XPost: microsoft.public.windows.terminal_services   
   From: tperson.knowspamn@mailandnews.com   
      
   Hi,   
      
   Just based on the information you have provided, I think you   
   could simplify to something like this:   
      
   - 1 Server at HQ site performing all functions   
      
   - no VPN, just low-cost router/firewalls   
      
   - Dynamic ips at remote sites if it saves substantial amount   
   per month, and depending on security needs.  For example,   
   Verizon DSL is only $29.95/month for the speed you   
   mention w/dynamic ip, but is $79.95/month for same speed   
   with static ip, maybe SBC has similar pricing?   
      
   - If printing is very heavy or graphicly intense at the remote   
   offices, you may need more outgoing bandwidth at the HQ   
   location, and/or a universal printer software package that   
   helps cut down on the size of each print job.   
      
   Now, I'll explain reasons why I suggest the above:   
      
   1. Higher performance--you mentioned the app uses standard   
   file sharing, so it would run faster if the files were being accessed   
   directly on the server instead of on a separate file server like   
   you proposed.  The difference is usually VERY noticable when   
   running reports, but also can speed data entry, depending on the   
   application.   
      
   2. Lower cost--obviously, only one server is necessary so the   
   hardware and software costs are much lower.  The ongoing   
   maintenance costs are lower as well, because there is only one   
   server to maintain.   
      
   3. A single server can EASILY handle the workload for what   
   you are describing, plus much more.   
      
   One question I have for you is what is the primary reason   
   for a VPN?  Are you planning on having the workstations in   
   the remote office authenticate to the domain, over a   
   [relatively] slow connection to the HQ DC?  I wouldn't think   
   you would want this because the traffic would slow your TS   
   connections, slow logons for remote local logons, etc.   
      
   Is there some other need for the VPN?   
      
   If you are concerned about preventing someone who is not physically   
   located in one of the offices to connect via TS, you could set the   
   firewall to only allow certain ips.  The TS connection is already   
   fully encrypted.   
      
   Please let me know if you have any questions.   
      
   Thanks.   
      
   -TP   
      
   Vince wrote:   
   > Hello,   
   >   
   > I am a catch-all IT consultant in Southern California with very little   
   > practical VPN experience (but learning quickly).  I am therefore   
   > seeking guidance and affirmation from the gurus in this forum, if you   
   > would be so kind.   
   >   
   > I have a client with a small medical practice who would like to   
   > consolidate his patient data into one location.  He has 3 sites (2   
   > medical offices, 1 billing office), each with their own self-contained   
   > instances of 2 core DB apps.  Each site has their own LAN, workgroup,   
   > router, and DSL Service of varying speeds/equipment.   The medical   
   > offices have 9 total users (4 and 5, respectively), while the billing   
   > office has only 3.  All client PCs have either XP Pro SP2 or XP Home   
   > SP2. There are no "servers", only workstations hosting the DB data   
   > over standard file sharing.   
   >   
   > Office growth has reached a plateau; there is no anticipated user   
   > increase for the forseeable future.  Money is always a factor, but I   
   > have been told that special consideration can be made for an   
   > "appropriate" price/performance solution. The main goal is to   
   > consolidate the patient data from all 3 sites into 1 central location   
   > so that all users are viewing the same tables.  The DB app support   
   > techs will perform the data merges, I need to design and implement the   
   > infrastructure.   
   >   
   > My proposal:   
   > - 12 total users (5,4,2)   
   > - the 5 user site becomes the "HQ"   
   > - New Windows 2003 Domain Controller at HQ site will host the   
   > consolidated DB Data and MS License server   
   > - New Windows 2003 Terminal Server at HQ site will host the 2 DB apps   
   > - Standardize all 3 sites to highest ADSL Service w/static IP   
   > addressing   
   > (SBC Yahoo!® DSL Pro-S -   
   > Speed: 1.5-3.0Mbps downstream/384-512Kbps upstream   
   > IP Address: 5 Static   
   > Price: $74.99/mo)   
   > - Standardize all 3 sites to same make/model of VPN router   
   > - Establish tunnels into the HQ site from the 2 other sites (non-mesh)   
   > - All clients will access the 2 DB apps on the Terminal Server at HQ   
   > Site via RDP   
   >   
   > VPN Questions:   
   >   
   > 1) After reading posts here and elsewhere, I am inclined to go with 3   
   > Netopia VPN Routers, either 3386-ENT or 3387WG-ENT (the doctors have   
   > wireless laptops).  Will this hardware be sufficient to provide a   
   > reliable connection between the sites?  Anyone have any other   
   > recommendations?   
   >   
   > 2) Will this ISP package be sufficient or will we need something   
   > beefier (SDSL,T1, etc)?   
   >   
   > General Questions:   
   >   
   > 3) As far as the beefiness of the servers, I am inclined to go heavier   
   > on the Terminal server (2P, 2G RAM) than on the DC (1P 1G RAM), given   
   > their required tasks.  Am I making the correct assumptions?   
   >   
   > 4) Are there any "gotchas" I need to keep in mind?  Is there a better   
   > arrangement for this type of situation?   
   >   
   > Any insight would be greatly appreciated.   
   >   
   > Thanks,   
   >   
   > -Vince   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)