Kurt L said:
I am aware of citrix remote terminal solution, and thought the post was
referring to a VPN solution as a side to the remote terminal stuff. I use
Windows 2000 VPN all the time. It works great to connect clients to a remote
network one at a time. But it is not very fast. In fact it is extremely
slow. Opening or saving a large spreadsheet from a file server on the remote
network can take several minutes.
That's puzzling.. all you're getting is an RDP stream (originally developed
by Citrix in teh first place) - all the action is happening on the remote
server.
Could be that either the server is low on resources, or is configured to
optimise for server usage, rather than for interactive users. Certainly,
Citrix requires a huge chunk of resources, in my experience.
I've experimented with setting up global
windows vpn connections both ways (with a vpn client and server on each
network), and allowing any client on either network to access resources on
any network, by sharing the VPN connection (with ICS), and adding the
appropriate routes on the clients using "route add" in the logon script.
This works, but again the speed is unacceptable (even at T3 link
speeds).
Hmm. Not gone too heaviliy into that, myself. Chances are that it's the
latency in the link, rather than the bandwidth:
<10 ms router.codecutters.org
16 ms ubr.ntl.com [10.152.167.254]
15 ms rdng-t2cam1-b-v105.inet.ntl.com [62.253.122.149]
31 ms winn-t2core-b-ge-wan61.inet.ntl.com [62.253.121.129]
31 ms win-bb-b-so-320-0.inet.ntl.com [62.253.184.117]
16 ms P4-0.BRSBB1.Pop.opentransit.net [193.251.254.145]
32 ms So5-0-0.LONCR1.London.opentransit.net [193.251.243.242]
16 ms So3-0-0.LONCR2.London.opentransit.net [193.251.128.206]
94 ms P1-0.NYKCR3.New-york.opentransit.net [193.251.243.89]
110 ms P12-0.OAKCR1.Oakhill.opentransit.net [193.251.242.254]
109 ms So4-0-0.ASHBB1.Ashburn.opentransit.net [193.251.248.109]
141 ms POS4-0.GW3.IAD8.ALTER.NET [157.130.22.141]
109 ms 0.so-1-1-0.CL1.IAD8.ALTER.NET [152.63.41.22]
109 ms 0.so-3-0-0.TL1.DCA8.ALTER.NET [152.63.144.49]
172 ms 0.so-0-0-0.TL1.SEA1.ALTER.NET [152.63.2.145]
203 ms 0.so-5-0-0.XL1.SEA4.ALTER.NET [152.63.104.126]
172 ms POS4-0.XR1.SEA4.ALTER.NET [152.63.107.233]
171 ms 193.ATM7-0.GW4.SEA4.ALTER.NET [152.63.105.145]
203 ms olypen-gw.customer.alter.net [157.130.182.90]
187 ms r3.olypen.com [208.238.204.3]
188 ms olypen.com [208.200.248.4]
Heading transatlantic from the UK to New York takes about a quarter of a
second, on these figures. From NYC to where your company server is based
takes *eight* times as long. Bearing in mind the time taken to do something,
i.e. get the packet to the server and then get back, you can see that things
are going to be slow. And we're talking about an update each time you so
much as move the mouse..
(I know that there's a general relation between the link speed and the
latency, but it's not as linear as one might expect!)
Still faster that using a 300baud modem in anger, though (then again, an
RFC-1149 network isn't /that/ much slower. Enter "list" instinctively and
you might as well go get a cup of coffee.. ;o)
Hardware based VPNs are true routers, with the routes managed there instead
of at each client, and they are generally much faster, besides eliminating
the inevitable netbios issues. But anything approaching wire-speed that I've
seen is extremely expensive. If anyone knows of a low cost, high speed 3DES
VPN, I'd love to hear about it. Even 30 or 40 Mbps.
Bit too specialised for me - at something like GBP 1000+ per month for a
lowly T1, that's a wee bit out of my personal price range ;o)
[Price from a quick rummage through Google - I don't work in that market]
H1K
Hairy One Kenobi said:
[Rampant cross-posting snipped]
You may want to check out Citrix systems, a fast and reliable VPN system.
I've used it for connecting two sites accross two European countries and
it
seems fine enough for most application and data sharing.
Look it up at
www.citrix.com
First time that I've seen Citrix described as a VPN!?!
Anyway, if you're using Win2000, it's built-in. And still doesn't do what
the customers probably want.. whatever that is!
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
I've seen replies to your other posts, but you seem to think that
a
WAN
connection is somehow "VPNish". A WAN is just a connection off the local
network. It can be internet based, or public or private carrier based.
What your options are depends on how far apart your sites are located,
and
what types of service are avaliable. If you want to use the internet,
VPN
is
pretty much it. I don't know of a better WAN solution to provide data
security over a wide-open public transport. If your sites are
within
the
reaches of a local transport provider (cable, fiberoptic company, etc.),
you
might be able to set up a VLAN for 100Mb inter-site transport. In this
case,
you are relying on the service provider to supply the VLAN
security
that
is
protecting your DATA. Most private companies will provide you with a
security policy, but will not (because they can't), positively guarantee
security. Still, 100Mb is smokin'. The third option is a direct T1
or
T3
line with a termination at each site. T1 gives 1.5 Mbps
throughput,
and
a
T3
is 48Mbps. These are spendy, generally $150 to $500 for a T1 (at each
site)
within the city, and more for inter-city. A T3 usually runs about 10
times
what a T1 costs, plus you need to buy a bunch of stuff to convert from
telecom protocols to ethernet. I work for a company that provides
private,
fiberoptic transport and we are generally waaaaay less than telecom
solutions for waaaaaay more bandwidth. But clients have to be
where
we their
own companies up
WAN.
