Questions

Linking 2 independent networks at 1 location

Tags:
+
0 Votes
Locked

Linking 2 independent networks at 1 location

picsoahu
Hi everyone,

I have an interesting situation. I have a church that has a school and an office. Each has their own network with internet. The school has 55 computers on it's network and the office has 11. The office manager wants two computers from the school to link to the office network to share a financial management database. They want to be able to share files and printers between the office and the 2 school computers. I can think of 3 options.

1) Make the whole campus 1 network. Pros, easier to maintain and setup file and printer sharing. Cons, costs more and will slow the office internet down due to more users on the network.

2) Add just the 2 computers to the office network via WiFi. Pros, cost less and less setup than option 1. Cons, cannot share printer with the school. They would have to walk to the office to share the large copier/scanner/printer.

3) Setup a VPN to the office server to run the financial program when needed using remote desktop connection. Pros, would only need the office network when they are using the financial software. No change to the school network. Cons, need to add and configure VPN which I am not very familiar with.

I would love some feedback and any other options you think might work for this situation.

Thanks much,
Dan
  • +
    0 Votes

    hi

    cholan41

    The first two method is easy and also cost cut method comparatively the 3rd one becoz u surrender one internet line then u get more mbbs on the other line from service provider so ur cost on line is down and u able manage on one network.
    2.but u hv walk other wise add one printer direclty on tht system

    +
    0 Votes
    technogeek-1995

    Run an Ethernet Line next to the cable line. (it is a church, someone had to work at a cable company)
    Upgrade to Business Class Internet (BE SURE, IT IS PLUGGED IN AT THE OFFICE)
    Plug into the server at the School
    Plug into the server at the office
    Set up one big network, Syn. ALL services with the office, that way nothing changes for the office

    +
    0 Votes
    picsoahu

    That was my first thought but the buildings are more than 100m apart from each other. In order to do this by the state codes we would have to bury the wire underground in conduit to the other building. Much too expensive and not in the budget. Both buildings are on a T1 line. We could make everything 1 network wireless to the other building using wireless bridges but I am concerned with wireless signal strength and consistency.

    Thanks for your input,
    Dan

    +
    0 Votes
    a123

    I'd choose VPN as it has little cost to it. I have a BEFSX41 Linksys Broadband router, which has a VPN endpoint built in to it. With two of these devices, you could easily establish a VPN connection between your office and the school.

    See http://www.dslreports.com/forum/remark,5336853 for some more details on accomplishing this.

    Be sure to write back on how your transition went!

    +
    0 Votes
    technogeek-1995

    Don't call me stupid, but what is VPN?

    +
    0 Votes
    picsoahu

    VPN or Virtual Private Network is the ability to create a secure connection between two computers or networks over the internet. With a VPN router at each end the communication over the internet is encrypted so others cannot view your communications without the same encryption code. It is like communicating to a secure server over the internet.

    +
    0 Votes
    picsoahu

    I am not too familiar with VPN. Question: if someone does a VPN connection to the server does it give each remote login the ability to run the applications individually or is it like LogMeIn or Gotomypc where it takes control over the server?

    Thanks for your input,
    Dan

    +
    0 Votes
    Churdoo

    VPN connects the two networks so you can pass IP traffic from one to the other. period. You are not necessarily remote controlling a computer or server at the host site (like Logmein or gotomypc or terminal services). There are reasons why you may still want to do remote control or term server sessions through the VPN tunnel, but that's a discussion separate from VPN.

    There are 2 ways you can set up the VPN, either site-to-site, or client/server.

    With a site-to-site VPN, the VPN tunnel is established directly between the routers at each site, and therefore any network device at either site can communicate with any network device at the other, unless restricted by ACL. The tunnel is always up and IP routes through the VPN tunnel from site to site, as if you had two separate IP networks routing to each other through a single router. Internet access from either site is via the site's own internet connection.

    With a VPN client/server setup, the router at the main site, i.e. the office acts as a VPN server, then you launch a VPN client on the individual computers at the school from which you want to access office resources. In this scenario, the VPN tunnel is established between an individual workstation at the school with the office site, and so only the workstation that establishes the VPN client connection has access to the other site, and the tunnel is only up when the user launches the VPN client.

    There are pluses and minuses to each scenario. I don't think that either method is more or less difficult to set up; the site-site is generally more reliable, but at the same time, being in a school environment you're potentially exposing the office network to any of the student workstations, again, unless you'll be enforcing ACL's. The client/server VPN may be somewhat less reliable (or not), and you have to train the user to establish the connection before accessing the office site resources, but you can turn it on and off when needed, and you can install the VPN client on only the workstations that need to access the office resources.

    Now once you've established your VPN tunnel, however you choose to do it, you can pass IP traffic. period. What you do with that IP is up to you. In other words, as I mentioned earlier, whether you remote control a resource at the office site versus using the remote site workstation as a client of the resources across the tunnel, has nothing else to do with VPN.

    For this decision, you have to factor in
    a) what is the bandwidth between the sites (you mentioned a T1 at each)
    b) what is the application or resource being accessed across the tunnel?
    c) does it lend itself to being run across a WAN, and will performance be adequate across the skinny tunnel? Remember, a T1 is only 1.544kbps compared to local network speeds of 100mbps or 1gbps, so even a full T1 is skinny compared to local network speeds; do the math.
    d) what is the tolerance of the application or resource of unexpected disconnects?
    and more.

    The answers to these questions will help you determine if you want to run as a full client across the tunnel or remote control a resource at the office site, such that network connectivity of the app or resource is local and you're merely sending console info, i.e. keyboard/video/mouse information across the tunnel. Generally, remote control requires much less bandwidth and therefore performance is very good, especially with T1 bandwidth, but of course the drawback is having to dedicate and install terminal services.

    I rambled for a bit; hope this is helpful. Post back specific questions if you want more.

    +
    0 Votes
    picsoahu

    I think I understand the VPN tunnel better now. If I understand you correctly, with a site-site tunnel the connection is always there between 2 separate networks. So, if I wanted to map a network printer and I am on a network with 192.168.1.xxx and the printer is on 192.168.2.xxx I would just map it like I would if it were on my network using it's 2. IP address? We could also share files between computers on both networks. Let's say that we want only 2 computers from the school network to have access to the server files and folders, how do we set that up on the remote computers on the site-site method? For security though it would probably be better to do a server/client connection?

    A clarification, the internet for each network is T1. The network is a WAN. The school has a server which I believe is just an internet server. We are adding a server to the office to run their financial software from a central location which has a network but no server. Ultimately we just need 2 of the computers from the school network to be able to share files and data with the new office server. They would like to be able to print reports that they are creating with the data file on the office server in the school office.

    That's pretty much what we need to do.

    Thanks for the input,
    Dan

  • +
    0 Votes

    hi

    cholan41

    The first two method is easy and also cost cut method comparatively the 3rd one becoz u surrender one internet line then u get more mbbs on the other line from service provider so ur cost on line is down and u able manage on one network.
    2.but u hv walk other wise add one printer direclty on tht system

    +
    0 Votes
    technogeek-1995

    Run an Ethernet Line next to the cable line. (it is a church, someone had to work at a cable company)
    Upgrade to Business Class Internet (BE SURE, IT IS PLUGGED IN AT THE OFFICE)
    Plug into the server at the School
    Plug into the server at the office
    Set up one big network, Syn. ALL services with the office, that way nothing changes for the office

    +
    0 Votes
    picsoahu

    That was my first thought but the buildings are more than 100m apart from each other. In order to do this by the state codes we would have to bury the wire underground in conduit to the other building. Much too expensive and not in the budget. Both buildings are on a T1 line. We could make everything 1 network wireless to the other building using wireless bridges but I am concerned with wireless signal strength and consistency.

    Thanks for your input,
    Dan

    +
    0 Votes
    a123

    I'd choose VPN as it has little cost to it. I have a BEFSX41 Linksys Broadband router, which has a VPN endpoint built in to it. With two of these devices, you could easily establish a VPN connection between your office and the school.

    See http://www.dslreports.com/forum/remark,5336853 for some more details on accomplishing this.

    Be sure to write back on how your transition went!

    +
    0 Votes
    technogeek-1995

    Don't call me stupid, but what is VPN?

    +
    0 Votes
    picsoahu

    VPN or Virtual Private Network is the ability to create a secure connection between two computers or networks over the internet. With a VPN router at each end the communication over the internet is encrypted so others cannot view your communications without the same encryption code. It is like communicating to a secure server over the internet.

    +
    0 Votes
    picsoahu

    I am not too familiar with VPN. Question: if someone does a VPN connection to the server does it give each remote login the ability to run the applications individually or is it like LogMeIn or Gotomypc where it takes control over the server?

    Thanks for your input,
    Dan

    +
    0 Votes
    Churdoo

    VPN connects the two networks so you can pass IP traffic from one to the other. period. You are not necessarily remote controlling a computer or server at the host site (like Logmein or gotomypc or terminal services). There are reasons why you may still want to do remote control or term server sessions through the VPN tunnel, but that's a discussion separate from VPN.

    There are 2 ways you can set up the VPN, either site-to-site, or client/server.

    With a site-to-site VPN, the VPN tunnel is established directly between the routers at each site, and therefore any network device at either site can communicate with any network device at the other, unless restricted by ACL. The tunnel is always up and IP routes through the VPN tunnel from site to site, as if you had two separate IP networks routing to each other through a single router. Internet access from either site is via the site's own internet connection.

    With a VPN client/server setup, the router at the main site, i.e. the office acts as a VPN server, then you launch a VPN client on the individual computers at the school from which you want to access office resources. In this scenario, the VPN tunnel is established between an individual workstation at the school with the office site, and so only the workstation that establishes the VPN client connection has access to the other site, and the tunnel is only up when the user launches the VPN client.

    There are pluses and minuses to each scenario. I don't think that either method is more or less difficult to set up; the site-site is generally more reliable, but at the same time, being in a school environment you're potentially exposing the office network to any of the student workstations, again, unless you'll be enforcing ACL's. The client/server VPN may be somewhat less reliable (or not), and you have to train the user to establish the connection before accessing the office site resources, but you can turn it on and off when needed, and you can install the VPN client on only the workstations that need to access the office resources.

    Now once you've established your VPN tunnel, however you choose to do it, you can pass IP traffic. period. What you do with that IP is up to you. In other words, as I mentioned earlier, whether you remote control a resource at the office site versus using the remote site workstation as a client of the resources across the tunnel, has nothing else to do with VPN.

    For this decision, you have to factor in
    a) what is the bandwidth between the sites (you mentioned a T1 at each)
    b) what is the application or resource being accessed across the tunnel?
    c) does it lend itself to being run across a WAN, and will performance be adequate across the skinny tunnel? Remember, a T1 is only 1.544kbps compared to local network speeds of 100mbps or 1gbps, so even a full T1 is skinny compared to local network speeds; do the math.
    d) what is the tolerance of the application or resource of unexpected disconnects?
    and more.

    The answers to these questions will help you determine if you want to run as a full client across the tunnel or remote control a resource at the office site, such that network connectivity of the app or resource is local and you're merely sending console info, i.e. keyboard/video/mouse information across the tunnel. Generally, remote control requires much less bandwidth and therefore performance is very good, especially with T1 bandwidth, but of course the drawback is having to dedicate and install terminal services.

    I rambled for a bit; hope this is helpful. Post back specific questions if you want more.

    +
    0 Votes
    picsoahu

    I think I understand the VPN tunnel better now. If I understand you correctly, with a site-site tunnel the connection is always there between 2 separate networks. So, if I wanted to map a network printer and I am on a network with 192.168.1.xxx and the printer is on 192.168.2.xxx I would just map it like I would if it were on my network using it's 2. IP address? We could also share files between computers on both networks. Let's say that we want only 2 computers from the school network to have access to the server files and folders, how do we set that up on the remote computers on the site-site method? For security though it would probably be better to do a server/client connection?

    A clarification, the internet for each network is T1. The network is a WAN. The school has a server which I believe is just an internet server. We are adding a server to the office to run their financial software from a central location which has a network but no server. Ultimately we just need 2 of the computers from the school network to be able to share files and data with the new office server. They would like to be able to print reports that they are creating with the data file on the office server in the school office.

    That's pretty much what we need to do.

    Thanks for the input,
    Dan