How Would You Make a Distributed Office System?

Necrotica writes "I work for a financial company which went through a server consolidation project approximately six years ago, thanks to a wonderful suggestion by our outsourcing partner. Although originally hailed as an excellent cost cutting measure, management has finally realized that martyring the network performance of 1000+ employees in 100 remote field offices wasn't such a great idea afterall. We're now looking at various solutions to help optimize WAN performance. Dedicated servers for each field office is out of the question, due to the price gouging of our outsourcing partner. Wide area file services (WAFS) look like a good solution, but they don't address other problems, such as authenticating over a WAN, print queues, etc. 'Branch office in a box' appliances look ideal, but they don't implement WAFS. So what have your companies done to move the data and network services closer to the users, while keeping costs down to a minimum?"

erm..

Or, in other words, how do i put servers in branch offices without putting servers in branch offices?

If you solve that one let me know...it's been bothering me a while too...

Re:erm..

[mrnovell]

We use Novell's OES Server 2 which includes iFolder, iPrint and WANFS which allows us to connect Branch offices. I have span storage groups, printing and file service acroos our WAN links with no problem.

Re:erm..

You can put servers in branch offices without paying for server software by using SME server (http://www.contribs.org). It is pretty hard to beat for ease of installation and maintenance but it isn't quite designed to be aware of other servers.

Re:erm..

Novell Branch Office is/was pretty damn close.

Re:erm..

What we have done is simply cluster several computers for an office 'cloud', so to speak. Services offered by this are everything from printing to file storage to PIM to anything else we dream up.
      Needless to say, Windoze stays on the desktop (for those who 'need' it).

Re:erm..

[pushf+popf]

You can't have "servers" and "no servers" at the same time, regardless of what the vendor says.

If the "consolidation" is a done deal, I'd suggest moving to well-behaved web apps hosted at your data center, and making sure that you have Service Level Agreements with the network provider(s) that contain actual, enforceable standards and painful penalties for not meeting them for all the branch office network connections.

It's all money. Some things cost, others save. Consolidating servers saves money, the required SLAs for the now-mandatory reliable, high-performance networking costs money.

Just remember that no matter what you pick, in a few years everybody will tell you that it's crap and you need something else. Since it's inception, the computer industry has gone though several cycles of centralized/decentralized computing and storage, and shifted various percentages of processing, storage and UI back and forth between where the resources are and where the user is.

As long as there's a buck to be made, it will never stop.

If you look at actual business requirements, there is still very little that couldn't be done with a dumb terminal, or with it's friendlier child, the web browser, except make money for the vendors.

I do consulting for a number of mid-size companies that are still using ancient (1980's) technology for core business processes and there's really no compelling business case for them to change. A number of really large businesses still run on an ancient core of COBOL.

If the vendor says "You'll save money", tell them you'll jump right in as soon as they post a performance bond for the full amount. I'll bet you never hear from them again.

Re:erm..

[Arkangel1028]

Someone on this thread mentioned that you get what you pay for, so with that reasoning your answer is easier than you thought. Each office needs a certain degree of technology, where the performance of the site should warrant it's capabilities. This means leave the IT budget responsibilities to each site, where they are responsible to the extent of their own capabilities. All sites are not the same they all perform to the capacity that they are managed by, as the old saying goes "why feed the hungry when you can teach them to feed themselves". This way they are taught the what's and whys of the ingredients, instead of being all confused in the boardroom when it comes down to giving up the funding towards their IT budget every year. I hope that helps...

Global file system

[Colin+Smith]

Such as OpenAFS.

Something like coda might be nicer but progress on global filesystems seems to have pretty much stalled.

Re:Global file system

[tgatliff]

Better idea... IPCop... You could put a bunch of low cost servers and do a VPN Gateway to each remote office with IPCop. It is very doable and the most cost effective way there is...

Re:Global file system

[bakes]

I'm using IPCop for this - connecting 2 remote offices back to the central office. IPCop works well, is reliable, and simple to set up. Will have another 2-3 nodes added to the network this year.

It doesn't solve the OP's REAL problem though - whilst this infrastructure (or OpenSWAN, or OpenVPN, or similar) all provide an interconnection between the offices, but what next? Do you get everyone in the remote offices to use terminal servers in the head office? Or do you put servers in each office and have them work locally? If they work locally, how do you synchronise stuff between offices that needs to be synchronised? If they connect to central term servers, what happens if the link is down?

My company currently has a hybrid approach - some services are centralised, others are distributed. Haven't quite solved the file replication problem yet, mainly because we haven't put enough time into defining exactly what needs to be replicated and what doesn't. Our solution is still evolving. I'm hoping to find some hints elsewhere in this discussion.

Re:Global file system

[snuf23]

Just a question but on Windows couldn't you use DFS for file replication? Or does that not work in a WAN situation...

Re:Global file system

[bakes]

Yes, apparently so, and it should work in a WAN situation as long as the network is configured properly. As I mentioned the main reason we haven't deployed it yet is we haven't decided what should needs to be replicated and what doesn't. It's more of an administrative hurdle than a technical one. Once we get a few more important things knocked off our list we'll get on to that...

Two words come to mind..

[dementedWabbit]

Financial. Liability.

No Good Solution

[maz2331]

There is no good and cheap solution to this one.

You can try the application accelerators that are out there now from Cisco. They basically use smoke and mirrors to keep traffic off the WAN and act as local proxies for different services.

Otherwise, your choices are limited. Citrix servers would be good for some apps, but get god-awful expensive fast. And an organization too cheap to build out a decent system to begin with isn't likely to make the investment in writing efficient apps.

If you're running on slow lines, bump them to at least fractional T3.

It sounds like the system was designed to serve 5 gallons of water through a swizzle stick. Ain't gonna work unless something is radically changed.

Or better....

Fire the outsourcing partner and the management that buys their bull, and build out a proper distributed archetecture.

Re:No Good Solution

[wish+bot]

He should tell us who their outsourced partner is. This sounds very similar to a strategy I'm hearing about for our company right now.

Re:No Good Solution

[chappel]

I was really impressed with the improvements we got by implementing some 'smoke and mirrors' from Riverbed (http://www.riverbed.com/). Granted, we've got some reasonably adequate bandwidth to start with, but it dropped the WAN traffic to our large (500 user) remote site by a good 80%. They seemed mighty expensive for a plain dell server with CentOS, but there's no arguing with results. /reminds self to look into riverbed stock

Re:No Good Solution

[Tuoqui]

I'd mod parent up if I had the points...

Yes fire the damn outsourcing partner. They obviously did not have your needs in mind when they suggested it. Most likely they thought they could save themselves money by having 1 location they have to go to when shit goes wrong.

Re:No Good Solution

[eazeaz]

We use riverbed appliances at all our remote offices. They take about an hour to install and are damn near like magic. I just pulled some statistics from one of our remote offices. Over the last 30 days, we had a reduction in data flow of 95% 6.3GB of data went over the T1 instead of 129.3GB We can run applications over a T1 and users do not know that they are not local. They allowed us to go from DS-3 to T1 lines without any user complaints.

Re:No Good Solution

[ThePromenader]

The question is so broad, it's hard to answer. The definition of "good" and "cheap" differ for most everyone in this concern.

I've recently had to set up such a system, and I opted for... VPN. Secure (because I opted for the ssh certificates version) for sure, but can be slow as molasses for the (uploading) remote connection, depending on their bandwidth. Yet both central office and main outposts have (the European equivalent of) T1 connections, with a secondary backup connection option if needed. DynDns is a great option for nailing down those company IP's through all locales and differing ISP behaviours.

Whether each interconnected LAN has its own server has really nothing to do with interconnectivity. Here all "remote" connections take/depose their data from our central office server (Windows 2003 - aaaargh), but in the local LAN the server is not really a server at all, rather a backup utility. I might add that I'll be reworking the above soon into a system directly connected to our (new) provider through fibre, but this changes nothing in the workings of the point-to-point connections. Build your system architecture only according to your (technological) needs.

Print queues should only be run by a machine directly linked to the printer that will print them -- and you don't necessarily need a server to fulfil that task. Unless, of course, you're a printer.

Re:No Good Solution

[222]

For what it does, the Cisco solution (Wide Area Application Services) is actually pretty affordable. It's more than just smoke and mirrors imho. Using DRE (Data Redundancy Elimination, a sort of digital shorthand), working outside the TCP spec for larger packet sizes (requires an appliance at each site) and as you mentioned, caching of local files, I've managed around a 2x increase in bandwidth efficiency since rolling it out across 5 locations. When I look at what it would actually cost to double my network connections at each location, it would literally take less than a year to pay for the WAAS rollout.

We also utilize Citrix (We publish a full desktop) and cost wise, you should really take a careful look at what the overall expense regarding Windows PCs vs cheap WYSE Winterms. Not to mention that I'm within arms reach of our computing environment at all times, and a couple of fairly well rounded IT guys can manage all of this (supporting hundreds of users) with a fraction of their day.

Honestly, once you get a decent Citrix farm setup (this is one of those times when its a *really* good idea to bring some decent consultants on board) it's really not much trouble at all.

If you have any questions about this, feel free to email me. I'd be more than happy to spend a few minutes looking at your environment to see if our setup would be useful to you. Hope that helps,

Jason

Re:No Good Solution

[davidsyes]

One good stragety is to add oil to the pipes. You know, to increase teh horsespowers, you have to add more viciouscosity to pump the datas through the tubes.

Your Senator...

Re:No Good Solution

[raddan]

What are they? Caching proxies?

Re:No Good Solution

[mchawi]

I agree with a lot of the posts that said without knowing your exact infrastructure (data, bandwidth, office size, budget, etc) it would be difficult to give accurate answers that aren't overkill.

For all of our branch offices we use Packeteer iShared/iShaper devices with a larger box at the hub. This allows for WAFS, AD/DNS/DHCP/DFS, compression and traffic management all from one box. It isn't going to be cheap and it is a server at the branch office, but we find we save enough in bandwidth and backup tapes that it pays for itself.

Your mileage may vary depending on all the factors...

Re:No Good Solution

[srvivn21]

Sort of. Add in a bit of gzip for TCP/UDP, and top with some TCP handshake optimization.

For the info straight from the marketing department see http://www.riverbed.com/technology/data_streamlining/, http://www.riverbed.com/technology/trans_streamlining/ and http://www.riverbed.com/technology/app_streamlining/.

Re:No Good Solution

[bepo]

Or, more likely they have A solution. It doesn't matter what the problem is, they are going to shoehorn their one solution in to fit it.

Re:No Good Solution

[barius]

Our office also uses a low-end Riverbed appliance and it does work some amazing magic for many different services (HTTP/S, POP, SMTP, CIFS). The clincher is that it is transparent to your network, so if you're using CIFS file shares the locking still works correctly. However, there were some caveats for us: - We use Novell (NWFS) in our main office, but Riverbed only accelerates CIFS file shares. We had to implement CIFS shares specifically for our satellite office. - The magic of the Riverbed appliance is in reducing *bandwidth* consumption. If you have a high *latency* (>65ms pings) then you're shit out of luck because the excessive delay in transferring even a small amount of data is going to make it feel very slow. That said, most Riverbed re-sellers will provide a trial. We trialled ours for a week before buying it. In that time I must have performed about 50 different tests, and for anything but NWFS file transfers I was extremely impressed.

Re:No Good Solution

[Kiaser+Zohsay]

This one has CSC written all over it. Dontcha just love consultants?

Re:No Good Solution

Fire the outsourcing partner and the management that buys their bull, and build out a proper distributed archetecture.

Damned right. I doubt you'll be able to get rid of the management unless it's a publicly-held company with savvy shareholders. But, as for the "outsourcing partner" (whatever the hell that means) -- ditch the bitch.

Re:No Good Solution

[jmoen]

We use Riverbed on our offshore units (and remote offices) through satellite with an average 700ms delay (256kbit). Before and after the riverbed installation is like night and day.
The greatest benefit we got was the "removal" of the sat.com. delay since cifs and a lot of other protocols really stinks on sat.com. due to many small packages. The riverbed box fixes that and does a kind of onsite reply, instead of the server onshore, and the users feel this as a quicker response. At the average we get a 10x+ compression/optimizing factor on all our sites so bandwidth usage is also reduced dramatically.

Re:No Good Solution

[eazeaz]

It is my understanding that most of the performance increases are from caching. However, they do not cache at the file level like a proxy. They cache at a lower level.

For example, if two excel spreadsheets are 90% similar it would reference the "cached" copy, and just send the 10% differences. It would re-assemble on the other side and pass on to the user.

They work so well that riverbed (we used netdirect systems) will ship eval units for you to try for free. We plugged our eval units in and wrote a check the next day.

Re:No Good Solution

[amorphic101]

I've been using Citrix' (formerly Orbital Data's) WANScaler appliances for this for over 12 months now and found them nothing short of excellent. Before taking the plunge I trialled the WANScaler and Riverbed's "Steelhead" units and I found that while the Steelhead did the caching side very well, initial transfers were barely accelerated, if at all. This was true of http, nfs, ftp and samba traffic.

The WANScalers on the other hand do an outstanding job of accelerating file transfers via TCP. We have a 50Mbit/sec private line between NY and London and with the WANScalers switched to pass-thru we're lucky to sustain 10Mbit/sec on a given individual transfer due to the chattiness of TCP and the protocols on top of it. Enable the WANScalers however and that single transfer maxes out that full 50Mbit instantly.

Of course the WANScalers also do the caching side perfectly well, (our units have 1TB of disk-based cache) so once somebody's pulled a file down for the first time it's as good as on a local server. But remember that someone always has to bring the file down that first time, and new/changed files at the remote site are going to have to go back up to the central servers as well. That's where the WANScalers' network acceleration won hands down for me.

Re:No Good Solution

[Fyzzler]

I'm a consultant you insensitive clod.

Re:No Good Solution

[sBox]

We've just received our test boxes today for an evaluation over a NY-Miami Point-to-point t1.

Re:No Good Solution

[eazeaz]

I would go ahead and get the checkbook ready. I doubt you will be dissapointed.

Not enough information.

Financial companies, at least in my State, have very specific requirements for storing and transmitting data. Without knowing what your specific needs are, I have no answer other than "Define your problem".

The reality is other companies, such as yourself, exist and function probably better. If that indeed is the case, perhaps a friendly lunch with another IT staff member might help you.

I've consolidated offices and I've also pushed out servers to remote offices. It all depends on the need of the client. Examples

1. Client wanted 99.999% uptime and the only way I could get that was to have their servers in a data center. We moved them and uptime has been great.

2. Client wanted fast file access. We setup DFS with WIndows 2003 over a WAN link (T1) the client has never been happier.

So, to answer your question, it depends on your needs.

Re:Not enough information.

[OzRoy]

We used DFS as well. When it works, it works really well. Unfortunately it does seem to be a bit temperamental sometimes so you have to keep an eye on it because if it gets out of sync it can take ages to catch up. The other disadvantages are no file locking between sites so it is possible for one user to overwrite the changes made by a user at another site. While you can retrieve this data it can't be done by the user and it's up to the user to realise what has happened. We have also found its reporting to be kind of flaky. It stopped reporting for us once and the only way to fix was to completely rebuild it.

Re:Not enough information.

[EvilRyry]

I'll second that. I've also had to do complete rebuilds a few times. 2003R2 seems to have improved the situation a bit but overall the reliability of DFS is still rather flaky. (This is running over a very reliable fractional T3s and T1s btw). Since then we've started to move to Citrix wanscalers (previously Orbital, I believe). Haven't had a bit of trouble with them yet and they really speed things up. They're basically Dells with CentOS plus their magic software.

Hmm

[moogied]

Dedicated servers for each field office is out of the question, due to the price gouging of our outsourcing partner

Find a new partner.

Re:Hmm

[MightyMartian]

No kidding. This sounds to me like someone somewhere sold this guy's company down the river. The short answer is that there's no cheap solution. Any way you look at it; there's two choices; beefing up the lines or getting new servers. Can't speak to the costs of the former, but I'll wager that for what this guy needs, the latter is going to be cheaper.

In short, this guy better tell the management to get out their chequebooks, because the stupidity of trying to save a buck by cramming a Buick through a pinhole was a costly mistake with only one solution, inputting lots of money.

To my mind, unless the branch offices are really small, I think servers in each are in order.

I'm the network admin for a company with three offices; a main branch with about 25 workstations, a branch with 7 workstations and one with a couple. Because of the flakiness of connections, I can't rely on VPN. In the larger branch I have a Win2K AD domain controller running all the local apps, with some mirroring of the file store. Still the branch office can function even if the VPN goes down. For the smaller office, we have some Terminal Services licenses. It does mean if the VPN goes down, they're hosed. If it gets bigger, I'll put a server in. To keep costs down, I'll probably just put a Samba server in place.

Re:Hmm

[martinQblank]

Exactly.

If there is any perception of 'price-gouging' then they are not on your team and need to be fired immediately. Look into the legal costs of cancelling whatever contract you may have with them and do the comparison. If things are as you say -- it's difficult to know the big picture in only a couple of paragraphs -- then your outsourcing partner is looking after their interests and not yours.

what we use

www.simdesk.com
They are currently in ASP mode but they are working to package their solution for installation into a company datacenter.

WSUS severs

[Joe+The+Dragon]

Put WSUS severs at the offices to keep update bandwidth down.

Re:WSUS severs

[nick0909]

WSUS servers out at all locations is fairly costly as it requires a decent server and Win2K3. That could be a lot of extra hardware and licenses to buy/support. Unless your company needs to run full bandwidth 24/7, just schedule your updates for the middle of the night and it doesn't matter there is only one server pushing it out. I currently do this for my company that has 30 branches, half overseas, and all on slower connections than I would like. Windows Updates are the lowest bandwidth concern of mine now, because they happen once a month and when no one is even around to notice.

Re:WSUS severs

[NetCow]

The problem is unlikely to be bandwidth, much less so bandwidth used by updates. The problem is most likely *latency*, and all the package caching in the world won't help you there. Not to mention that WSUS has outrageous system requirements for what it does and the OP is trying to keep costs down.

The OP's problem is ill defined. There's a world of difference between what I would do to improve IMAP or Exchange mail interactivity and what I would do to improve file sharing performance.

Re:WSUS severs

Let me guess: MCSE? Updates are once a month and should be happening at night anyway. So what, exactly, does your proposed "solution" fix?

Re:WSUS severs

[nurb432]

Updates will be the least of this guys problem

Re:WSUS severs

[Joe+The+Dragon]

updates are not just once a month and this is just one thing that can help along with other stuff.

Re:WSUS severs

[Cramer]

No it doesn't. I run WSUS on a cheap Dell 4600 running Windows 2000. The problem with WSUS is the large number of things machines MUST ask Micro$oft DIRECTLY to even know about, much less download. And if your machines are not asking Microsoft about updates for the update service AND Windows Genuine Advantage(tm), then there are even more updates it'll never know about or be able to install if it does. For example, I have a few XP machines that don't even know IE7 exists because they don't have up-to-date WGA crap installed. (And yes, they are legal/genuine Dell machines. Nobody has pointed IE to windowsupdate. Btw, that bypasses WSUS.)

Amazing

[obeythefist]

Some basic truths.

IT costs money. I'm sorry that your outsourcer had some bad ideas. But your management must understand that IT services aren't free, and the health of your company depends on it's infrastructure.

Without knowing the specifics, the only low cost suggestion I can provide is converting desktop PC's into Linux servers, thus providing you with the distributed server network you need. Of course, the boxes will be underpowered and fall over all the time (yay desktop hardware), but if you really want to cut costs, there you have it. For backups, put in extra hard disk and backup to disk, it beats nothing at all.

Re:Amazing

[sco_robinso]

Agreed. I actually work for an IT outsourcing company. We don't gauge by any means, but we always come to the table with the 'top drawer solution' right off the mark. If the customer wants XYZ results, we tell what exactly what they need to get there and stay there for a 3 year period. If they don't like the costs, fine by us, we'll put in whatever they want or can afford. But if they come back to us in 6 months or a year and say the solution isn't delivering the expected results, we can always fall back on our initial recommendation. We always say, IT costs money and you have to pay the piper eventually. I actually deal with this a fair bit, and my best recommendation would be to spec out the best and most appropriate solution, costs complete aside. Think of it like 'if I was responsible for the whole setup, and cost wasn't as issue, how would it be done'. Then, present it to management as 'This is how it should be done. Period. Here's the costs.' It's not rocket science.

Don't let yourself get caught up in the financials and politics of it before you begin. Simply spec out what is needed given the demands and needs. If the management isn't comfortable with the costs, fine, but at least you can now rest on the laurels of having recommended what was needed in the first place.

More specifically, a basic server in each branch office with DFS over Win2K3 is a good starting point. DFS has decent WAN optimization technologies out of the box, so it's usually a good starting point. Either way, there will be an investment at either end, be it a server at each office or a big data center at the middle of it with a decently fat pipe to each office.

cisco waas

I use the cisco waas boxes with some success.

They're not perfect but I clocked CIFS going about 30% faster.

Sun Ray

[nanimo]

Just run good thin clients in the remote office. Such as the Sun Ray.

Re:Sun Ray

[amirulbahr]

I second that. You don't need a really fat link to your branch offices either. Just factor about 1.5 Mbps as a base plus add an extra 512 kbps per Sun Ray and that should do.

Re:Sun Ray

[twiddlingbits]

I worked in an office with a lot of SunRays, bandwidth can be a problem with large numbers of the devices (100 or so). You need a T3 to support a good sized office or else you need a local server, both of which the orginal poster didn't want to spend $$$ on. Plus you can only run SunRay's off Solaris servers 1ast time I looked.

Re:Sun Ray

[amirulbahr]

The impression I got was relatively small branch offices. With a 100 devices or more you'd certainly want either local servers or a big fat (expensive) link to your data centre. Can't see how that would be avoidable.

As for Sun Ray, Linux is supported for running the server software, and proxying RDP seamlessly is straightforward AND supported.

Re:Sun Ray

[twiddlingbits]

Seems Sun has made some big changes since I worked there and we had early generation SunRays. The other issue we used to have is SunRays were expensive.

Pixie dust

[c0d3h4x0r]

Think happy thoughts, and sprinkle some pixie dust over your IT infrastructure, and all your problems will be solved.

But whatever, you do, don't fire your incompetent outsourcing partner or actually invest in beefing up your IT resources. Both of those paths are DOOMED, DOOOOOOMED, I say!

What traffic, exactly?

[magarity]

Dedicated servers for each field office is out of the question ... such as authenticating over a WAN, print queues, etc
 
Print queues over WAN is taking the consolidation thing a little to the extreme, isn't it? Login authentications and print jobs really want to be local. Sorry about your predicament but you're going to get a lot of comments telling you to switch outsourcers or bite the bullet on their prices. What is the other traffic (as if that isn't bad enough): one assumes email, but are there big apps hosted on remote servers with lots of data traffic to db servers and the like? Simple document file sharing shouldn't be that much of a problem, or is it? You're going to get a lot of guesses without knowing the exact needs of your remote traffic. Good luck!

Re:What traffic, exactly?

[MightyMartian]

You're going to get a lot of guesses without knowing the exact needs of your remote traffic. Good luck!

We've all got the excuse that we don't know what exactly this guy or his company needs. The question I'd be posing is why the partner didn't, because, regardless of what the next step is, I'd be giving them a swift, unceremonious kick out the door.

Having your Cake

[deadeye766]

and eating it too? Is it just me, or is this one of those situations where upper management makes a design decision from something they glanced over in some IT mag, then decided to implement without consulting anyone with any IT background?

I don't see how you can create an insanely diffuse network, then turn around and expect it to perform like a network that has a centralized "HQ" with file services etc and a fat WAN connection.

Of course, you could just ask the execs to spring for ~100 WAN accelerators... =)

Too little too late

[armada]

I suggest you pay more attention to the data itself. Do an comprehensive and brutaly unbiased audit of what data/resources are needed by whom. You would be amazed at how much of your infrastructure is either superfulous or capricious. Once you do this then you at least have a smaller mountain to climb.

Re:Too little too late

Another critical element is the client configuration and connectivity requirements for your workstation level applications. Thin client, WAN bandwidth, SQL replication many, many other factors that could come into consideration between your media and host layers.

Have you looked at

[Astralmind]

Riverbed Steelhead appliances or similar products?

Another two words

[EmbeddedJanitor]

Don't askslashdot.

The only responsible answer to this question is to get someone in that has a track record of fixing problems like this. Don't expect to get a reasonable answer from a sketchy problem definition in a place like slashdot.

Re:Another two words

[networkconsultant]

Well, This is what I do for a living for the federal canadian governemnt and private sectors here in canada, I'd love to help out your company however how much money is this costing them and how good was business last year?

First off we'd have to define your companies standards vis a vis the policies and determine if we could get managerial sign off on all the required changes.

Then we propose design changes based upon our findings and implement a test and pilot project of said changes, based upon intial client feed back and support issues that arise we revise and further clarify the design and specifacation documents.

Then based upon the pilot project we implemented the entire kit and caboodle in a phased approrach throguhout your entire company.

I estimate the required time for this project dependant upon your company size and team involved would take about two years (you mentioned you have 100 Point's of Presence), however your mialage may vary. I could throw together a team of crack network people that would be able to do this however they are NOT CHEAP, each of us charges well over $100 / hr and we are all independant consultants that do this kind of thing every billable day of the year. If you are interested I'll forward you my C.V. and you may present it to your CTO. I deal with C-level project managers and 3rd / 5th level NOC / Operations groups, no one below that level usually talks to me unless I am interviewing them for standards and general peeves they experece during thier 1st tier tech reporting job.

Now the other way to skin the cat is to spend 100 million and get OC-48 to every office instead of your crappy T1's that you were sold.

Also I'd adivse you to get rid of that crappy supply partner if they didn't conduct metrics and preformance based testing that your employees were not involved in and just shoved a project down your C-level's throat that looked really good finanaically and had no prior implementation or testing on your companies scale.

There are two sayings in my business that come to light all the time: If you can't be part of the solution there's tons of money to be made selling the work around. All time is billable time :D

Regards,
The Network Guy.

Re:Another two words

[scottv67]

You are soooo full-of-shit. Your "vis a vis" and "C-level project managers" buzzword fountain reveals that you don't know jack. You are a Grade A poseur. If you are going to pretend to be someone important, here's a vital tip: Spell-check your posts and review your use of punctuation. You say that you and your D&D-playing friend charge "well over $100/hr" but yet you put an apostrophe in "Point's of Presence". I would have to guess in real life that you are in your early 20s and you've taken one or two networking classes at the local vocational school. You probably know how to configure a Linksys WRT54G but can't go much beyond that. I am surprised that your post did not include a list of "certs" that you hold (including A+).

I'm sorry that my post is not more positive. But your post was so full of bullshit that I had to call you on it.

Re:Another two words

[coolGuyZak]

I agree, to a point. Slashdot cannot produce guaranteed-reliable information. However, the information produced by an Ask Slashdot article can lead to insight or serve as a staging point for further research. With a modicum of effort, the information from this site could even aid the evaluation of an expert--after all, technical experts do frequent the site. (I consider myself one, albeit this is outside my area of expertise).

Identifying those experts is left as an exercise to the reader ;)

Re:Another two words

[Nikker]

networkconsultant (1224452)

Aww common guys he just got it, I'm impressed no one else has picked this baby up yet!

Re:Another two words

[Rev.+DeFiLEZ]

Wow, I just read your parent. That was awesome. I expect he is telling the truth about working for the Canadian Federal government, you know the one that shutdown electronic tax returns do to capacity problems?

Also doesn't $100/hr seem like chump change? Interestingly enough I billed that when I was in my early 20s, so perhaps you are correct when guessing his age.

Shame he didn't say "Future Proof" because that would have just made my day.

Re:Another two words

[SpacePunk]

Perhaps they need someone that know what they are doing, such as, in the Iraq and South Africa... such as

Re:Another two words

[Ontology42]

It's called Satire, perhaps the humor and bullshit bingo games passed you by :D This post is useless just like your post and every other post next to it. I guess it's a slow day for slashdot.

Re:Another two words

[Seismologist]

Wow is this guy serious? Oh, it so happens, I have an extra $100 million over here, yes take that and by some wires... and I'll be waiting in line at the unemployment office.

Re:Another two words

Hey, I have an A+!

Re:Another two words

[dbIII]

Spell-check your posts and review your use of punctuation

Wow. I suspect the above is a joke but some people really believe this. The language of the net is broken english (I don't mean American I mean more seriously broken) and if people cannot cope with that they should improve their reading comprehension skills.

Re:Another two words

[Chris+Mattern]

Computers don't take imprecision well. Computers don't just "know what you mean." When someone claiming to be a computer professional is sloppy in his English, I'm forced to wonder if that sloppiness carries over to his computer work.

Re:Another two words

Sooo, you just spent some big $$ to read and post on slashdot? Well done :)

Re:Another two words

[dbIII]

They are different things and this forum is not where you expect people to take care with their writing. My spelling errors do not make me any less of an engineer as your use of "his" instead of "their" makes you any less of what you do.

Re:Another two words

[Chris+Mattern]

Why would I want to use "their" when I am referring to a single person?

Re:Another two words

Why would I want to use "their" when I am referring to a single person?

When you don't know their gender.

There, did you see how that works?

Re:Another two words

[Zwack]

It is perfectly acceptable in English to refer to a person of unknown gender using the masculine terms. Thus "his" is acceptable. Using "their" has the potential to change the meaning somewhat.

"When he joined the group he was playing with his racket"

"When they joined the group they were playing with their racket"

See?

Z.

Re:Another two words

[dbIII]

Generally half the time that is incorrect which is why masculine terms aren't used that way much in english anymore (and in some US writing bizzarely "she" has been used instead of "they") - however as I said before it is not a big deal. My point was the earlier pedant was talking about spelling and grammar checking being required before sending casual posts in casual forums and judging people on that basis.

Re:Another two words

[Zwack]

Masculine terms are still used that way frequently, but I've seen more attempts at being gender neutral by using she/her or they/their. In some cases it works, and in others it seems contrived or is confusing. Timothy Leary proposed SHe and hir to replace He/She or him/her, you can tell it never caught on. Some of the worst ones seem to have deliberately alternated male/female terms (to provide balance?) but that just causes confusion.

The English language is not gender neutral and trying to make it so is going to be a long slow process. I don't mind people trying as the language moves forward (after all language is not static but constantly evolving) but I really dislike people going back and revising previous works to "make them more inclusive" this can particularly be seen with certain hymns... For example Hark the herald angels sing (Written in 1739) has a line that "pleased as man with man to dwell" that is now frequently changed to "pleased as man with us to dwell". Presumably too many people feel that the use of the word "man" to signify "humankind" is not acceptable. While that is a small change, some of the other changes don't scan well.

The other thing that really gets me is this needless abbreviation ("Whatev", "Phenom") I've even had my real (two syllable) name abbreviated by some people down to one syllable.

Well, enough of my ranting...

Z.

It's Easy!

[Compulawyer]

Just follow this simple formula:

1. Call your helpful friends in Distributed Applications at Google;
2. Let Google's gnomes install distributed apps branded with your company's logo;
3. ???????
4. Profit!

Any application that won't run in a Firefox window is unneeded and merely distracts from the company's core mission. You won't believe how much of a performance boost you will get when you shut down those apps.

Re:It's Easy!

[Allador]

Any application that won't run in a Firefox window is unneeded and merely distracts from the company's core mission. Not sure if you're serious or being sarcastic, but I'm assuming serious so ...

Are you kidding me? What about little things like:

1. Financials/Accounting/Inventory/PoS
2. Email
3. Calendar
4. Software Development
5. Web Development
6. Graphics Creation & Manipulation
7. Line of Business Apps (Timberline, ADP, whatever)
8. Instant Messaging
9. Database Management
10. Systems Administration & Management Tools
11. CRM

Heck, even online office tools are only good for simple stuff when you've got an internet connection.

And yes, I know some of these have online versions, but they're all crap for most typical business use. Maybe for the 1 person home office, or certain kinds of shops that have very little administration to be done.

This kind of thinking drives me crazy. Very few shops can get away with little to no infrastructure like this.

Re:It's Easy!

[Compulawyer]

Not sure if you're serious or being sarcastic...

Never assume seriousness when sarcasm is a satisfactory explanation.

... but I'm assuming serious so ...

First mistake. Assuming sarcasm would have eliminated the need for your laundry list of reasons why my reasoning was flawed. Assuming sarcasm is a corollary of Occam's Razor.

This kind of thinking drives me crazy.

If you had assumed sarcasm maybe this kind of thinking would have driven you to be amused instead. See what kind of problems assuming seriousness leads to? Now go away or I shall taunt you a second time! You and all your silly English seriousness!

Coda?

Whatr you are looking for is keeping central and local files synchronous, allow for dodgy connections +/- disconnects, be fast locally and yet have everything centrally.

Is this not a case for CodaFS?

This problem could do with better definition.

[jimicus]

We don't know which country you're in (and hence which set of regulations you have to adhere to).

We don't know how much data needs to be made available to each office - is it everything? Or is it just a different subset of the total in each office?

We don't know if you're talking about megabytes, gigabytes or terabytes of data. We also don't know how much that data changes on a daily basis.

We don't know if there are any existing factors to consider - be they political or technical (eg. "management almost certainly won't contemplate anything without Microsoft or Cisco plastered all over it").

If it helps, I can tell you what I've done - but I only have two branch offices I need to worry about, no financial regulation and my manager is more interested in saving money on server and client access licenses than buying whatever Microsoft deem to be the Next Big Thing . Each branch office has its own server running Debian Etch as a VMWare host and a number of virtual machines - including a fileserver, DNS and LDAP slaved from head office for authentication. About the only thing that needs backup is the fileserver, and that is done by nightly rsync to head office, and thence to tape. Provided the data doesn't change too drastically (at a rough guess, I can probably handle up to 2-3GB of changes per day while remaining within the backup window) I should be OK. You could probably achieve a similar net effect with Active Directory and DFS.

Hire a real consultant

This is one of those questions where the only real answer is "it depends"

Start by assessing what services and applications are accessing the network or putting an undue load on it. Once you have the information from that assessment you can start looking at how to reduce that load.

Can you get decent performance by setting up a few remote servers at your larger offices, while keeping your smaller offices on the existing system?

Will adding database replication servers to some offices reduce the WAN load?

Will adding bandwidth to sites 22 and 44 make the performance in those offices acceptable? Does this take enough traffic off the central system to make the existing system usable?

If you add a database replication server to site 66, could you then have the dedicated lines from sites 88 and 55 changed over to link to site 66, and access that replication server?

If you don't have the expertise to do this, hire someone that does.

It's a dead FS

[emj]

It's a no go, OpenAFS and kerberos is a very nice idea, but it doesn't work, the client software for most platforms is very bad.

Re:It's a dead FS

[Pav]

I check the OpenAFS project status semi-regularly, and there has been a bit of work done on the windows side of things recently... the latest version was released just a few days ago. From the site I get the impression that the Windows client stability issues are (mostly?) ironed out and they've been able to concentrate more on performance improvements.

    The Windows client IS a bit of a hack ie. it isn't a real filesystem driver - it's a proxy that translates OpenAFS to/from virtual SMB via a virtual network device. Still, it sounds as if it's finally worth a look.

Re:It's a dead FS

[Lars+Arvestad]

In what sense is AFS bad? I have been on AFS for years, with Solaris and Linux, and occacionally on MS Win. I think it is great.

So, here's your answer:

[SanityInAnarchy]

Either consolidate your servers, or don't.

Exactly what costs were you thinking of saving by consolidating? If it's just the cost of building and maintaining those physical servers, then here is the cold, hard truth: You are paying less for less service. Put servers at each branch office if you'd rather pay more for more service.

You get what you pay for.

Now, if it's other problems that are keeping you from setting up those dedicated boxes, realize that these are other problems. Identify them, and bring them back to Ask Slashdot. We're Slashdot, we're not psychic.

If it's your outsourcing partner gouging prices, dump them for an outsourcing partner which doesn't gouge prices, or do it in-house.

If it's the inability to manage all those servers, get them to talk to each other, etc, that's a more interesting technical problem that Slashdot might be able to help solve.

There are a few exceptions -- you might be able to get away with something like Coda or AFS, though I don't know how well that scales to crappy bandwidth. But if so, that would imply that your only problem is managing strictly filesystem data -- it doesn't help at all if the problem is access to, say, an intranet webapp. So again, we need details, if we are to find the clever exceptions.

Otherwise, upgrade your bandwidth, and/or outsource your actual application servers to someone who can scale. If it's just web/email/docs, Google can do that. Otherwise, find someone who specializes in what you're doing (our SVN is run by cvsdude.com), or bite the bullet and buy some virtual servers.

Re:So, here's your answer:

[OnlineAlias]

Call Citrix.

Re:So, here's your answer:

[moderatorrater]

You get what you pay for. In my experience, that's exactly opposite what most executives think about IT.

Re:So, here's your answer:

[laxiepoo]

Citrix is absolutely wonderful if you have enough bandwidth at the spoke for each hub. we have plenty of bandwidth now, and Citrix runs perfect for everyone. Printers can be a monumental pain in the proverbial arse sometimes, but it's mostly all good.

Re:So, here's your answer:

[OnlineAlias]

I'm an executive in IT with almost 20 years in. I have learned, without a doubt, that in IT what one pays is usually quite unrelated to what one gets.

Re:So, here's your answer:

You win the thread!

Re:So, here's your answer:

[SpaceLifeForm]

Well, sure, if you have to deal with Microsoft and people
that worship Microsoft. If that is not the case, then
maybe you don't get what you pay for because you don't
have the budget to hire good people.

Re:So, here's your answer:

[evilmousse]

in software and package deals, maybe, but in hardware?

Re:So, here's your answer:

[Ajehals]

I totally agree.

In my experience the only way to ensure value comes down to the processes involved in the planning, acquisition and implementation of any given project.

Ensure you have a process for identifying the requirements of any new service or equipment acquisition and do it without focusing on a specific system or product, if you limit yourself initially because you have formed a preconception of what you think you need, or you simply copy what others have done before, you will not get a solution that meets your needs.

Acquisitions of any type should always solve a business problem, whether you are addressing poor or suboptimal communications, the lack of external access, the rigidity of an existing system, scalability, security or stability issues or the lack of proper redundancy and disaster planning. You should not be buying things for the sake of it, or because someone simply thinks it might be a good idea, most of all don't buy things because other people have them. Justification is everything, otherwise you end up with things you don't need or want (but need to support) that don't provide business benefit, but do drain budgets which in turn makes it harder to address real issues. The identification of problems should come from within the business (that's what management is there for to a degree) or from independent consultants brought in for that purpose, it should never come from a vendor who (as it happens) also provides a solution. If a vendor makes a suggestion then assess the need and see if there is a business requirement, but do it independently.

Make sure you have a decent tendering process when you are sourcing equipment or services (for smaller businesses, that basically means you need to shop around, and tell your existing suppliers that you are doing so). Make sure that there is input not only from management and finance but also from end users and IT staff (sounds basic but not always the case...). You should also have a well thought out budget (after all you are solving a problem and problems should be quantifiable in cash terms), stick to it.

I don't even want to think about the number of times I have seen needless upgrades, additions and total changes to IT infrastructures for no good reason and more importantly with no real benefit. Resist it if you can (but don't resist change for the sake of resisting change, that is just s bad as doing the opposite.

As the parent suggests, price is not an indicator of performance. If your specifications and requirements are met, and you are within budget then great, if you are under budget then you are ahead of the game! With that in mind though, do thoroughly check out your suppliers (its inexpensive and easy enough to do), if a supplier is cheap and has a bad reputation then avoid them, make sure your suppliers can deliver before you sign contracts, sure you may be able to sue them (if you have all the information and the budget to do so) after the event, but it will be much cheaper to get it right first time.

Finally, I have found that the law of diminishing returns seems rather applicable to IT, as things get more and more expensive, the benefit from obtaining them becomes less and less. For example, a email system of some kind in a necessity in most businesses and generally speaking they are fairly inexpensive (relatively at least), whilst electronic whiteboards (my per hate) or upgrading cat5 to cat6 cable (without changing anything else, - something suggested to me by a vendor recently to improve network performance..) bring only marginal benefits but are relatively expensive.

Hmm, that was probably all totally offtopic - never mind.

Re:So, here's your answer:

[Lumpy]

Exactly. The moron It director at my last company decided to consolidate and had us remove all dedicated servers at offices. we "saved" money.

Then 6 months later, we have a T1 outage to one of our larger offices, that office grinds to a halt. No BDC, file server and print server mans that as long as the T1 is offline that entire OFFICE IS OFFLINE. zero work is getting done, we spent 5X what we spent to consolidate to undo what he had us do.. It is the wrong thing to not have servers in every office. you have to plan for outages, and performance of having a server local can not be beat. (well you could have OC3's installed to each office, or have fiber ran to every office from your central location, 1000Mbit fiber point to point connections would do it...

Re:So, here's your answer:

[Fulcrum+of+Evil]

It's funny because it's true...

Re:So, here's your answer:

[Profane+MuthaFucka]

They fucked you then. Server consolidation is a great buzzword, but people get it wrong if they think that it reduces the number of locations. No, proper consolidation is done at a single location, and multiple locations are looked at only if it makes sense.

Big hint: if you need to access a computer over a network regularly, with performance requirements, then you're a moron to make that connection to a computer in another location. Keep that kind of access on your local network.

Tell you what. Fire the guy who fucked you and hire me instead. I'll tell you my real name, won't charge too many millions of dollars, and I'll fix your setup.

Re:So, here's your answer:

[Profane+MuthaFucka]

I'm in IT, and we're going to make you pay for that comment...

Re:So, here's your answer:

[duffbeer703]

The problem is that regulatory/compliance issues make it difficult to place resources in the field, because it is difficult and costly to maintain. One lost backup tape could be a real disaster. You have to balance business needs against cost, security, etc. There's no "one size fits all" solution.

Here's how we're moving ahead with centralization in a large distributed environment with about 50,000 users and 1,000 branches. We're reducing the server count by about 40%, and the cost by 70% versus a couple of years ago:
- Most sites with 10-75 people get a headless, stripped down box (~$2,000) that runs our desktop management software
- Medium/Large sites (75+) get a file server, which fulfills some other roles as well
- Large and VIP sites get a domain controller, mainly for availability purposes.
- A few "very large" (800+) sites get a 100MB WAN connection and use the data center services.

We looked at a few other solutions, with mixed results:
- WAFS/WAAS looked great, but the solution cost was almost the same as rolling out servers. Additionally, most of our applications are "thin" already, so we weren't really gaining much.
- Distributed AD servers are purely an availability play. (If your circuits/core servers are sized correctly)
- NAS also looked promising, but the cheap solutions weren't very manageable at our scale, and the manageable solutions weren't cheap.
- No backups are done on site, we're rolling out a distributed backup system that we de-dupe the data globally and backup to a data center. If you're using old backup software like TSM, Legato, etc, you MUST go shop around, the newer solutions are way way better and probably have lower administrative costs.
- Networks are getting faster and cheaper. We're seeing 3MB connections available to replace 512k frame relay connections at a slightly lower cost. We'll be switching as our network infrastructure gets upgraded.
- If your network supports it, multicast can make it much cheaper and easier to provision your workstations. Most management tools (Altiris, SMS, Tivoli, LANDesk, etc) support it.

Re:So, here's your answer:

God. You are my hero. Id like to requote a paragraph and then discuss it a little bit (even in my poor english):

Acquisitions of any type should always solve a business problem, whether you are addressing poor or suboptimal communications, the lack of external access, the rigidity of an existing system, scalability, security or stability issues or the lack of proper redundancy and disaster planning. You should not be buying things for the sake of it, or because someone simply thinks it might be a good idea, most of all don't buy things because other people have them. Justification is everything, otherwise you end up with things you don't need or want (but need to support) that don't provide business benefit, but do drain budgets which in turn makes it harder to address real issues. The identification of problems should come from within the business (that's what management is there for to a degree) or from independent consultants brought in for that purpose, it should never come from a vendor who (as it happens) also provides a solution. If a vendor makes a suggestion then assess the need and see if there is a business requirement, but do it independently.


This should be so obvious but alas, it isnt if one is to turn to reality. Nowdays, it has come to my attention that the best sales of, say, certain not-unexpensive routers, come from something called "Technology Briefs".

Now, tech briefs, no matter how cool they sound... who am I kidding, THEY ARE GREAT!... they consist of reunions of sales and top exec people from a vendor, with top exec people from a buyer, in a nice island resort in, say, the mexican caribian. A lot of things happen there, or so they say, except any kind of talk regarding topics as gray and sad as a damned "router" thing this geeks keep talking about. As ive been told, the talks and activities tend to go towards more "worldly" matters.

Re:So, here's your answer:

[linest]

in software and package deals, maybe, but in hardware?

I don't think it's a hardware vs software issue. I've seen an awful lot of purchasing decisions made with little understanding of the actual requirement. Sometimes a salesman pushes a solution as an answer to everything and the check gets written. Other times someone buys the biggest, most expensive thing made because they don't know exactly what's needed. They want to cover all the possibilities that might occur and the most versatile things tend to be the most expensive. True for both hardware and software.

Re:So, here's your answer:

[rcw-home]

I have learned, without a doubt, that in IT what one pays is usually quite unrelated to what one gets.

Furthermore: The quality of software is often related to the size of the software's userbase.

That $10 million ERP package designed specifically for your industry? You'll be the very first person to hit hundreds of bugs. Guaranteed.

Re:So, here's your answer:

[Geoffreyerffoeg]

There are a few exceptions -- you might be able to get away with something like Coda or AFS, though I don't know how well that scales to crappy bandwidth.

You realize that AFS was designed in the late 80s, when all bandwidth was crappy?

Re:So, here's your answer:

[marafa]

my wife used citrix in her branch office. over 256k dsl. the dsl went down. the branch went down. the dsl slowed to a crawl the office slowed to a crawl. in the end they bought pcs for each user in the branch. did i also mention the citrix server was 3000 km away from egypt? in italy too.

Re:So, here's your answer:

[ThePromenader]

Err, fibre. Yes, but Expensive. Who provides your interconnectivity? If you have a reliable ISP (or better still, a TC company such as Colt) who can rent you a U or two for your central server AND fibre-connect you to it, you should have little to no problems - with added security. I'm sure that for an added charge they will (or you can) set up automated backups for you, or you can implement something like a mirrored RAID for even more security - but that depends on your needs.

I would also suggest dividing server roles between "tasks" and "data". IMHO, for many tasks, such as printing, a server is not even needed - a networked machine will suffice. Data should be secure and always accessible from all points; tasks, as they depend on the machines they control, should be distributed to points closest to them. If the printer's LAN loses web access, its print server, if it is in another remote location, becomes a... print bank. A role a bit much for the investment in an entire server/setup.

Re:So, here's your answer:

[funfail]

rcw-home: You'll be the very first person to hit hundreds...
Lex Luthor: (interrupts) Thousands!

Re:So, here's your answer:

[SanityInAnarchy]

As the parent suggests, price is not an indicator of performance.

While that is true, as soon as you find an IT guy who has as much expertise as the parent post here, you do want to pay them quite a bit to retain them.

For example, a email system of some kind in a necessity in most businesses and generally speaking they are fairly inexpensive (relatively at least), whilst electronic whiteboards (my per hate) or upgrading cat5 to cat6 cable (without changing anything else, - something suggested to me by a vendor recently to improve network performance..) bring only marginal benefits but are relatively expensive.

Case in point. Businesspeople don't know this, and it may be hard to convey the usefulness of a particular upgrade (just try explaining email when it first came out), vs the uselessness of another (just try explaining that faster cables isn't going to do anything significant).

Although I would suggest buying cat6 cable when you need cable at all -- for replacements, and for new cabling. I think it still falls under "dirt cheap", but it's been awhile since I looked, so I might not be remembering right.

Re:So, here's your answer:

[SanityInAnarchy]

In the late 80s, we were sharing little ASCII files, not big powerpoint presentations. And we were talking about a much smaller "scale" in terms of the sheer number of machines.

That does give me a bit more confidence in at least giving them a shot if I end up needing them, though.

Re:So, here's your answer:

[somersault]

May I just ask why you insert your own newlines into your comments? I have seen a few people do that online, and I had to read your comment about 8 times to get any sense out of it (I'm guessing because newlines usually signify a new idea or sentence, or maybe I just need some coffee)

Re:So, here's your answer:

[somersault]

If only someone would point that out to Microsoft.. the most obvious exception to your relationship. I'd say the size of the userbase is more likely to be related to the quality of the software - that's what you'd hope at least. For some reason, the larger a userbase becomes, the worse software gets as the creators try to expand on it just for the sake of expanding and making more money..

Re:So, here's your answer:

[mjpaci]

I thought it was poetry. Where's that coffee...

Re:So, here's your answer:

[somersault]

His comment is to poetry as a McDonald's coffee is to the smell of freshly brewed coffee so rare that it is composed only from beans that have passed through the intestines of a small rodent.

Re:So, here's your answer:

[The+Spoonman]

I believe he was referring to open source software as a prime example of "you get what you paid for". MS software, in comparision, is cheap.

Go ahead, call me a troll. Takes one to know one.

Re:So, here's your answer:

[AmericanInKiev]

... he says, stepping boldly into the irony that MsDonald's coffee consistently rates higher than Starbucks in bat-blind taste tests, guano notwithstanding...

Re:So, here's your answer:

[somersault]

Aye, I've heard recently that it's okay, but the McDonald's coffee that I had a few years ago was truly disgusting (I've only been there about twice in the last 5 years, I prefer Burger King, KFC, or pretty much anything else that isn't McDs - and I these days I tend only to drink coffee from proper cafes if I ever have it outside of work).

Re:So, here's your answer:

Yeah go to www.newegg.com to solve your problems, like the rest of us.

Re:So, here's your answer:

[bobbozzo]

Ocelots aren't rodents.

Re:So, here's your answer:

[bobbozzo]

Nor are civets.

Re:So, here's your answer:

[rcw-home]

If only someone would point that out to Microsoft.. the most obvious exception to your relationship.

No kidding. If it wasn't for Microsoft, I could have used the word "quite" instead of "often". It's not enough to have millions of beta testers (err, I mean customers) - you have to provide a way to listen to them. Collecting $99 or $249 to open a PSS ticket (and then spout worthless advice such as "do an in-place Windows reinstall" instead of providing a fix) doesn't cut it.

At least free software gets this right.

There is no cake

[emj]

So how can you eat it?

Re:There is no cake

[Chris+Mattern]

The cake is a lie!

WAN Accelerators

[mark99]

Checkout Riverbed, Cisco, and many others. Basically they do caching, compress traffic, do TCP/IP traffic control the way it should be done (with the hindsight of 30+ years experience) and some application specific round-trip optimization (some even do voodoo optimization :).

Not cheap - but easy.

Re:WAN Accelerators

[Angostura]

Have a look at the stuff from Expand Network. No, I don't have practical experience with myself, but they seem to have their heads screwed on.

Re:WAN Accelerators

[Niobe]

No, don't check out Cisco, they are not leaders in this area and you will be disappointed. However F5 DO have a very impressive product range that can solve all of your problems (I have no affiliation).

Examine Your OS Contract

[wrfelts]

It's time for your company to seriously examine your outsourcing company's contract with you. The consolidation recommendation obviously did not fully examine the needs of the remote offices. They have to bear some of the brunt of this mistake ...or lose their contract with cause.

Server consolidation is great for centralized offices. Until we reach the bandwidth critical mass where the pipe is wider than the need, removing server capabilities from satellite offices is a ridiculous idea. Even if it's a store-n-forward device, you will need local access capabilities.

There is really no excuse for the consultancy making a flub this big. They should either be fired or forced to float the cost difference for their mistake. In the long run, you should look at replacing them anyway. You don't want the company's crown jewels in the hands of incompetents.

Packeteer iShaper

[modemboy]

I have been looking at this product for a similar situation I am in: http://www.packeteer.com/products/ishaper/
Basically it is a WAFS box, with WAN traffic shaping, caching, etc, plus it acts as a Domain Controller, print server, authentication, dns/dhcp, etc.
If it works like they say it will it would be a good solution for you based on the problem description. Basically it is a server, plus WAFS, without being a server...
I wonder if anyone here has some hands on experience they could share?

Re:Packeteer iShaper

we do. the short of it, stay far away. the technology used in these devices come from an acquisition of a company called Tacit. they have some fundamental design flaws in the Tacit software that is quite simply childish. it's very heavy to integrate into an AD environment and we've some some huge issues when running these things in the advertised transparent mode. also, legacy user workstations such as win95, win98, windows nt and non windows devices are not supported. you'll not be saving any admin costs as these devices run a standard windows 2003 server version that requires the same amount of attention as just placing a windows server on the branch office site. packeteer made a huge mistake in buying this company.
i'd suggest looking elsewhere to something that is more network orientated and less windows orientated.

Re:Packeteer iShaper

[bandrzej]

We currently use their equipment for our company after doing a trial test over 512k WAN links to support workgroups of 5 to 50 people. The key thing is you will need additional hardware at the home data center: their IShared if you have files to share back at corporate for the Ishapers to talk to, and then a IShaper controller (for central configuration of all shapers and QoS classes) and at least two shapers at the home office (for redundency). When you have that hardware, expect to see a large increase in file access times (2x to 10x as fast) and then your QoS for your traffic.

Citirix?

[WarwickRyan]

Might well be a nice solution, assuming that your remote users are frequently throwing large files around.

Thin Client

[chipperdog]

ICA, RDP, and some X variants work well over slow connections. Do applications need to be executed locally, or can you run a farm of application servers with fast connections to the storage. Then put diskless, fanless thin clients (I typically use Wyse V50s), which DHCP configured to give them a config file to load on each startup. This gives you data security (no data is stored locally, or even at a branch office like your situation - someone steals a thin client, you are only out the hardware, application roll outs and updates are centrally managed, no rouge software can be installed (i.e. no weather bugs, cutsy screensavers, etc) by users, and many more advantages.
I publish applications via Citrix (Windows Apps.) and X (*nix apps)...They run on the same thin client desktops and the user knows no difference as to which server the application is actually running on - it appears local to them...I've also experimented with publishing OS X applications via vnc, but that requires the whole OS X desktop be served (not just the application)

What We Do

[CrankyFool]

We're a largeish company with one HQ (and associated data center), about 400 field offices, and four regional field service centers. Our approach was to centralize everything but printing, but that means EVERYTHING -- so people use Terminal Services to go into HQ. This means that once they've done the TS hop, everything is local, because they're accessing their files, running their apps, and accessing databases locally to where the terminal server is. Printing is, of course, still done in the office, via print servers in HQ.

The users don't seem to complain of speed issues -- then again, this whole thing is running on fairly old hardware (6-7 year old PCs) in the field, and they're not doing anything particularly high-performance (e.g. video).

Riverbed

[Danborg]

Check out a company called Riverbed, http://www.riverbed.com/ they have a WAN optimization appliance called Steelhead that solves the exact problem you are describing. I won't turn this post into a sales pitch -- read their website, call them up and ask for a demo, then decide for yourself. I would insist on a proof of concept or pilot implementation before making an enterprise wide committment.

Sack half the staff

Given what the US markets are going to do tomorrow, it wouldn't surprise me if this is the way that your management chooses to "solve" the problem.

Terminal Services?

[karearea]

What I did in a previous job was implement terminal services across the board.
Stuck an AD server in each remote offices for workstation authentication, dns, dhcp, updates, etc.
Files were stored centrally.
Accessibility was increased (eveyone had access to their files which ever office they were in without them being dragged across the network.
Bandwidth has grown as the number of people in offices (and the amount they print) has grown.

RCA of your situation...

[rickb928]

... seems to be that your oursourcing partner has you on the Merry-Go-Round. They work it like this...

1. Propose a WAN-based solution.

2. When that slows to a crawl, propose a branch server solution.

3. When that proves to be too expensive to administer, propose a centralized solution.

4. When that proves to be difficult, unproductive, or slow, propose a branch office solution with accelerators, DFS, and all the goodies.

5. When that proves too expensive to administer, propose a thin client/remote app solution.

6. Repeat steps 2-5 as needed, substituting current technology for at least three iterations.

7. If you still have this client, you may now feel free to propose ANYTHING, including cans and string, or gerbils. They will buy it. Change your technical onsite staff every 6 months, rotating in fresh and untrained candidates. Rotate out those who show promise to be re-deployed at newer clients who are at step 4 or earlier in the process.

It's kinda sad. Consulting outfits can rarely make a living by doing right for a large client. Sooner or later, they either get replaced when the client starts 'analysing' the operation, or get replaced when some other outfit has a stronger line of bull to offer management.

Of course, there's incompetence, but my former boss isn't involved. He's busy screwing people in a different business, when he's not busy screwing his employees.

Published Apps or WAN Accelerators

[Jester998]

There would be two major paths I would investigate.

If you're in a Windows environment, look at getting Citrix (or something similar) set up. Centralized files, centralized management, and it works very well. The one major issue is printing, although we use a product called Uniprint at work that is fucking fabulous. We went from 60% of helpdesk calls being "reset print spooler" down to 0% when we rolled out Uniprint. Very impressive stuff. We use Citrix at work primarily for our DB-intensive apps (so we don't return millions of rows over the VPNs, just the end result via the user interface), but we do have it in use for Word, Outlook, Excel, etc, as well.

The other option is WAN acceleration. There are many vendors that have them now (Juniper, Cisco, Packeteer, yadda yadda). They're expensive and I'm not sure how well they work if each office only has a few users (only a couple people may not 'seed' the cache sufficiently to make a major impact), but I've heard they work well for larger offices.

Riverbed Steelhead

http://www.riverbed.com/products/appliances/

or something similar; I mention Riverbed because it is what we use. Good luck.

Re:Riverbed Steelhead

[nixobilly]

Highly recommended!

Many large corps have implemented this solution and it really works great. (I don't work for Riverbed) Check out their website and contact sales. They can deliver a pair of demo devices and have it working in about 20min. This company does not get the attention it deserves.

Good luck.

Samba and rsync

[FridayBob]

Dedicated servers for each field office is out of the question, ...

Well, how about just an old workstation at each remote site to run Linux on with Samba (assuming you're supporting M$ clients) and CUPS for file and printing services, while using rsync to synchronize the data with your centralized servers? You can even make additional automatic local backups to disk with things like faubackup or dirvish. It worked for me and you don't have to use such cheap hardware as long as I did.

But seriously, it sounds like your company followed some pretty bad advice. It may have allowed you to cut costs, but it also introduced a new set of problems for which there is no cheap and easy solution. Except perhaps what I've outlined above. Yes, strictly speaking thatt would mean adding "dedicated servers", but it would not be an expensive solution and it certainly sounds a lot less expensive to me than your current daily loss of productivity from 1,000 employees.

Re:Samba and rsync

[MightyMartian]

A lot of this really depends on what else is going over those lines. If it's just files and email, and maybe lightweight web and database apps, then your solution will work. But there are apps out there (I have to deal with one) that are really disk intensive, and running over any kind of network file system is just plain slow. In that case, you really have to consider running each branch semi-independent with some sort of batch merges to and from the central database. At that point, you have to have a server at each location. Or you can pay for a REALLY BIG PIPE, but that can be pretty damned costly, and depending on where branch locations are, may not even be possible.

In my case, both branches are in small communities with a highly unreliable cable provider and a more reliable but still rather slow DSL provider. Even if we wanted to, there's no way to get faster speed, so you have to start working with DFS or rsync or something along those lines, and with semi-independent asynchronous databases that update to the master when and if they can.

Riverbed is a decent Solution

[bhmit1]

I've done a light evaluation of riverbed's steelhead appliances in the past (less from the efficiency stand point and more for manageability). To call it a dell server with centos is an understatement since there's a lot of software intelligence intercepting various protocols and caching the data that may be transmitted. Handling file locking, multiple email recipients of the same large attachment, and be transparent to the network, aren't easy problems to solve at the protocol level, so I'd say they deserve a few kudos. They weren't a simple WAFS, multiple protocols were included, it would simulate the reply from the remote server when possible, and all traffic to another data center or office with a steelhead would be compressed regardless of protocol (it's been a few years, so feel free to double check those facts). I believe they also included some physical bypass hardware so if the box completely died or needed to be rebooted, you wouldn't lose your network. All in all, I thought it was a nice solution. And no, I have no affiliation with the company.

Re:Riverbed is a decent Solution

[Amouth]

i am wondering.. that sounds like they did a good job.. but from the upstream providers view.. what does the access logs look like? if the transparent proxy is acting as a middle man for the client does it pass info upstream for logs?

Re:Riverbed is a decent Solution

[bhmit1]

From my impression of how it worked, yes, you'll still see your logs. Even when it preempts a reply from the server, the request is still sent to the server, but you may get your simulated reply before the server generates it, so your log timestamps my be a tad off. Otherwise, it's just doing intelligent compression by looking at the protocol when possible, and doing general compression when an unknown protocol is being used. They even compress ssl data if you're willing to give it your encryption keys (presumably you keep this as secure as you'd keep your webserver in the main data center, and they do it in such a way that SOX, HIPPA, and PCI are ok with it).

Re:Riverbed is a decent Solution

Silver Peak is also a good one. I just went through an extended evaluation of Riverbed, Cisco and Silver Peak. The Cisco solution has a lot of configuration issues , and even with an engineer from our local Cisco office onsite, we were unable to get reliable performance from them. Silver Peak and Riverbed just work, and do some amazing data reduction. In our testing, I was getting LAN-like performance with a populated cache over DSL links using Word, Excel and Powerpoint files. In the end we chose Silver Peak, as I liked their companies philosophy of accelerating everything at the IP layer better, but Riverbed is also a very good product, particularly if you use many of the mainstream apps that they have written specific optimizations for.

Re:Riverbed is a decent Solution

[cyberatz]

all good if you want no visibility on what is actually flowing over your network. In my experience, and we've tried multiple solutions in a 25k user global company, from the crappy Tacit/Brocade WAFS to Cisco WAAS to Riverbed to Expand to Bluecoat mach5 to Juniper/Peribit etc. they all have their downsides. on the up side, riverbed has a super marketing team. that is about it. out of all the devices tested and proof of concepts done, there were only really two players left that were able to provide us with something that did not interfere with out traffic monitoring (ie. does not put all traffic into a tunnel), integrated or didn't interfere with our QoS policies, play along well with the rest of the network including MPLS etc and worked well over high latency links and those were the products from Expand and Cisco. we had some major stability issues with the riverbed stuff and the tech support was truly horrific. the bluecoat boxes worked okay to but in the end due to integration reasons and cost we chose expand. rolls out like a dream and we've had some really good performance increases on our wan links. my 2c

Re:Riverbed is a decent Solution

[Amouth]

thanks.. you and the parent answered what i was looking for.. where i work we don't need this at the moment but i can see something like this being needed in the next 3 years.. although who knows what is going to be avaliable in 3 years.. but it is good to keep a watchful lazyeye on it.

Rearrange your thinking

Let's see...
1000+ employees/100 locations = 10 employees/location = 0.25-0.5 FTE in IT per location.

Step 1. Hire an inhouse IT staff to operate core systems.
Step 2. Deny outsourcing partner a role in testbed project.
Step 3. Choose 5 remote sites for testbed.
Step 4. Hire 2 IT support professionals for testbed remote sites.
Step 5. Implement inexpensive directory server for each testbed site.
Step 6. Configure a VPN over DSL for each testbed site.

Network printers these days don't need a print server. But if you feel you prefer one, use the directory server. It won't be breaking much of a sweat handling the authentication of 10+ employees and synching with corporate.

Client-server interaction that needs to happen between offices can happen over the 3Mbit DSL line. That should easily handle the traffic of 10+ employees.

Because you haven't provided any details of the nature of the inter-office data traffic, it's hard to design any further than that. However, it might be completely appropriate to make all the user machines in the testbed offices be thin clients, netbooting off the directory server.

It is a bit odd to me to hear a company with 1000+ remote employees (and some additional non-remote employees?) skimp on buying office servers. If you can afford to pay 1000+ employees (including 100 office managers) and pay the rent and utilities on 100 remote office locations... Can't you spring a little money for an office server?

Figuring costs for just one of the five testbed sites averaging 10 employees:

$300K Salaries (1)
$120K Benefits (2)
$ 20K Office rental (3)

Ignoring furniture, utilities, PCs, security, janitors, etc., etc., each remote site costs $450K per year to operate. Let's round it to an even $500K. And that is still on the very conservative side.

Over the three year life of a server, that is $1.5 million to operate the remote location.
But we can't spring for a $1500 server?

* The sample numbers above are extremely conservative and could easily be double those shown here. For instance, a site with 15 employees could easily cost $5 million over three years. And you still can't squeeze for a $1500 server?

(1) Figuring an average salary of $30K. This is obviously a very wild gueww, having no clue of industry, geography, etc. The numbers here are all very conservative.
(2) Figuring 40% labor burden.
(3) 10 employees * 100 s.f./employee. Again this is very conservative. With bathrooms, water coolers, and other common areas thrown in, this would be a very cramped sweatshop. Figure $20/s.f./year.

WAFS is not the only solution btw

[keeboo]

Here where I work, we replaced pretty much all the conventional applications (the ones which are required globally within the organization) for web-based ones. No, it didn't happen from a day to another.

We have pretty much everything centralized, except cases when you simply cannot escape from .doc/.xls/etc documents and stuff like that. Such cases are processed locally and only the relevant files are sent (either through FTPS or e-mail), SMB shares are not transported through WAN at all.
It helps our structure reflects (most of the time) the physical segmentation of our organization.

Currently most of our (typical) traffic is HTTP (~80%) and e-mail (>10%).
We do have quite tight WAN links (1Mbps in most cases, slower in other places) so we apply a fairly elaborate QoS and, for HTTP besides the obvious local HTTP cache we also compress that with Ziproxy (what renders it less than half its size, in our case).

Replicate your databases

Hard drive space is very cheap. You could probably replicate all your company's databases in every office. That leaves you with the problem of syncing the databases but there are some solutions. Lotus Notes took that approach about fifteen years ago iirc. It worked well. WAN traffic was greatly reduced and performance was quite acceptable even with the slower WANs of the day.

I haven't done this kind of thing for a while so I googled on "replicate sync database" and got lots of relevant hits.

What would Google do

[rossy]

I used to work in the high tech industry with companies that made lots and lots of money. These companys had the fastest bandwidth, and the most creative people coming up with cool solutions to solve problems. But basicly the point was, everyone made lots of money, so if IT infastructure was a problem, they threw money at the problem, and it was solved...period. Since that time, I have seen general compression of the $$ side of things, the bright people go somewhere else, and the people outsource the smart clever IT folks that worked at the the tech company to some outsourcing firm...
and all the call centers are shipped off to India.
So... I think... where is all the money now, and clever people?
Google.
Just ask Google to host your IT applications, they already index the rest of the damn web anyway.
This would beat Googgle to their next big thing anyway... why not just host the world at Google?
Storing your sensitive financial information will be just a spec of content compared to the rest of the web. Then buy some good fiber connections from Verizon. (I'm spoiled with my FIOS service at home...better than the DSL at my companies remote office)... and viola, problem solved. Besides, then anyone can get to your data from anywhere.... the security issue is a myth... who has time to look up all this financial information anyway... most people are reading Dilbert cartoons about how your company outsourced the network.
Plus, you can tell all your clients to buy Google stock, prior to handing over all the data.
-- R

Bad Partner

[nurb432]

Sounds like you need another IT partner, at the least.

And good luck having branch offices with no server. Only way i can think of doing that is 100% terminal services.

Oh whats the difference beteen a "branch office in a box" and a branch server? I bet nil.

Re:Bad Partner

[MightyMartian]

I'm assuming what "branch office in a box" means is some sort of fileserver/VPN black box. And you're right, it's just a server, but one with some of the legwork done for you.

I can recommend the Riverbed Steelheads

[slincolne]

Have used them successfuly over WAN links. They do a great job of accelerating Exchange traffic, and if you do the maths you'll probably find that they pay for themselves in data costs.

Where I have used them the costs of comms links was such that the Steelheads paid for themselves in around 18 months.

Of course your mileage may vary, but remember that cached data is bandwidth saved and that's either money in your pocket, or additional bandwidth for other uses.

Don't run a domain structure over your WAN

[a.d.venturer]

In fact don't run a domain at all. Let the end users manage their own PCs / laptops / printers and run a real virtual organization. You'll save heaps of cash using Skype, Salesforce, GoToMeeting and other solutions designed for this. If you want to manage your end points, buy a solid endpoint management solution like Kaseya (Disclaimer: I work for Kaseya) rather than trying to customize something with GPOs.

I've worked with both trying to get a domain structure running over a wide area network with slow/cheap bandwidth links, and not running any kind of domain structure at all and the later is by far the best way to go. Forget trying to lock down local machines, manage user data and so on. It's like holding a leaky bucket.

Yes, you lose control of your data. The only way to avoid that is to centralize completely, go with a Citrix solution and do ridiculous things like prevent users printing or connecting any USB devices to their machines. There are solutions out there that completely lock and encrypt all data on the user endpoints, but you said that your company doesn't want to spend any money, so I'm assuming that they aren't going to fork out for any kind of real solution.

Re:Don't run a domain structure over your WAN

[MightyMartian]

You lose more than your data. You lose the ability to maintain, update and audit local machines. What you suggest is the kind of scenario that works, until it doesn't, and then it's a nightmare. Laissez-faire networking with heaps of trust in outside providers from your critical apps and data is, in my humble opinion, crazy for any substantial organization.

Re:Don't run a domain structure over your WAN

[a.d.venturer]

You can achieve everything that you suggest with an endpoint management system that doesn't require a domain structure in place to use - e.g. the product I mentioned in the OP. I would say more but I'll just end up astroturfing.

As for putting trust in critical apps and data - I see that most substantial organisations don't trust banks, and keep their cash in a very large mattress, don't trust the grid supply, and run their own power stations, don't trust the existing transport infrastructure and build their own roads to get staff to work and so on. You have a huge number of dependencies already - you're just living in a world where data and applications aren't yet expressed in utility terms.

Re:Don't run a domain structure over your WAN

[MightyMartian]

First of all, you are borderline astroturfing. Second of all, there are very good reasons for domain structures, not the least of which is a sane authentication system and a centralized means of controlling resource access. Third, banks have spent decades and billions of dollars creating robust and secure systems, and have largely staked their reputations on it, so don't even bother trying to compare your company to your average bank. It's a bullshit analogy that might work for those willing to submit themselves to your sales pitch, but doesn't seem terribly impressive to me.

At last

[geekmansworld]

Thank God, I'm not the only one grappling with this problem.

Astronomical real estate prices in Vancouver have made it difficult to justify consolidating our two offices into one location. So management has come up with the great idea of running our two offices as a single LAN. It sounds like a great idea at first, but when you get down to the nitty gritty it becomes decidedly less practical. We deal with big files and need a speedy ODBC database connection, so our IPSec over WAN tunnel just isn't cutting it. Management was surprised to find that my estimates of several thousand dollars a month for leasing a dedicated fiber connection were, in fact, entirely accurate. I've suggested cloning our server equipment, but again, cost is balked at.

The future is not-quite-now, it seems.

Re:At last

[MightyMartian]

The problem with moving infrastructure around is that management quite often only looks at fixed costs like rent, leases, electricity, telephone, Internet pipes, and the like, without considering the work and costs involved in modifying network infrastructure. The other thing I blame is all those computer and business management rags with their bullshit reviews and advertising (is there a difference any more) which make it sound like magic black boxes make all the problems disappear.

Re:At last

[myowntrueself]

Management was surprised to find that my estimates of several thousand dollars a month for leasing a dedicated fiber connection were, in fact, entirely accurate.

If theres one thing that management doesn't like, which horrifies them, which makes them stick their fingers in their ears and yell "LALALALALALA" its when the IT guy is proven right.

Latest update fixes the problems for Microsoft

[NZheretic]

OpenAFS for Windows 1.5.30 (1.5.3001.0) using MIT Kerberos for Windows 3.2.2 for authentication.

Part of the solution is to look at your comms

I attended a Cisco bash last year where they were expounding the virtues of their ACE (Cisco Application Control Engine) technologys.

Basically you use a couple of routers in between your server room and your remote office which know
about layer 4-7 of the protocol stacks. This allows the routers to short-cut a lot of the protocol
handshaking that causes the latency in things like HTTP, SMB, SQL etc.

These are meant to be quite effective for remote sites & greatly improve performance. Cisco claim that these engines have been optimized for a wide range of common office protocols.

Have a talk to your Cisco rep, they'd be more than happy to do a presentation & possibly lend you
some loan gear for testing.

read all of this: near the bottom it mentions other associated & relevant technologies such as "Application Velocity System"
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_brochure0900aecd804595e1.html

Packeteer iShared (formerly Tacit)

[sdanic]

'Branch office in a box' appliances look ideal, but they don't implement WAFS.

I'm pretty sure that the "Branch office in a box" servers from Packeteer (formerly Tacit) do implement WAFS, or something very similar.

Branch office in a box turnkey servers seem great on paper, but the reality is, you'll still need to manage them just like any other server. They're not quite as "fire and forget" as the manufacturers would like you to think.

In the end, network traffic compression is a better solution.
Look to Riverbed for these type of solutions. They reduce traffic significantly.

Citrix + Softgrid

[bmfs]

I'd go with Citrix (I don't think MS Terminal Services is there just yet) and deploy MS Office to those servers and then distribute all other software via Microsoft Softgrid (soon to be called Microsoft Application Virtualization): http://www.microsoft.com/systemcenter/softgrid/default.mspx

The combination of Citrix + Softgrid is a pretty powerful combination - there's no need to silo your Citrix farm any more, and apps deployed via softgrid don't leave any junk behind on the filesystem or registry (since both are virtualised). Use a Citrix access gateway (basically an SLL VPN device that integrates with Citrix) to publish a windows desktop and then your remote offices just need a decent connection to the internet (budget approx 50 kbit/sec per user with 30% concurrent usage). Users can then work from home or from a notebook with a 3G data card too. Or forget the access gateway and connect the offices to the data centre with dedicated leased lines / MPLS links etc.

In each office install network printers onto each local device and then use the Citrix Universal Printer driver to send compressed print jobs from the data centre to the printer via the citrix client. Or if you have the bandwidth, install the printer on a print server located in the data centre and send jobs directly from the print server, over the WAN, to the printer in the remote office (this is easier to manage).

Lock down the citrix servers and client desktops with AppSense http://www.appsense.com/ and you'll then have a secure, remotely accessible system which is managed centrally.

Complex problem - no easy solutions

[boethius]

Unfortunately there are no silver bullets to solve this problem, no "remote office in a box" solutions that will solve 100% of your problems. I can pretty much guarantee that.

I work for a company that is committed to WAFS 100%, using Packeteer's iShare solution. They spent several months building their own homebrew iShare (software) on top of Win2K3 Server so they could have iShare and SMS on the same server. This setup was blessed by Packeteer after thorough testing. It is used in over 80 remote offices worldwide over a wide variety of WAN conditions. Some of these WAN conditions are quite bad.

This environment is carefully integrated into DFS so users connecting from remote offices get referrals to the proper regional file server for their WAFS-accelerated files. Obviously they want to avoid users in India getting files from the U.S. or referring through the U.S. if a file server cluster exists in India.

Presently none of the iShare boxes run in-line with the WAN connection, which basically means they're not taking full advantage of iShare's capabilities like TCP, Exchange, and Web acceleration. In a previous incarnation I used Riverbed's WAN accelerator boxes in-line and found that helped our remote sites quite a bit. I never got around to upgrading them to use the Riverbed's WAFS feature set before we were bought out, however, so can't speak to Riverbed's strength or weaknesses there.

All this said, iShare, while helpful, isn't magical. CAD applications in particular haven't been helped much and forget it if you want WAFS to help with any file that does internal locking (e.g., Access DBs). If you have lots of Access DBs across your organization, WAFS, iShare or otherwise I suspect, very likely will not help you. You need to go to enterprise-friendly databases. Access is a very hard habit to break, however, and if you're anything like my company you may have tens of thousands globally to deal with. CAD applications that may have thousands of small files will often bog down in the WAFS world. And CAD (or other) applications that require client-server version control like through PDMWorks or Teamcenter are not helped at all by WAFS. TCP acceleration could likely be helpful here, however.

The print queues remain on the local iShare server for each site since we rolled our own Win2K3 Server environment for iShare. I am not sure how feasible this would be if we used the actual iShare appliance--probably not, I'd wager.

Pure appliances are probably fine if all you need are WAFS and not much else. Beyond that a single box to do it all is more pie-in-the-sky marketing than reality.

All this is too complicated

[markov_chain]

Just have everyone telecommute to the central office. Problem solved!

Re:It's a live FS

www.openafs.org

Its not only a nice idea, it works fine too.

Windows support?
http://www.openafs.org/windows.html

Cisco WAAS

[Vesperi]

Cisco WAAS units are what you are looking for. They will do network packet optimizations as well as network caching. It keeps a hash database of the largest possible chunks of data, it sends the hashes first - if it gets a hit in the remote devices database it doesn't have to send all the data. Very effective when it works.

They can also serve as local print servers.

Re:Published Apps or WAN Accelerators -Citrix

Having installed Citrix in close to 200 organizations, from 25 users to 400,000 users, I can say that it is a great solution. With the current version [4.5], you even have the option of streaming an app to a machine, so in the case of a laptop user who wants to get on a plane and be completely disconnected, you can still access your applications at all times. Your access speeds are great, since everything is on high speed. People complain about the cost, but they don't understand the ROI or where the dollars are going and where they are saved. Is the software more expensive than a distributed server only? Yes. But the savings of centralized manangement and increased efficiency are magnitudes higher. For example, a bottom line savings at a 4000 user installation I did showed that they saved a million a year in IT costs from decreased downtime and faster responses from the application in the first year, and 2 million a year after that [the cost of the implementation reduced the bottom line savings the first year].

The same is true at almost every level. The little 25 user network running on Citrix basically had no need for an in-house helpdesk person any longer since the system never appeared to be 'down' at any time and all the apps suddenly had no inconsistencies from user to to user.

Good luck to you and I hope you find an answer quickly.

tapestry brocade and FAN's

[pjr.cc]

Speaking of WAFS, brocade had a product suite based on an architecture called FAN's (file area networks). Originally it was several cobbled together disparate bits of software and an "appliance" running windows server 2003 - though i believe the components that make up tapestry now look more like they belong together rather then the way they used to look where it was very obvious the products were all from different vendors and had different design paradigms. Take a look though, http://www.brocade.com/products/tapestry.jsp (brocade arent the only ones that do this, so look around).

And if you look here: http://en.wikipedia.org/wiki/File_Area_Network - this is the generic term for most of the technology involved, file area networks.

Assuming your running windows everywhere (which wouldn't be a leap) then its not a bad solution - the on-site box is literally a "branch office in a box" solution that incorporates wafs/distributed locked/etc and runs a version of windows server, which i believe can be a AD server as well. But the point of it all is that the remote side has no real date unto itself (Everything goes back to head office) but can manage everything at a remote site (including such things as printers) as well as being easy to replace (in fact, its supposed to be constructed in such a way that if the branch office box fails, people shouldn't notice, everything just starts going back to "head office" in a seamless way). Supposedly its operates over very small amounts of bandwidth, but i can imagine the first time someone opens a large file being a painful excersize.

Still, ive not seen the product except in demo's, but i have heard good things about it.

Dont apologize

[LibertineR]

Hard to remember the last time I read a post containing both "vis a vis" AND "crappy".

The dude needs to re-read Elements of Style, for verbosity and consistency of tone. That post would have come off better as a parody.

Terminal Services

[Eskarel]

Well there are a few ways to make this work. You can set up something like terminal services, or a web portal structure so that all you're transmitting is presentation layer stuff, which can be run on less bandwidth. You can make sure the pipes going out to your remote offices is as fast as a LAN would be. There are also some things that can be done with some of the fancier network hardware you can buy from folks like Cisco.

That said unless your remote offices barely use the LAN, you already have a really fast WAN, or really high end equipment plus the in house resources to manage it, none of which appear to be true, all these options are going to be expensive.

Limited server consolidation can be a good thing, and large companies with really fat network pipes can actually centralize even file servers, and sometimes they even save money doing it(at least if they needed the network pipes anyway), but if you were with one of those companies you wouldn't be asking for a solution.

Your only real solution is to fire your outsourcing company, whichever meat head manager on your side thought it was a good idea, and anyone in a network or server role who didn't have the balls to say this was a terrible idea. If you're one of the above start by resigning. Then use the money you were going to spend on them to hire a few competent people and put servers back where they belong.

Step 1

The first step is to sue the outsourcing partner for damages. Any settlement money from there could go to a better solution.
Step 2 - draft a contract, which spell out black and white financial liabilities and benchmarks for the new solution provider for the new implementation.

The rest is a matter of IT decisions.

Thin Clients

Your other option is to turn the problem inside out. Run everything in your data center and use thin clients remotely.

Yes, running things like video, youtube, high definition images, etc will suffer, but this is an office, isn't it?

You should be able to run reasonable business desktop and productivity apps across your wan more efficiently than opening files, ginormous PST files, etc. etc.

This isn't free, and if you are a Microsoft shop, you still have to pay the piper with CALS. VMWare has their VDI, and there is the Sun solution, and the whole LTSP deal. Might not work for everyone, but might be a solution for a large number of them.

Solution: spend money

[LaZZaR]

While there are a lot of unknowns about your question (e.g. number of locations, current size of WAN links, windows/linux enviroment, types of wan traffic, types of applications etc) really your only choices are:

1. Upgrade WAN links
2. Implement a citrix enviroment ... and to a certain extent, because its cheaper than a "real" file server:
3. Using comodity PC hardware, run file servers with DFS, and backup the DFS at the main office. If you are using Windows this could work really well, with file/folder authentication, and domain authentication can be done over the WAN to the main office. On the other hand, there are risks using comodity hardware...

The compression boxes that others have mentioned, which might work for you, work best depending on what *type* of WAN traffic you have. If its mostly MS Orifice, that will compress reasonably well. If you have other application/proprietory traffic, maybe not so good. For example, I worked for a company that ran their remote offices with citrix clients on 64k to 128k links. After adding more clients than the links cound handle, the company starts to scream, but does not want to spend the money. Our consulting partner tells us about these whizz bang boxes that can compress data into almost nothing. So we ran a trial, and we found that (just as I thought we would) that citrix ran slower than before. Why? Citrix compression was already enabled. I wonder what made the consultants think they could compress already compressed data.

How about do your own work and cut outsourcing

[haplo21112]

Then they can't price gouge you on the local servers, which is the best idea.

Seriously though.

Actually put WAFS servers or in router devices in each office with decent size disks. They are linux devices and can be configured to do local auth as well as file and print.

How?

[zogger]

How Would You Make a Distributed Office System? Me? I am old fashioned, plain old traditional oak, well worked, using my leet router skillz.

Hmm....

[digital+photo]

"I work for a financial company which went through a server consolidation project approximately six years ago, thanks to a wonderful suggestion by our outsourcing partner. Although originally hailed as an excellent cost cutting measure, management has finally realized that martyring the network performance of 1000+ employees in 100 remote field offices wasn't such a great idea afterall. We're now looking at various solutions to help optimize WAN performance. Dedicated servers for each field office is out of the question, due to the price gouging of our outsourcing partner. Wide area file services (WAFS) look like a good solution, but they don't address other problems, such as authenticating over a WAN, print queues, etc. 'Branch office in a box' appliances look ideal, but they don't implement WAFS. So what have your companies done to move the data and network services closer to the users, while keeping costs down to a minimum?"

Basically, you got screwed. But that's not the worst of it. The bad news is that you're still in the midst of being screwed. Others have offered up good advice: drop the outsourcing company for a competent one.

Another good point others have made: your problem isn't well defined, define it and determine what your needs are. What problem are you really trying to solve.

But... back to the broad question you posed. The short answer is that you need branch office servers. Makes no sense to route a 8MB print job to the central office over the WAN, so that it can be routed over the same pipe _again_ to print at a printer that was originally 3' away from the desktop computer that issued the massive print job.

Here's how one might set it up on a low budget basis:

Central Office:
- Dynamic DNS server
- AD or LDAP to manage access control/etc.
- PRINT repo ( for all those print jobs and sox compliance )
- EMAIL repo
- File Server(s) (if you can afford it, get a good SAN storage for your central office with NAS/NFS heads to export storage. EMC/NETAPP/etc comes to mind)
- PRINT SERVER
- VPN server to bridge all offices securely
- VOIP Server/Asterix

Satellite Offices:
- GATEway server that can use Dynamic DNS to let the central office know where it is.
- VPN client
- Local AD/LDAP secondary(caching)
- Local DNS (caching)
- Local Print Server, which archives jobs back to central office for SOX
- QoS switch/routing so email/ssh/telnet/etc can operate while large file xfers are occuring
- VOIP node/Asterix
- LOCAL email repo, based on employees who are stationed at the location. Does periodic sync with central, but allows offline email access.
- LOCAL shared file server that periodically syncs up with central.

Implementation will be the hard part, but basically, that's the floorplan for getting a branch offices setup and not completely reliant upon the central office. Yes, you can use desktop hardware, which is less reliable. You can also use cheap NAS units for storage. It just depends on your performance requirements and what you are willing to pay for.

At the end of the day, you can't get something for nothing. And no matter how good the plan, an incompetent worker is still an incompetent worker. Fire the outsourced company that screwed you over.

It's actually been done before ... long time ago.

Ping someone who works @ Sun. Yeah I know they're yesterday's news, but they solved this problem with their thin-clients years ago! My biggest beef with their solution is that it takes a lot of work to get it to drive Windows apps. So the real question is around what kind of apps you have.
All of the other solutions I've seen for this problem are waaaay too convoluted. K.I.S.S. wherever possible.
Good luck!

Welcome to the cross roads...

[moorley]

Of a good a idea that worked well in one area but is not ready for full adoption. Wide Are Network has too much latency to simply turn local office systems global.

Your company is trying to cheat their development model. Rather than setup a distributed IT application they have simply tried to distribute a small office network worldwide. If you look back to the tried and true OSI model. 7 layers. The 7 layer model doesn't speak of Network File Sharing, it speaks of Hardware and Application. TCP/IP (which we have taken quite for granted) is around/below the application level. If you have an application that runs at the TCP/IP level you are good to go.

I have setup distributed systems for several ISPs in the late 90's. We didn't think about what we were doing or why it worked. It looked like we could long haul anything we wanted. A little lag in sending mail or a few extra milliseconds to authenticate LDAP is no big thang. The Internet is distributed by nature. Sometimes DNS was a little slow but that was acceptable for 56k modems and DSL customers. But we spent 2 years working on a central web based administration/billing/customer support application with 1 SQL base in the center. We didn't distribute the application and have it write to the SQL base directly or move files around.

But you can't distribute the file layer. SANs in a local building have had some of the same problems. Any lag affects all applications and you solve it by throwing a big fat fiber backbone in the local building, but it break downs when you try to long haul over WAN links.

If your company is thinking it can sneak around coming up with a decent workflow model, and then implementing that in an application by simply given MS Office and Exchange (or whatever they have employed) to everybody they are sadly mistaken.

But worry not. You are not alone. Many business execs scratch their heads as to why the simply can't share out MS Project and their Excel Spreadsheets to 25 plus people teams and it will work fine. You still need to do the leg work of figuring out the work flow and reducing that to a transaction based system centrally located. That's it. All we've done in the last 20 years is replaced printouts with emails and spreadsheets, and the night operator (a job I used ta do) with scripts (or procedures) that dynamically update or run every 10-15 minutes. You still need a central system and then distribute parts of it, or have slim down interface that everyone can use remotely. Look at how a bank does it, just good ole dumb terminals.

No magic bullets yet. We need faster broadband and much lower latency before you can share out at the file layer using a network stack meant for transaction based appilications.

Let yourself off the hook. No mortal IT person can turn this tide....

You need local servers to reduce the latency. You need some decent thought on the application, not the OS and Office Suite. Good luck!

Re:Welcome to the cross roads...

OSI, TCP/IP, ISPs, LDAP, DNS, 56k, DSL, SQL, SAN, WAN

I decided to summarize this comment, I think the main points are pretty apparent.

Let yourself off the hook. No mortal IT person can turn this tide....

a.k.a you can't turn it!

No easy answer

. There is no silver bullet to consolidate every operation into just a few data centers
. Look for specific options for each of your needs (authentication/authorization, storage, development, support...) there are many providers that offer different solutions, but each works for a specific problem.
. Whenever you think that reducing the number of data centers is the solution, then you have to think that you will spend more money in connectivity (sometimes a lot more money)

Microsoft Terminal Services

[dieKatze88]

Its expensive, but it works over the crappiest links ever. It makes branch offices easy because they put new computers in, connect them to anything faster than 28.8 dialup, and they connect to the server and do their work remotely. Sure its a productivity kill if the link or server goes down, but it works for who I work for.

It also solves the file system issue. One server in the biggest office holds all the files. And you can print to local printers from it.

Re:Microsoft Terminal Services

[whatmot]

I have to totally agree with you here - best answer I have seen...- If you add an SSL VPN with web cache acceleration your remote terminal session acts like it is on steroids, add a redundant WAN gateway at the main site and you are definitely in business. My company has been working this way for over six months with spectacular results - such as a 1000 % increase in our software development cycle. Also eliminates virus threat, increases security, very robust and secure. Additionally most folks don't realize but this service uses the program's kernel process shared once with multiple users i.e. one server can easily support 500+ users remotely with no speed issue. Just add more bandwidth and system memory to cope with the user load... i.e I have current evidence of 20 simultaneous users working with a 1% cpu average load on a Dual core xeon server with 4 gigs of ram (only using about 700 mb)...Running Visual Studio for core software development. Additionally many of the developers work remotely all over the US with average to poor home broadband access.

Wan/remote access

[keltcat]

I use OpenVpn with Samba for all remote connections to the companies I do work for. The company with the most users has about 500 systems in play. at 5 geographically separate locations from Florida to Northern Pennsylvania. I set up 'mini' servers at the major locations (these are white boxes which cost about $3,000 each). The operational data load is around 1TB, and the data storage is around 5TB. Using Samba, rsync, OpenVPN, Unison, and a few custom scripts, all remote white boxes data, and programming are maintained from one central location. The shares for the white boxes are designed for quick access to data with immediate need, and remote sync for data that is not immediate need. At the main office is a set of three $11,000 servers which are running virtual servers for all the white boxes, and a central repository for the 'not so immediate needed' data. These boxes are kept in sync, and can replace and/or take over the load of one of the others should they fail, or need to go down for maintenance. I have on a few occasions had to fix, or repair remote 'mini' servers, but in the instance of failure for one of these, the end user's shares are redirected to main office. There are still three systems out there that I have not had to physically touch for 3 years, still going strong. It sounds like some companies need to hire a real consultant to help with the intrinsics of the company IT operations. My idea of a consultant is an expert in the field who can advise on how to setup, operate, maintain and project future requirements the system or systems while keeping the operations cost to a minimum.

F5 Networks has a similar solution

F5's WANJet worked well for us. It is very similar to the product(s) from Riverbed and in fact, they are direct market competitors.

So, here's your answer:Take notes.

"I have learned, without a doubt, that in IT what one pays is usually quite unrelated to what one gets."

Apparently the same can be said about the sex industry. Maybe you two should compare notes?

slow links aggregated

[nachdenklich]

Indeed when dealing with branch offices in rural locations you sometimes only get crappy DSL connections - unless you want to spend a bundle on the real stuff. I end up just buying a few of those DSL links from the cheapest providers - trying to get links from different providers as well if possible - and then aggregating those DSL links with some intelligence which allows me to use all those links as one fat pipe. Works pretty well and can get pretty cheap. The only problem left is that you have to consider some latency sensitive applications if applicable. Just to comment on this subject. It seems bandwidth is a nagging problem for a lot of folks and sometimes and I think it can be solved with low-cost products and fairly inexpensive high-tech solutions. Sorry if I digress.

On the matter of cost

Your company outsourced for a reason and it sounds like you are trying to subvert the company's goals.

It'd be nice if IT services were free, but obviously your company has found that they are not AND they cost more to keep in house.

So, the goal of the outsource was to reduce cost. This works simply by removing all the "fluff" that the IT department provided.

That said, you are on the pendulum swing that reduces IT expenditures by centralizing everything so the equipment can be cared for by fewer people. Your company wanted this! The surprise here being not that the equipment costs change, but the cost associated to the people change when doing this.

Now you personally want the service and support back that you originally had when the IT department was internal. Go Figure! Fewer people.

So, now its time for you to grow up. Get your head back into the real world where its not only your your company's job to reduce cost but, and here's the stinger, IT IS YOUR JOB TO REDUCE COST.

Get your head into the game. That's all it is. Start managing your outsource partner, not the other way around. Pay for the IT you NEED. Make suggestions, get budget and stop whining about how unfair the situation is. You are forgetting, this is not 7 years ago, its today. If you are the GUY, figure out what this stuff really costs and see if it is really a gouging. If it is, re-bid. Educate yourself.

By the way, WAFS will NOT fix your problem, it seems to be much deeper.

WAN Accelerator

Hp Have a WAN Accelerator, basically it hashes up the data and transfers the information faster, the hash tables grows with use. Sort of like a cache of sorts. And its a WAN device not a server !

SIX years ago?

Your server consolidation project rolled out six years ago and your bosses aren't ready to spend serious money on a new model? Things must be going pretty well.

4 Suggestions

[vinn]

This is a topic near and dear to my heart.

1. First off, you dismissed WAFS-style accelerator solutions - I wouldn't. I think that's going to go a long toward your solution.

3. Get more bandwidth bang for your buck by consolidating all your connections through 1 carrier (realistically it probably isn't possible, but you might get close.) Something like Megapath. See if you can find someone to build you an MPLS network so you can guarantee layer 3 throughout. Build QoS policies on that. By going with 1 carrier you'll make your account management simpler and they might give you more bandwidth because they're carrying all your traffic. Be prepared to sign a 3 or 5 year contract for the best deal.

2. You were worried about authentication over the WAN - shouldn't matter because that's fairly low bandwidth. Print queues over the WAN? Egad - you don't want to do that so come up with a novel solution for dropping some kind of network printer on their LAN. Novel might just mean a sleeve on the side of the printer that holds the driver installation CD. Users can be walked through that. At the same time, make sure all your printers are the same so your help desk isn't bogged down in troubleshooting a million different ones.

4. Application selection: this is pretty critical. Don't purchase heavy apps. Purchase lightweight, web-based ones. For example, your accounting system might have a fat client for everyone in the home office and then a web version for everyone else. That'll work fine since they're probably just doing boring things like generating PO's. Microsoft Project has a web client within their MS Project Server, so that'll work for something like that. Just keep this in mind when purchasing any application.

Print queues over WAN?

[lewko]

Wait. Are you looking for print queues over the WAN? What happens after the document has printed. Does the head office FedEx it to you? Or is it quicker when they use the fax.

P2P anyone?

[pablochacin]

or, in other words, how do I put a P2P network to connect the branch offices. I you don't know how a P2P network works, let me know, it's been wondering me for a while.

Simple solution.

Just go ahead and put a server in each branch office.

Kerberos and Andrew File System

[chris_sawtell]

Are the magic words, but please do prepare your brain for a roller-coaster ride.

OpenAFS
and
Kerberos

Thin Client

[lpwuk]

We use SunRay thin client for this purpose and also to help with a number of other IT cost issues. It is quick, has good support for windows, is fast, easy to administer and the webtop version is great for people on the move or for helping those with older laptops or who need access to certain apps not installed on their laptop be productive.

All in all money very well spent.

Yeah - me too!

[gosand]

I'm an executive in IT with almost 20 years in. I have learned, without a doubt, that in IT what one pays is usually quite unrelated to what one gets.

Yeah... I love Open Source Software too. :)

OpenAFS

[Edgester]

For a filesystem, I would recommend openafs. For printing, I recommend setting up CUPS servers. AFS lets you have distributed servers that are centrally maintained. AFS is location agnostic. The filesystem is split into volumes, which can be located on any server and seamlessly moved between servers without needing to change the file path. Check it out at http://www.openafs.org/

It also has manual read-only replication so that you can have a local read-only copy of frequently accessed files.

Use thin clients. Next question?

See subject.

Outsourcing can work.

[SanityInAnarchy]

For example: As I said, our SVN repository is hosted by someone else. This implies that we must connect to them over the Internet, which means that, yes, if Internet in the office is down, we can't check in.

We also all have laptops. If necessary, we can just pick up our laptops, head down to the coffee shop, and continue working, with cups of coffee and chai being brought to us, until the Internet at work is fixed.

And we also have 100 mbit fiber shared among maybe five people, so if the Internet is up, no one person's BitTorrent is going to cause problems.

My point is not that being dependent on an Internet connection is always wrong or unworkable, but that if you want to not be dependent on the Internet, you're going to have to spend some money.

Packeteer iShaper + iShared

We have several heavy use remote locations and were running into the same issues as the poster. We selected the iShaper and iShared devices from Packeteer after trialling them for the following reasons:
1) The iShaper is two devices in one - the regular Packeteer shaper to QoS WAN traffic and a Windows 2003 Storage server plane connected with an internal gigabit switch. The Windows side can be setup as Domain/DHCP/DNS/Print and app server.
2) The device can be placed inline.
3) With an iShared in your datacenter, the iShapers can pull content file share content with them via DFS and their specific protocol they have been working with MS on. They use a "hot/Cold" system for you to prepopulate the device with the user shares and other file shares, and then the protocol tracks the changes to make file shares uber fast over 128k and above connections. In our lab testing, it has been at least a x2 to x10 improvement in file load time.

How we solved it

We have a similer infrastructure and had to come up with a solution for many remote offices. Samba and cheap servers came to the rescue. The nice part about using Linux (Debian Distro) is we can keep adding more software as new challenges arrive, something you can't do with appliance. We wrote a couple of scripts for centralized backup to our data center and Landesk for management of workstations. This was rolled out in 2004 so I did not have as many options but I checked the many choices including Cytrix and other options. Remove the gui and you will be amazed how little power is needed for a linux box doing a ton of tasks including file and print serving.

remote desktops

[buttle2000]

with freenx of course.

I found your problem, right here

[billcopc]

Dedicated servers for each field office is out of the question, due to the price gouging of our outsourcing partner.

Gee that's an easy one, lose the price gouging outsourcing "partner". It sounds like he's the problem.

Seriously, local servers sound like the way to go for you, usually the only way to go, because North American bandwidth is still shite in the 21st century.

Riverbed is your solution

[pluto+networks]

Based on what I read in your post on the top of the page, you are asking the same questions that many of my customer ask me about. The Riverbed Steelhead and the Riverbed Mobile Server can solve all of your problems that you are looking at. It will allow you to reduce your bandwidth on your wan links to save money by accelerating your applications, backup jobs, print servers. Also you will have no problems with authentications over the wan, I have never seen a customers have any sort of that problem. You can also make this branch office in a box, it can be set up in a way that will make it easy to send to office and set up. If you have more questions please email me.

WebAccelerator

[kaybee]

At least for Web-based applications, simply invest in the WebAccelerator from F5 Networks. It literally provides almost LAN-like performance for web applications over the WAN.

Cisco WAAS

[nickyhaan]

we use cisco WAAS boxes now in all our locations, but we still have servers in the locations due to ad authentication issues, i heard rumors that a new software release will run a virtual machine with dc functionality. Printing is supported by the box, handeld by CUPS. Performance is great, allthough it really depends on the application you run, and the amount of data your talking about. As compared, money wise, against a server, a decent server will win against a comparable waas box, so if its not political issues against a server in your location then go for a server in you location. Through the company that we buy our cisco equipment from, it was very easy to get a testsetup to do a pilot in one of our locations to get a feeling on performance gains using our applications. If there is a dc in your location (or when the waas box does the dc functiality itself) you'd still have access to your central fileservers when the wan goes down, any other centrally offered services arent cachable. just my 2 cents ..

MIssing the point

"That post would have come off better as a parody."

I thought it was a parody.

I'm sorry, I'll pay more attention in the future.