GNNR |AVault|
[H]ard|Gawd
- Joined
- Jul 18, 2002
- Messages
- 1,607
Heyas. I am currently the IT/IS Manager for one of the two offices of my company as some of you know. One office is in NYC (mine), the other is in London. Perhaps 30 employees total. We host our website with a third party host and MX record forward email.
In NYC we are currently running on a scaled T1 link to the outside through a SOHO firewall appliance with Server 2000 on AD inside; workstations are WinXP Pro (13) and we have three servers - all are win2k, one is a baby SQL server which also operates our day to day backups (on HD), one is a file server which also runs our FileMaker 6.0 database system, and the third is Exchange 2000 (upgraded from 5.5) and it's the PDC essentially. The exchange server provides exchangeweb services and the SQL server provides minimal FTP ability under password to our London office. Several of our users connect from home via PCAnywhere and I also have RealVNC setup on all the boxes for some other functionality and remote support from home.
London operates on on older setup of NT4 servers and Win2K workstations and they have a pair of 5mb down and 256K up DSL connections through a firewall appliance. They have an exchange server (5.5), file server, and filemaker server. They currently use exchangeweb services for home/remote users as well as PCAnywhere and RealVNC for things as I do.
We are currently engaging an outside firm to unify our two Filemaker databases (originally developed outside by a third party but now supported and developed in-house by my IT/IS counterpart in London) as well as tack on some features for our corporate website.
Email is handled in a off configuration: All email comes via MX record to the NYC exchange server and I then forward on email from it to the London exchange server which is on a different domain name currently.
Before you point out the flaws and problems and cost issues just don't... I know what they are basically but this is a small, not-for-profit company with limited budgets and resources. I have been successful in keeping my end running with an almost perfect uptime record for over 3 years now - 1 small outage of 4 hours with the network due to a HD failure on the Exchange server in NYC where the file server didn't roll to DC status properly due to a miss-configuration when the network was revamped 3 years ago, now corrected. No viruses, no intrusions (though not for a lack of trying through either the primary pipe as well as our wireless node), no major failures of any kind. Users are logged in with a scripted arrangement that sets up their home and other drives as needed (differs by user and position).
And we are essentially stuck with Exchange given our user base. I might switch some workstation software to free alternatives, but Exchange services such as calendaring and what have you are a must and we lack the time and money to train over to something else (of which there really aren't many alternatives).
Backups are currently a mess but functional. Dailies and multi-dailies are done to HD sequentially (lots of extra storage), weekly and monthly to tape, quarterly and yearly to CD.
I do want to push us into a better setup however. The goal is to cut out redundancies and weaknesses, unify our systems to what ever degree is possible, create a single AD tree and WAN, and share files and services as much as possible. Beyond the computing infrastructure we will be adding VOIP and some other services, but this post is about our network.
My counterpart in London wants to create a very loosely tied together AD tree and WAN with redundant servers (exchange in both locations, Filemaker in both with terminal syncing and what not), etc. As I understand it, he wants to use Cytrix or other terminal software to do connections for the workstations to the databases, have multiple/redundant exchange and Filemaker servers syncing across the WAN and tree. To me this feels and appears very costly as it doesn't eliminate redundant servers and their associated licenses and it introduces additional software such as Cytrix or other terminal software.
I have examined such things as collocating the core servers offsite, renting dedicated servers, offsite exchange services, etc. They don't seem cost effective and it takes support out of our hands and introduces the potential for downtime and delays in restoring service in the case of software or hardware problems.
My idea is to utilize available (or upgraded, as is the case in London given their small outbound link capacity of 512kb total) bandwidth and VPN to create a single AD tree across a WAN structure. I want all the servers in one location (NYC). London would have a beefy file server that has enough power and capacity to also run their local accounting software server setup as well as a synced copy of Filemaker and run local DC functions for log in and authentication should the link between offices go down or some other technical problem creep in that brings down the WAN.
In NYC we would have a suitable managed firewall and router appliance, upgraded links for the servers on a separate router/switch (1GB) via 2nd NICs, very beefy servers (looking to go back to rack mounted with redundant PSUs, high end RAID, tape drives for long term archiving/backups, Win2K or Server 2003). Or file server will move to a NAT device with suitable storage to also handle daily and more than daily backup duties across the separate backplane.
A VPN connection (or as many as is necessary) will connect the London office directly to our servers for DC authentication and place them in our Tree, given them access to Filemaker as well as Exchange. Both offices will retain local file servers however as there is no real need for sharing them due to differences in how each office deals with their day to day work and taskings - I might put up a common drive however to eliminate any need for FTP and to handle the occasional cross file sharing need between offices.
The Filemaker setup will allow the IT/IS guy in London to connect directly for dev duties (or he can dev on the local server I guess, either way is fine... this is one of the murky areas for me really) and sync back to the other office so that there is roll over capability.
The use of VPN also would allow me to eliminate remote access software (PCAnywhere) for home users and put them on a directly WAN connect for minimal lag and access issues (home users are all on Cable internet or DSL, but even still they complain of the lag in typing documents in email via PCAnywhere... this puts everything local to their PC but connects them directly to our network as just another client within the AD structure, speeding everything up for them- they can still use exchangeweb for on the road access to email however).
Am I off my rocker in proposing we do what I want to do here?
Having had an outside support consultant in recently for a very off the wall exchange problem I couldn't figure out I bounced this off of him and he seemed to think it the best route to take given what our current situation is and where we want to go. Our goal is to cut down costs and support time, unify our systems as much as possible to facilitate sharing of information in a timely fashion, increase communication and the timeliness of this communication, reduce licensing costs, etc.
The only major hole I see is no 'roll over' capability for exchange email services, but as a small company we really can't afford nor should be running two servers with all the licences we should have to do it legally... it's damned expensive and in 3 years I have kept our exchange server going and well maintained with less than 5 hours of total down time, no crashes or major issues, full security with no compromises. I only do the filemaker server in 'sync' as a concession to my counterpart in London (the server hardware needed is barely above that of a PC given our limited user base and we already have the licences and software). Having a file server for each office seems redundant but we don't share much of anything in terms of files and documents and if there is some kind of outage in either office for technical reasons the other office will at least have a local network and their files to fall back on.
Here is a link to a primitive network chart I whiped up with paint in a couple of minutes. Not sure if it helps to clarify anything or not so 'for what it's worth'.
In NYC we are currently running on a scaled T1 link to the outside through a SOHO firewall appliance with Server 2000 on AD inside; workstations are WinXP Pro (13) and we have three servers - all are win2k, one is a baby SQL server which also operates our day to day backups (on HD), one is a file server which also runs our FileMaker 6.0 database system, and the third is Exchange 2000 (upgraded from 5.5) and it's the PDC essentially. The exchange server provides exchangeweb services and the SQL server provides minimal FTP ability under password to our London office. Several of our users connect from home via PCAnywhere and I also have RealVNC setup on all the boxes for some other functionality and remote support from home.
London operates on on older setup of NT4 servers and Win2K workstations and they have a pair of 5mb down and 256K up DSL connections through a firewall appliance. They have an exchange server (5.5), file server, and filemaker server. They currently use exchangeweb services for home/remote users as well as PCAnywhere and RealVNC for things as I do.
We are currently engaging an outside firm to unify our two Filemaker databases (originally developed outside by a third party but now supported and developed in-house by my IT/IS counterpart in London) as well as tack on some features for our corporate website.
Email is handled in a off configuration: All email comes via MX record to the NYC exchange server and I then forward on email from it to the London exchange server which is on a different domain name currently.
Before you point out the flaws and problems and cost issues just don't... I know what they are basically but this is a small, not-for-profit company with limited budgets and resources. I have been successful in keeping my end running with an almost perfect uptime record for over 3 years now - 1 small outage of 4 hours with the network due to a HD failure on the Exchange server in NYC where the file server didn't roll to DC status properly due to a miss-configuration when the network was revamped 3 years ago, now corrected. No viruses, no intrusions (though not for a lack of trying through either the primary pipe as well as our wireless node), no major failures of any kind. Users are logged in with a scripted arrangement that sets up their home and other drives as needed (differs by user and position).
And we are essentially stuck with Exchange given our user base. I might switch some workstation software to free alternatives, but Exchange services such as calendaring and what have you are a must and we lack the time and money to train over to something else (of which there really aren't many alternatives).
Backups are currently a mess but functional. Dailies and multi-dailies are done to HD sequentially (lots of extra storage), weekly and monthly to tape, quarterly and yearly to CD.
I do want to push us into a better setup however. The goal is to cut out redundancies and weaknesses, unify our systems to what ever degree is possible, create a single AD tree and WAN, and share files and services as much as possible. Beyond the computing infrastructure we will be adding VOIP and some other services, but this post is about our network.
My counterpart in London wants to create a very loosely tied together AD tree and WAN with redundant servers (exchange in both locations, Filemaker in both with terminal syncing and what not), etc. As I understand it, he wants to use Cytrix or other terminal software to do connections for the workstations to the databases, have multiple/redundant exchange and Filemaker servers syncing across the WAN and tree. To me this feels and appears very costly as it doesn't eliminate redundant servers and their associated licenses and it introduces additional software such as Cytrix or other terminal software.
I have examined such things as collocating the core servers offsite, renting dedicated servers, offsite exchange services, etc. They don't seem cost effective and it takes support out of our hands and introduces the potential for downtime and delays in restoring service in the case of software or hardware problems.
My idea is to utilize available (or upgraded, as is the case in London given their small outbound link capacity of 512kb total) bandwidth and VPN to create a single AD tree across a WAN structure. I want all the servers in one location (NYC). London would have a beefy file server that has enough power and capacity to also run their local accounting software server setup as well as a synced copy of Filemaker and run local DC functions for log in and authentication should the link between offices go down or some other technical problem creep in that brings down the WAN.
In NYC we would have a suitable managed firewall and router appliance, upgraded links for the servers on a separate router/switch (1GB) via 2nd NICs, very beefy servers (looking to go back to rack mounted with redundant PSUs, high end RAID, tape drives for long term archiving/backups, Win2K or Server 2003). Or file server will move to a NAT device with suitable storage to also handle daily and more than daily backup duties across the separate backplane.
A VPN connection (or as many as is necessary) will connect the London office directly to our servers for DC authentication and place them in our Tree, given them access to Filemaker as well as Exchange. Both offices will retain local file servers however as there is no real need for sharing them due to differences in how each office deals with their day to day work and taskings - I might put up a common drive however to eliminate any need for FTP and to handle the occasional cross file sharing need between offices.
The Filemaker setup will allow the IT/IS guy in London to connect directly for dev duties (or he can dev on the local server I guess, either way is fine... this is one of the murky areas for me really) and sync back to the other office so that there is roll over capability.
The use of VPN also would allow me to eliminate remote access software (PCAnywhere) for home users and put them on a directly WAN connect for minimal lag and access issues (home users are all on Cable internet or DSL, but even still they complain of the lag in typing documents in email via PCAnywhere... this puts everything local to their PC but connects them directly to our network as just another client within the AD structure, speeding everything up for them- they can still use exchangeweb for on the road access to email however).
Am I off my rocker in proposing we do what I want to do here?
Having had an outside support consultant in recently for a very off the wall exchange problem I couldn't figure out I bounced this off of him and he seemed to think it the best route to take given what our current situation is and where we want to go. Our goal is to cut down costs and support time, unify our systems as much as possible to facilitate sharing of information in a timely fashion, increase communication and the timeliness of this communication, reduce licensing costs, etc.
The only major hole I see is no 'roll over' capability for exchange email services, but as a small company we really can't afford nor should be running two servers with all the licences we should have to do it legally... it's damned expensive and in 3 years I have kept our exchange server going and well maintained with less than 5 hours of total down time, no crashes or major issues, full security with no compromises. I only do the filemaker server in 'sync' as a concession to my counterpart in London (the server hardware needed is barely above that of a PC given our limited user base and we already have the licences and software). Having a file server for each office seems redundant but we don't share much of anything in terms of files and documents and if there is some kind of outage in either office for technical reasons the other office will at least have a local network and their files to fall back on.
Here is a link to a primitive network chart I whiped up with paint in a couple of minutes. Not sure if it helps to clarify anything or not so 'for what it's worth'.