Re: Network Restructuring (Network Design and Equipment)

In article <1147786933.795427.286840@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
hunkgym <hunkgym@xxxxxxxxx> wrote:

Company expand so fast that the IT infrastructure is not fast enough to
cater high volume of traffic; the initial design is
not scalable. The number of new branch offices setup caused the company
pay a high price in the leased line communication.

From the diagram you link to, it appears that you have dedicated 56K
ISDN links from your 7 branch offices (6@20 users and 1@30 users) to
your HQ in Stockholm (160 users). I'd expect performance on the order
of DSL (>= 10x existing capacity). Some kind of point-to-point VPN box
for each branch office (and HQ) should be added, eventually replacing
the existing dedicated (ISDN?) links. I would start with your nearest
branch office (Blekinge?) and get that working first. These VPN boxes
(or additional VPN boxes) should also accept inbound VPN sessions from
your mobile staff.

Salesman and management staffs dial into company networks via 56K modem
to access the database server and update the sale
order. All the branch offices access the internet via HQ and download
email via the external POP3 email server.
Plan to revamp their IT infrastructure and reduce the leased line
access cost. Here are some of the feedbacks consolidated
from the various country managers and local salesman.

1) The email downloading and sending is very slow. They receive a lot
of spam email this caused their individual mailbox quota use up very fast.

You need to have a better spam filter in front of your email server(s).
There are software solutions and black-box solutions, depending on your
budget and expertise, but you do need something.

2) The sales and marketing departments need to access the internet to
search for latest news and market trends. But the internet speed is
very slow. These people are irritated by spywares and popup often.

Consider allowing branch office routers to direct general internet
traffic directly through their DSL/local internet connections. This
helps scalability and availability, but consider the policies you have
for internet traffic. Some kind of firewall capability is expected
for the number of users you will have. Look for this when you shop
for your VPN solution.

3) The File transfer and Database access is very slow even in the local
area networks.

The recommendations shown above should help your situation. Another
possibility is to make your file/database/email servers dual-homed so
your local corpnet is separate from the server network that your VPNs
and ISP connections are attached to.

Please visit the website http://www.hgym.photosite.com
for the diagrams which are network diagram and equipment diagram.

Now I plan to improve the IT infrastructure to cater for future
expansion up to 10 countries. SAP will be implement to
automate the overall company operation. Also expect 3rd party to access
their server to submit and view sale order.

Allowing inbound VPN connections at your HQ can satisfy the 3rd-party
access requirement, but you may want to limit the servers that these
people have access to.

I also plan to redesign the network so that it is high available,
scalable and secure.

Distributed file servers and replicated databases would come later.
Consider Service-Level Agreements from your ISP venders.

Any suggestion and opinion? What is your comment after looking at my
network and its insfrastructure (from the diagrams on
http://www.hgym.photosite.com) Any improving needed?

My email is hunkgym@xxxxxxxxx Of course you can reply here, preferable
.

Relevant Pages

  • Re: Trouble Joining PCs to Domain from Branch Office through VPN
    ... I'm guessing that ISA must be blocking the other traffic through the server or perhaps traffic in the other direction is being nat'd. ... You should then be able to get from the branch office to the main office internal lan directly and the traffic between the 192.168.25/24 192.168.11/24 subnets is encrypted by the vigors. ... and get Domain DNS resolution with forwarders getting internet name ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • Re: Sometimes it works sometimes it doesnt (VPN data issues)
    ... NIC1 "Internet" is set to ... (the IP of the external firewall) and the DNS is set to ... A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx ...
    (microsoft.public.windows.server.networking)
  • RE: VPN Error code 800 HELP!
    ... Can you visit Internet and OWA on SBS server? ... Just one PC get error code 800 connecting VPN connecting to SBS? ...
    (microsoft.public.windows.server.sbs)
  • RE: OT: How to configure with VPN endpoints outside ISA2K4?
    ... I understand that you want to setup a branch office ... the easiest method is to setup site to site VPN for your ... Connecting a Remote Office to a Small Business Server 2000 Network ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
Loading