cad files and working away ok - just have sure you get a healthy size of a line.


  • Closed Accounts Posts: 22,479 ✭✭✭✭philologos


    www.logmein.com and www.foldershare.com are worth trying out. Don't know if it's what you require but both are free so you can at least try them out.
    Real VNC is free and good


  • Closed Accounts Posts: 1,491 ✭✭✭Foxwood


    Jakkass wrote:
    Real VNC is free and good
    Having used both VNC (various versions) and Windows RTP (Terminal Server and Remote Desktop on WinXP and Server 2003) extensively, VNC isn't even close.

    VNC is realy handy for accessing remote NT4 servers (they're still around!) but if RTP is an option it's far better.


  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    www.hamachi.cc

    I connect to my office PC and can work with files/web based apps without any fuss.


  • Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    Few comments. You don't need a router that implements a VPN, all you need is one that provides VPN passthrough to a VPN server.

    Stick with windows if you have a windows network already. User seperate domains on each end, it can be awkward if a PDC link goes down and there is no BDC located locally.

    Setup the network with windows server VPN, PPTP ain't great security wise but it does the job. Terminal server will probably reduce the overall traffic throughput, rather than actually copying files back and forth and editing them locally.

    And on a pedantic note - MD5 is not 'single way encryption'. It is classed as a Cryptographically Secure Hashing Algorithm. If it cannot be decrypted, it is not encryption. This is why there are(were) no issues with hashing algos being classified as munitions.

    Gav


  • Closed Accounts Posts: 884 ✭✭✭NutJob


    Verb wrote:
    And on a pedantic note - MD5 is not 'single way encryption'. It is classed as a Cryptographically Secure Hashing Algorithm. If it cannot be decrypted, it is not encryption. This is why there are(were) no issues with hashing algos being classified as munitions.

    Gav

    Mutation true but its still crypto but its semantics at the end of the day ill go row with crypto guy in work he has a masters in this :-) lol If im wrong which is more than likely ill post back in a fresh thread in security :-)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    NutJob wrote:
    he has a masters in this :-)

    yeah he's not the only one. heh, I suspect I either studied with him or tutored him.

    Gav


Advertisement