VPN Between 2 Points (+ issues)

[eggy]

I need to set up a reliable VPN link between two locations, one in Scotland and one in SE England.

England location has a high-spec SBS 2003 Server with 10 local users and currently a 2mb/256k ADSL connection.

Scotland location is simply one or two people on laptops on a similar ADSL connection. These people need access to the files in the England office. They need to synchronise their work down to here and vice versa. They don't need the entire server synchronised; only projects they're working on.

Currently for out-of-office connectivity, people use a windows VPN connection, connect to the server and carry on working as if they were in the office. However, there are two problems with this:

• We only have 256k upload, so file transfers are slow. Downloading over VPN slows down the net connection for the local England users.
• For some reason, VPN works better for some than others. Perfect for me, but some people have to wait _literally_ 4-5 minutes to navigate between folders?! Once they are downloading a file the transfer speed is fine, but getting to the directories takes ages - any ideas on this?

So, I'm looking at SDSL options in the UK office and came across this: www.sobroadband.com as I live in the region in which it operates.

Has anyone in the area tried this product out? Is it reliable? I'm looking at the 1.5/1.5 synchronous connection - would this significantly help the VPN situation?

Any input is greatly recieved - cheers!

 

[Gahn]

Man, force em to work under Terminal Services, problem solved.

 

[eggy]

I'd be a bit worried about using Terminal Services - unsure how it works when the user is roaming, on the train, offline etc. Plus surely it's slower and more cumbersome?

 

[Gahn]

Well it doesn't work if he's offline, he always need a connection to your Lan.
As for Slower than a syncronize bare in mind that a terminal server / citrix connection consumes 12 kbs of bandwidth and can deliver any kind of software from your server to desktop.
Ofc it won't be as fast as using your local pc but i guess that, overall, it will be an improvement.
Also u could use that only for uploading files.
Probably your problem lies in bandwidth avail, since it ain't optimized (ie any resource available, 1st asking = 1st served) it slows down when u got multiple uploads/downloads.

 

[eggy]

Yeh, he'll be working offline a lot in Scotland, so VPN will have to be the way to go I'm afraid.

Thoughts on the VPN points above?

 

[Gahn]

No idea about that am afraid m8, am not from England.
Took a look and basically they are offering a Wi-Max service at 3 MBps for £ 79.99 / month which seems fair.
All i can say
Be aware to try and size correctly external nodes ratio with your main office connection to avoid same problem altho, since if u give em full access to all bandwidth u are bound to reproduce same problem u have now (ofc with less impact since u got > speed)

 

[ceixava]

from what i gather from your text, the remote server just hosts files? or does it have other resourcers too that need to be kept behind a vpn?

for project/file serving id use subversion with ssh enabled, secure version control

 

[eggy]

It's a file server, but also manages the email/contacts and a few other bits - the user will be connecting via VPN to download email as if he's connected physically to the exchange server.

 

[GReaper]

If you can get it, maybe an ADSL2 provider will give you the upload speed you need without having to pay for costly SDSL. Be apparently do 1.3mbit uploads on their service. samknows.com should give you a nice list of providers available on your exchange.

Make sure you've got some traffic shaping setup so those connecting by VPN don't saturate the connection, also make sure those VPN connections are using some sort of compression to help ease the bandwidth usage (I'm not sure what Windows has by default).

 

[Killswitch]

File management between remote sites is always a pain in the ass. How big (on average) are the files you need to keep synchronised?

Subversion and SSH would be a good system if your users are IT-savvy. It will stop changes being lost because you can check out files exclusively while you make changes and you can also check out files, make changes offline and then reconnect and merge your changes back onto the server.

If you're running SBS2k3 I'd strongly recommend you check out Sharepoint services. It lets you create team websites using standard building blocks including discussion forums, shared webspace and also includes a built-in document management system. This deals with checkin/checkout of files, permissions for users and group and all integrates with Microsoft Office (for tasks, calendar meetings, submission of files by e-mail etc.)

I'm trialling Sharepoint at the moment for a split-site CAD team who need to share and work on BIG documents using bog-standard ADSL. We use a permanent VPN between the sites, but it would just as well with a client-server VPN setup.

 

[Killswitch]

If you can get it, maybe an ADSL2 provider will give you the upload speed you need without having to pay for costly SDSL. Be apparently do 1.3mbit uploads on their service. samknows.com should give you a nice list of providers available on your exchange.

Make sure you've got some traffic shaping setup so those connecting by VPN don't saturate the connection, also make sure those VPN connections are using some sort of compression to help ease the bandwidth usage (I'm not sure what Windows has by default).

Good point about the VPN. If you're using standard windows-based VPNs with PPTP, you won't be getting any compression (and it's pretty resource-heavy on the server too). I'd recommend using OpenVPN, ideally with a linux box at the office and windows clients, but you can get a Windows OpenVPN server too I think). OpenVPN gives you much better control over things like routing and encryption and also encrypts the link using LZO by default which is a real bandwidth saver.

 

[Killswitch]

I'd be a bit worried about using Terminal Services - unsure how it works when the user is roaming, on the train, offline etc. Plus surely it's slower and more cumbersome?

Sorry to ramble on, but it's worth pointing out that Terminal Services does a very good job of compressing traffic and of course it's much quicker if you're working with larger files, since the only traffic between the server and the client are the screen updates as opposed to the actual file itself.

The file is loaded, manipulated and saved on the server itself using either local disk or local network. The server polls the virtual screen for changes and then only sends the updates rather than the whole "frame" each time. This makes Terminal Services a good option for remote working over slow links as opposed to downloading a large file, working on it locally and transferring it back.

I know I'm starting to sound like a MS salesperson, but I tend to work mainly with Linux systems.

 

[ceixava]

maybe the options here in finland are better but tbh i dont see any reason to use "domestic" internet connections/isp's for work related stuff, especially in cases like this

dont you have any "proper" isp's there that sell decent bandwidth, be it virtual server hosting or real server hosting

 

[Darzil]

Regarding the differences between the two people moving between folders. Are they the same folders ?

Windows seems to open and scan certain files (esp exe files to get the pretty icons out of it) when it works out what is in a directory. This can be very slow with large files working remotely.

Darzil

 

[eggy]

Regarding the differences between the two people moving between folders. Are they the same folders ?

Windows seems to open and scan certain files (esp exe files to get the pretty icons out of it) when it works out what is in a directory. This can be very slow with large files working remotely.

Darzil

Are you talking about the slow navigating I mentioned? It's the same anywhere on the server file structure - I'm not talking about the downloading of files, merely the navigating of directories.

Killswitch - I know about terminal services, but the office isn't "stationary" in that a lot of mobile work will be carried out all over the world.

In the UK you can get SDSL lines, but you're talking around £3,000 a year which this small company isn't willing to pay I'm afraid. I'm having the wireless SDSL thing installed in a week after a site survey is carried out, otherwise SDSL will be our only option.

 

[Anny]

tbh the fastest way to speed up the directory changing is to map the root folder as a network drive

ok its not a whole solution, but more of a quick fix, but the differance in speed when moving between directories is fantastic, i used the same method while working at a previous company we had 23 sites throughout the UK that i used this method on, and the connection was a regular 28k modem

map network drive

you wont regret it

ps it takes seconds to do just try it and see

 

[eggy]

tbh the fastest way to speed up the directory changing is to map the root folder as a network drive

ok its not a whole solution, but more of a quick fix, but the differance in speed when moving between directories is fantastic, i used the same method while working at a previous company we had 23 sites throughout the UK that i used this method on, and the connection was a regular 28k modem

map network drive

you wont regret it

ps it takes seconds to do just try it and see

Why would this speed it up? I'll definitely try it, thanks for the advice - but I'm puzzled as to why this would make any difference whatsoever!

 

[Anny]

tbh im not 100% sure why it does speed it up but it deffinatly works wonders

 

[Hollomere]

One thing that may slow the connection down (for some users when browsing files) is that they have an incorrect/dead network drive mapped on their own PC. As Windows checks the availablility of all drives when you 'browse...' or drop down the list, it can sometimes take ages to get to the files that they want.

I had this on one of our clients who VPN-works - he had a drive mapped to his old PC that was on his home network and it disconnected him when he connected to work. Removed the drive and it now browses like magic