×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Would You Make a Distributed Office System?

ScuttleMonkey posted more than 6 years ago | from the ip-over-avian-carriers dept.

Networking 218

Necrotica writes "I work for a financial company which went through a server consolidation project approximately six years ago, thanks to a wonderful suggestion by our outsourcing partner. Although originally hailed as an excellent cost cutting measure, management has finally realized that martyring the network performance of 1000+ employees in 100 remote field offices wasn't such a great idea afterall. We're now looking at various solutions to help optimize WAN performance. Dedicated servers for each field office is out of the question, due to the price gouging of our outsourcing partner. Wide area file services (WAFS) look like a good solution, but they don't address other problems, such as authenticating over a WAN, print queues, etc. 'Branch office in a box' appliances look ideal, but they don't implement WAFS. So what have your companies done to move the data and network services closer to the users, while keeping costs down to a minimum?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

218 comments

erm.. (5, Funny)

Anonymous Coward | more than 6 years ago | (#22131542)

Or, in other words, how do i put servers in branch offices without putting servers in branch offices?

If you solve that one let me know...it's been bothering me a while too...

So, here's your answer: (5, Insightful)

SanityInAnarchy (655584) | more than 6 years ago | (#22131794)

Either consolidate your servers, or don't.

Exactly what costs were you thinking of saving by consolidating? If it's just the cost of building and maintaining those physical servers, then here is the cold, hard truth: You are paying less for less service. Put servers at each branch office if you'd rather pay more for more service.

You get what you pay for.

Now, if it's other problems that are keeping you from setting up those dedicated boxes, realize that these are other problems. Identify them, and bring them back to Ask Slashdot. We're Slashdot, we're not psychic.

If it's your outsourcing partner gouging prices, dump them for an outsourcing partner which doesn't gouge prices, or do it in-house.

If it's the inability to manage all those servers, get them to talk to each other, etc, that's a more interesting technical problem that Slashdot might be able to help solve.

There are a few exceptions -- you might be able to get away with something like Coda or AFS, though I don't know how well that scales to crappy bandwidth. But if so, that would imply that your only problem is managing strictly filesystem data -- it doesn't help at all if the problem is access to, say, an intranet webapp. So again, we need details, if we are to find the clever exceptions.

Otherwise, upgrade your bandwidth, and/or outsource your actual application servers to someone who can scale. If it's just web/email/docs, Google can do that. Otherwise, find someone who specializes in what you're doing (our SVN is run by cvsdude.com), or bite the bullet and buy some virtual servers.

Re:So, here's your answer: (1)

OnlineAlias (828288) | more than 6 years ago | (#22131842)

Call Citrix.

Re:So, here's your answer: (1)

laxiepoo (783224) | more than 6 years ago | (#22131976)

Citrix is absolutely wonderful if you have enough bandwidth at the spoke for each hub. we have plenty of bandwidth now, and Citrix runs perfect for everyone. Printers can be a monumental pain in the proverbial arse sometimes, but it's mostly all good.

Re:So, here's your answer: (1)

moderatorrater (1095745) | more than 6 years ago | (#22131912)

You get what you pay for.
In my experience, that's exactly opposite what most executives think about IT.

Re:So, here's your answer: (4, Funny)

OnlineAlias (828288) | more than 6 years ago | (#22132046)


I'm an executive in IT with almost 20 years in. I have learned, without a doubt, that in IT what one pays is usually quite unrelated to what one gets.

Re:So, here's your answer: (2, Interesting)

SpaceLifeForm (228190) | more than 6 years ago | (#22132502)

Well, sure, if you have to deal with Microsoft and people
that worship Microsoft. If that is not the case, then
maybe you don't get what you pay for because you don't
have the budget to hire good people.

Re:So, here's your answer: (4, Informative)

Ajehals (947354) | more than 6 years ago | (#22132664)

I totally agree.

In my experience the only way to ensure value comes down to the processes involved in the planning, acquisition and implementation of any given project.

Ensure you have a process for identifying the requirements of any new service or equipment acquisition and do it without focusing on a specific system or product, if you limit yourself initially because you have formed a preconception of what you think you need, or you simply copy what others have done before, you will not get a solution that meets your needs.

Acquisitions of any type should always solve a business problem, whether you are addressing poor or suboptimal communications, the lack of external access, the rigidity of an existing system, scalability, security or stability issues or the lack of proper redundancy and disaster planning. You should not be buying things for the sake of it, or because someone simply thinks it might be a good idea, most of all don't buy things because other people have them. Justification is everything, otherwise you end up with things you don't need or want (but need to support) that don't provide business benefit, but do drain budgets which in turn makes it harder to address real issues. The identification of problems should come from within the business (that's what management is there for to a degree) or from independent consultants brought in for that purpose, it should never come from a vendor who (as it happens) also provides a solution. If a vendor makes a suggestion then assess the need and see if there is a business requirement, but do it independently.

Make sure you have a decent tendering process when you are sourcing equipment or services (for smaller businesses, that basically means you need to shop around, and tell your existing suppliers that you are doing so). Make sure that there is input not only from management and finance but also from end users and IT staff (sounds basic but not always the case...). You should also have a well thought out budget (after all you are solving a problem and problems should be quantifiable in cash terms), stick to it.

I don't even want to think about the number of times I have seen needless upgrades, additions and total changes to IT infrastructures for no good reason and more importantly with no real benefit. Resist it if you can (but don't resist change for the sake of resisting change, that is just s bad as doing the opposite.

As the parent suggests, price is not an indicator of performance. If your specifications and requirements are met, and you are within budget then great, if you are under budget then you are ahead of the game! With that in mind though, do thoroughly check out your suppliers (its inexpensive and easy enough to do), if a supplier is cheap and has a bad reputation then avoid them, make sure your suppliers can deliver before you sign contracts, sure you may be able to sue them (if you have all the information and the budget to do so) after the event, but it will be much cheaper to get it right first time.

Finally, I have found that the law of diminishing returns seems rather applicable to IT, as things get more and more expensive, the benefit from obtaining them becomes less and less. For example, a email system of some kind in a necessity in most businesses and generally speaking they are fairly inexpensive (relatively at least), whilst electronic whiteboards (my per hate) or upgrading cat5 to cat6 cable (without changing anything else, - something suggested to me by a vendor recently to improve network performance..) bring only marginal benefits but are relatively expensive.

Hmm, that was probably all totally offtopic - never mind.

Re:So, here's your answer: (0)

Anonymous Coward | more than 6 years ago | (#22132350)

You win the thread!

Re:erm.. (1)

mrnovell (1224476) | more than 6 years ago | (#22132456)

We use Novell's OES Server 2 which includes iFolder, iPrint and WANFS which allows us to connect Branch offices. I have span storage groups, printing and file service acroos our WAN links with no problem.

Global file system (3, Interesting)

Colin Smith (2679) | more than 6 years ago | (#22131548)

Such as OpenAFS.

Something like coda might be nicer but progress on global filesystems seems to have pretty much stalled.
 

It's a dead FS (1, Informative)

emj (15659) | more than 6 years ago | (#22131780)

It's a no go, OpenAFS and kerberos is a very nice idea, but it doesn't work, the client software for most platforms is very bad.

Re:It's a dead FS (1)

Pav (4298) | more than 6 years ago | (#22132418)

I check the OpenAFS project status semi-regularly, and there has been a bit of work done on the windows side of things recently... the latest version was released just a few days ago. From the site I get the impression that the Windows client stability issues are (mostly?) ironed out and they've been able to concentrate more on performance improvements.

    The Windows client IS a bit of a hack ie. it isn't a real filesystem driver - it's a proxy that translates OpenAFS to/from virtual SMB via a virtual network device. Still, it sounds as if it's finally worth a look.

Two words come to mind.. (2, Insightful)

dementedWabbit (675528) | more than 6 years ago | (#22131556)

Financial. Liability.

Another two words (2, Insightful)

EmbeddedJanitor (597831) | more than 6 years ago | (#22131746)

Don't askslashdot.

The only responsible answer to this question is to get someone in that has a track record of fixing problems like this. Don't expect to get a reasonable answer from a sketchy problem definition in a place like slashdot.

Re:Another two words (0)

networkconsultant (1224452) | more than 6 years ago | (#22132260)

Well, This is what I do for a living for the federal canadian governemnt and private sectors here in canada, I'd love to help out your company however how much money is this costing them and how good was business last year?

First off we'd have to define your companies standards vis a vis the policies and determine if we could get managerial sign off on all the required changes.

Then we propose design changes based upon our findings and implement a test and pilot project of said changes, based upon intial client feed back and support issues that arise we revise and further clarify the design and specifacation documents.

Then based upon the pilot project we implemented the entire kit and caboodle in a phased approrach throguhout your entire company.

I estimate the required time for this project dependant upon your company size and team involved would take about two years (you mentioned you have 100 Point's of Presence), however your mialage may vary. I could throw together a team of crack network people that would be able to do this however they are NOT CHEAP, each of us charges well over $100 / hr and we are all independant consultants that do this kind of thing every billable day of the year. If you are interested I'll forward you my C.V. and you may present it to your CTO. I deal with C-level project managers and 3rd / 5th level NOC / Operations groups, no one below that level usually talks to me unless I am interviewing them for standards and general peeves they experece during thier 1st tier tech reporting job.

Now the other way to skin the cat is to spend 100 million and get OC-48 to every office instead of your crappy T1's that you were sold.

Also I'd adivse you to get rid of that crappy supply partner if they didn't conduct metrics and preformance based testing that your employees were not involved in and just shoved a project down your C-level's throat that looked really good finanaically and had no prior implementation or testing on your companies scale.

There are two sayings in my business that come to light all the time: If you can't be part of the solution there's tons of money to be made selling the work around. All time is billable time :D

Regards,
The Network Guy.

Re:Another two words (4, Funny)

scottv67 (731709) | more than 6 years ago | (#22132474)

You are soooo full-of-shit. Your "vis a vis" and "C-level project managers" buzzword fountain reveals that you don't know jack. You are a Grade A poseur. If you are going to pretend to be someone important, here's a vital tip: Spell-check your posts and review your use of punctuation. You say that you and your D&D-playing friend charge "well over $100/hr" but yet you put an apostrophe in "Point's of Presence". I would have to guess in real life that you are in your early 20s and you've taken one or two networking classes at the local vocational school. You probably know how to configure a Linksys WRT54G but can't go much beyond that. I am surprised that your post did not include a list of "certs" that you hold (including A+).

I'm sorry that my post is not more positive. But your post was so full of bullshit that I had to call you on it.

Dont apologize (1)

LibertineR (591918) | more than 6 years ago | (#22132816)

Hard to remember the last time I read a post containing both "vis a vis" AND "crappy".

The dude needs to re-read Elements of Style, for verbosity and consistency of tone. That post would have come off better as a parody.

No Good Solution (4, Interesting)

maz2331 (1104901) | more than 6 years ago | (#22131580)

There is no good and cheap solution to this one.

You can try the application accelerators that are out there now from Cisco. They basically use smoke and mirrors to keep traffic off the WAN and act as local proxies for different services.

Otherwise, your choices are limited. Citrix servers would be good for some apps, but get god-awful expensive fast. And an organization too cheap to build out a decent system to begin with isn't likely to make the investment in writing efficient apps.

If you're running on slow lines, bump them to at least fractional T3.

It sounds like the system was designed to serve 5 gallons of water through a swizzle stick. Ain't gonna work unless something is radically changed.

Or better....

Fire the outsourcing partner and the management that buys their bull, and build out a proper distributed archetecture.

Re:No Good Solution (4, Insightful)

wish bot (265150) | more than 6 years ago | (#22131620)

He should tell us who their outsourced partner is. This sounds very similar to a strategy I'm hearing about for our company right now.

Re:No Good Solution (5, Interesting)

chappel (1069900) | more than 6 years ago | (#22131716)

I was really impressed with the improvements we got by implementing some 'smoke and mirrors' from Riverbed (http://www.riverbed.com/). Granted, we've got some reasonably adequate bandwidth to start with, but it dropped the WAN traffic to our large (500 user) remote site by a good 80%. They seemed mighty expensive for a plain dell server with CentOS, but there's no arguing with results. /reminds self to look into riverbed stock

Riverbed is a decent Solution (4, Informative)

bhmit1 (2270) | more than 6 years ago | (#22132148)

I've done a light evaluation of riverbed's steelhead appliances in the past (less from the efficiency stand point and more for manageability). To call it a dell server with centos is an understatement since there's a lot of software intelligence intercepting various protocols and caching the data that may be transmitted. Handling file locking, multiple email recipients of the same large attachment, and be transparent to the network, aren't easy problems to solve at the protocol level, so I'd say they deserve a few kudos. They weren't a simple WAFS, multiple protocols were included, it would simulate the reply from the remote server when possible, and all traffic to another data center or office with a steelhead would be compressed regardless of protocol (it's been a few years, so feel free to double check those facts). I believe they also included some physical bypass hardware so if the box completely died or needed to be rebooted, you wouldn't lose your network. All in all, I thought it was a nice solution. And no, I have no affiliation with the company.

Re:Riverbed is a decent Solution (2, Interesting)

Amouth (879122) | more than 6 years ago | (#22132622)

i am wondering.. that sounds like they did a good job.. but from the upstream providers view.. what does the access logs look like? if the transparent proxy is acting as a middle man for the client does it pass info upstream for logs?

Re:No Good Solution (2, Insightful)

Tuoqui (1091447) | more than 6 years ago | (#22131766)

I'd mod parent up if I had the points...

Yes fire the damn outsourcing partner. They obviously did not have your needs in mind when they suggested it. Most likely they thought they could save themselves money by having 1 location they have to go to when shit goes wrong.

Re:No Good Solution (5, Interesting)

eazeaz (1224430) | more than 6 years ago | (#22131824)

We use riverbed appliances at all our remote offices. They take about an hour to install and are damn near like magic. I just pulled some statistics from one of our remote offices. Over the last 30 days, we had a reduction in data flow of 95% 6.3GB of data went over the T1 instead of 129.3GB We can run applications over a T1 and users do not know that they are not local. They allowed us to go from DS-3 to T1 lines without any user complaints.

Re:No Good Solution (1)

ThePromenader (878501) | more than 6 years ago | (#22132286)

The question is so broad, it's hard to answer. The definition of "good" and "cheap" differ for most everyone in this concern.

I've recently had to set up such a system, and I opted for... VPN. Secure (because I opted for the ssh certificates version) for sure, but can be slow as molasses for the (uploading) remote connection, depending on their bandwidth. Yet both central office and main outposts have (the European equivalent of) T1 connections, with a secondary backup connection option if needed. DynDns is a great option for nailing down those company IP's through all locales and differing ISP behaviours.

Whether each interconnected LAN has its own server has really nothing to do with interconnectivity. Here all "remote" connections take/depose their data from our central office server (Windows 2003 - aaaargh), but in the local LAN the server is not really a server at all, rather a backup utility. I might add that I'll be reworking the above soon into a system directly connected to our (new) provider through fibre, but this changes nothing in the workings of the point-to-point connections. Build your system architecture only according to your (technological) needs.

Print queues should only be run by a machine directly linked to the printer that will print them -- and you don't necessarily need a server to fulfil that task. Unless, of course, you're a printer.

Re:No Good Solution (1)

222 (551054) | more than 6 years ago | (#22132362)

For what it does, the Cisco solution (Wide Area Application Services) is actually pretty affordable. It's more than just smoke and mirrors imho. Using DRE (Data Redundancy Elimination, a sort of digital shorthand), working outside the TCP spec for larger packet sizes (requires an appliance at each site) and as you mentioned, caching of local files, I've managed around a 2x increase in bandwidth efficiency since rolling it out across 5 locations. When I look at what it would actually cost to double my network connections at each location, it would literally take less than a year to pay for the WAAS rollout.

We also utilize Citrix (We publish a full desktop) and cost wise, you should really take a careful look at what the overall expense regarding Windows PCs vs cheap WYSE Winterms. Not to mention that I'm within arms reach of our computing environment at all times, and a couple of fairly well rounded IT guys can manage all of this (supporting hundreds of users) with a fraction of their day.

Honestly, once you get a decent Citrix farm setup (this is one of those times when its a *really* good idea to bring some decent consultants on board) it's really not much trouble at all.

If you have any questions about this, feel free to email me. I'd be more than happy to spend a few minutes looking at your environment to see if our setup would be useful to you. Hope that helps,

Jason

Re:No Good Solution (2, Funny)

davidsyes (765062) | more than 6 years ago | (#22132512)

One good stragety is to add oil to the pipes. You know, to increase teh horsespowers, you have to add more viciouscosity to pump the datas through the tubes.

Your Senator...

Not enough information. (5, Insightful)

Anonymous Coward | more than 6 years ago | (#22131612)

Financial companies, at least in my State, have very specific requirements for storing and transmitting data. Without knowing what your specific needs are, I have no answer other than "Define your problem".

The reality is other companies, such as yourself, exist and function probably better. If that indeed is the case, perhaps a friendly lunch with another IT staff member might help you.

I've consolidated offices and I've also pushed out servers to remote offices. It all depends on the need of the client. Examples

1. Client wanted 99.999% uptime and the only way I could get that was to have their servers in a data center. We moved them and uptime has been great.

2. Client wanted fast file access. We setup DFS with WIndows 2003 over a WAN link (T1) the client has never been happier.

So, to answer your question, it depends on your needs.

Re:Not enough information. (2, Informative)

OzRoy (602691) | more than 6 years ago | (#22131924)

We used DFS as well. When it works, it works really well. Unfortunately it does seem to be a bit temperamental sometimes so you have to keep an eye on it because if it gets out of sync it can take ages to catch up. The other disadvantages are no file locking between sites so it is possible for one user to overwrite the changes made by a user at another site. While you can retrieve this data it can't be done by the user and it's up to the user to realise what has happened. We have also found its reporting to be kind of flaky. It stopped reporting for us once and the only way to fix was to completely rebuild it.

Hmm (5, Insightful)

moogied (1175879) | more than 6 years ago | (#22131618)

Dedicated servers for each field office is out of the question, due to the price gouging of our outsourcing partner

Find a new partner.

Re:Hmm (3, Insightful)

MightyMartian (840721) | more than 6 years ago | (#22131710)

No kidding. This sounds to me like someone somewhere sold this guy's company down the river. The short answer is that there's no cheap solution. Any way you look at it; there's two choices; beefing up the lines or getting new servers. Can't speak to the costs of the former, but I'll wager that for what this guy needs, the latter is going to be cheaper.

In short, this guy better tell the management to get out their chequebooks, because the stupidity of trying to save a buck by cramming a Buick through a pinhole was a costly mistake with only one solution, inputting lots of money.

To my mind, unless the branch offices are really small, I think servers in each are in order.

I'm the network admin for a company with three offices; a main branch with about 25 workstations, a branch with 7 workstations and one with a couple. Because of the flakiness of connections, I can't rely on VPN. In the larger branch I have a Win2K AD domain controller running all the local apps, with some mirroring of the file store. Still the branch office can function even if the VPN goes down. For the smaller office, we have some Terminal Services licenses. It does mean if the VPN goes down, they're hosed. If it gets bigger, I'll put a server in. To keep costs down, I'll probably just put a Samba server in place.

Re:Hmm (1)

martinQblank (1138267) | more than 6 years ago | (#22131728)

Exactly.

If there is any perception of 'price-gouging' then they are not on your team and need to be fired immediately. Look into the legal costs of cancelling whatever contract you may have with them and do the comparison. If things are as you say -- it's difficult to know the big picture in only a couple of paragraphs -- then your outsourcing partner is looking after their interests and not yours.

what we use (0)

Anonymous Coward | more than 6 years ago | (#22131638)

www.simdesk.com
They are currently in ASP mode but they are working to package their solution for installation into a company datacenter.

WSUS severs (1)

Joe The Dragon (967727) | more than 6 years ago | (#22131640)

Put WSUS severs at the offices to keep update bandwidth down.

Re:WSUS severs (2, Insightful)

nick0909 (721613) | more than 6 years ago | (#22131836)

WSUS servers out at all locations is fairly costly as it requires a decent server and Win2K3. That could be a lot of extra hardware and licenses to buy/support. Unless your company needs to run full bandwidth 24/7, just schedule your updates for the middle of the night and it doesn't matter there is only one server pushing it out. I currently do this for my company that has 30 branches, half overseas, and all on slower connections than I would like. Windows Updates are the lowest bandwidth concern of mine now, because they happen once a month and when no one is even around to notice.

Re:WSUS severs (1)

NetCow (117556) | more than 6 years ago | (#22131882)

The problem is unlikely to be bandwidth, much less so bandwidth used by updates. The problem is most likely *latency*, and all the package caching in the world won't help you there. Not to mention that WSUS has outrageous system requirements for what it does and the OP is trying to keep costs down.

The OP's problem is ill defined. There's a world of difference between what I would do to improve IMAP or Exchange mail interactivity and what I would do to improve file sharing performance.

Re:WSUS severs (0)

Anonymous Coward | more than 6 years ago | (#22132432)

Let me guess: MCSE? Updates are once a month and should be happening at night anyway. So what, exactly, does your proposed "solution" fix?

Amazing (5, Insightful)

obeythefist (719316) | more than 6 years ago | (#22131642)

Some basic truths.

IT costs money. I'm sorry that your outsourcer had some bad ideas. But your management must understand that IT services aren't free, and the health of your company depends on it's infrastructure.

Without knowing the specifics, the only low cost suggestion I can provide is converting desktop PC's into Linux servers, thus providing you with the distributed server network you need. Of course, the boxes will be underpowered and fall over all the time (yay desktop hardware), but if you really want to cut costs, there you have it. For backups, put in extra hard disk and backup to disk, it beats nothing at all.

Re:Amazing (2, Interesting)

sco_robinso (749990) | more than 6 years ago | (#22132206)

Agreed. I actually work for an IT outsourcing company. We don't gauge by any means, but we always come to the table with the 'top drawer solution' right off the mark. If the customer wants XYZ results, we tell what exactly what they need to get there and stay there for a 3 year period. If they don't like the costs, fine by us, we'll put in whatever they want or can afford. But if they come back to us in 6 months or a year and say the solution isn't delivering the expected results, we can always fall back on our initial recommendation. We always say, IT costs money and you have to pay the piper eventually. I actually deal with this a fair bit, and my best recommendation would be to spec out the best and most appropriate solution, costs complete aside. Think of it like 'if I was responsible for the whole setup, and cost wasn't as issue, how would it be done'. Then, present it to management as 'This is how it should be done. Period. Here's the costs.' It's not rocket science.

Don't let yourself get caught up in the financials and politics of it before you begin. Simply spec out what is needed given the demands and needs. If the management isn't comfortable with the costs, fine, but at least you can now rest on the laurels of having recommended what was needed in the first place.

More specifically, a basic server in each branch office with DFS over Win2K3 is a good starting point. DFS has decent WAN optimization technologies out of the box, so it's usually a good starting point. Either way, there will be an investment at either end, be it a server at each office or a big data center at the middle of it with a decently fat pipe to each office.

I'd have distributed toilets (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22131680)

As a long time sufferer of bashful kidney, centralised toilets are bad for me. I just can't go with other people in the room.

cisco waas (0)

Anonymous Coward | more than 6 years ago | (#22131686)

I use the cisco waas boxes with some success.

They're not perfect but I clocked CIFS going about 30% faster.

Sun Ray (1)

nanimo (688603) | more than 6 years ago | (#22131690)

Just run good thin clients in the remote office. Such as the Sun Ray.

Re:Sun Ray (1)

amirulbahr (1216502) | more than 6 years ago | (#22132024)

I second that. You don't need a really fat link to your branch offices either. Just factor about 1.5 Mbps as a base plus add an extra 512 kbps per Sun Ray and that should do.

Pixie dust (5, Funny)

c0d3h4x0r (604141) | more than 6 years ago | (#22131708)

Think happy thoughts, and sprinkle some pixie dust over your IT infrastructure, and all your problems will be solved.

But whatever, you do, don't fire your incompetent outsourcing partner or actually invest in beefing up your IT resources. Both of those paths are DOOMED, DOOOOOOMED, I say!

What traffic, exactly? (3, Insightful)

magarity (164372) | more than 6 years ago | (#22131714)

Dedicated servers for each field office is out of the question ... such as authenticating over a WAN, print queues, etc
 
Print queues over WAN is taking the consolidation thing a little to the extreme, isn't it? Login authentications and print jobs really want to be local. Sorry about your predicament but you're going to get a lot of comments telling you to switch outsourcers or bite the bullet on their prices. What is the other traffic (as if that isn't bad enough): one assumes email, but are there big apps hosted on remote servers with lots of data traffic to db servers and the like? Simple document file sharing shouldn't be that much of a problem, or is it? You're going to get a lot of guesses without knowing the exact needs of your remote traffic. Good luck!

Re:What traffic, exactly? (1)

MightyMartian (840721) | more than 6 years ago | (#22131742)

You're going to get a lot of guesses without knowing the exact needs of your remote traffic. Good luck!


We've all got the excuse that we don't know what exactly this guy or his company needs. The question I'd be posing is why the partner didn't, because, regardless of what the next step is, I'd be giving them a swift, unceremonious kick out the door.

Having your Cake (2, Insightful)

deadeye766 (1104515) | more than 6 years ago | (#22131720)

and eating it too? Is it just me, or is this one of those situations where upper management makes a design decision from something they glanced over in some IT mag, then decided to implement without consulting anyone with any IT background?

I don't see how you can create an insanely diffuse network, then turn around and expect it to perform like a network that has a centralized "HQ" with file services etc and a fat WAN connection.

Of course, you could just ask the execs to spring for ~100 WAN accelerators... =)

Too little too late (5, Interesting)

armada (553343) | more than 6 years ago | (#22131726)

I suggest you pay more attention to the data itself. Do an comprehensive and brutaly unbiased audit of what data/resources are needed by whom. You would be amazed at how much of your infrastructure is either superfulous or capricious. Once you do this then you at least have a smaller mountain to climb.

It's Easy! (1)

Compulawyer (318018) | more than 6 years ago | (#22131750)

Just follow this simple formula:

  1. Call your helpful friends in Distributed Applications at Google;
  2. Let Google's gnomes install distributed apps branded with your company's logo;
  3. ???????
  4. Profit!

Any application that won't run in a Firefox window is unneeded and merely distracts from the company's core mission. You won't believe how much of a performance boost you will get when you shut down those apps.

Coda? (0)

Anonymous Coward | more than 6 years ago | (#22131770)

Whatr you are looking for is keeping central and local files synchronous, allow for dodgy connections +/- disconnects, be fast locally and yet have everything centrally.

Is this not a case for CodaFS?

This problem could do with better definition. (1)

jimicus (737525) | more than 6 years ago | (#22131772)

We don't know which country you're in (and hence which set of regulations you have to adhere to).

We don't know how much data needs to be made available to each office - is it everything? Or is it just a different subset of the total in each office?

We don't know if you're talking about megabytes, gigabytes or terabytes of data. We also don't know how much that data changes on a daily basis.

We don't know if there are any existing factors to consider - be they political or technical (eg. "management almost certainly won't contemplate anything without Microsoft or Cisco plastered all over it").

If it helps, I can tell you what I've done - but I only have two branch offices I need to worry about, no financial regulation and my manager is more interested in saving money on server and client access licenses than buying whatever Microsoft deem to be the Next Big Thing . Each branch office has its own server running Debian Etch as a VMWare host and a number of virtual machines - including a fileserver, DNS and LDAP slaved from head office for authentication. About the only thing that needs backup is the fileserver, and that is done by nightly rsync to head office, and thence to tape. Provided the data doesn't change too drastically (at a rough guess, I can probably handle up to 2-3GB of changes per day while remaining within the backup window) I should be OK. You could probably achieve a similar net effect with Active Directory and DFS.

Hire a real consultant (0)

Anonymous Coward | more than 6 years ago | (#22131774)

This is one of those questions where the only real answer is "it depends"

Start by assessing what services and applications are accessing the network or putting an undue load on it. Once you have the information from that assessment you can start looking at how to reduce that load.

Can you get decent performance by setting up a few remote servers at your larger offices, while keeping your smaller offices on the existing system?

Will adding database replication servers to some offices reduce the WAN load?

Will adding bandwidth to sites 22 and 44 make the performance in those offices acceptable? Does this take enough traffic off the central system to make the existing system usable?

If you add a database replication server to site 66, could you then have the dedicated lines from sites 88 and 55 changed over to link to site 66, and access that replication server?

If you don't have the expertise to do this, hire someone that does.

ENORMOUS BALLS WARNING (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22131816)

Caution! Jason Turner's enormous balls could be swinging at your face right now. Please assume the correct safety position with your head between your knees and Jason Turner's enormous balls should pass directly through your house, smashing down external and internal walls, and directly but safely over your head. I repeat, Jason Turner's enormous balls are aiming directly at your face, but by following these steps you could save yourself fatal injury or, at the very least, a serious feeling of inadequacy. After the inital contact with Jason Turner's enormous balls, telephone the emergency services immediately, before inspecting the house for structural damage, as heat from Jason Turner's enormous balls has been known to cause spontaneous fires in furniture, severe shock in pets and small animals and spontaneous orgasm in women, especially ones with larger breasts (DD-cup and up are specifically categorized as 'high-risk' by the Jason Turner's Enormous Balls Reaction Taskforce). Remember, the sooner you act, the greater chance you and your family have of avoiding Jason Turner's enormous balls. Stay smart, stay safe, and BEWARE THE BACKSWING!!!

Re:ENORMOUS BALLS WARNING (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22132104)

If you mod me down, my balls will become larger than you can possibly imagine!

WAN Accelerators (3, Informative)

mark99 (459508) | more than 6 years ago | (#22131834)

Checkout Riverbed, Cisco, and many others. Basically they do caching, compress traffic, do TCP/IP traffic control the way it should be done (with the hindsight of 30+ years experience) and some application specific round-trip optimization (some even do voodoo optimization :).

Not cheap - but easy.

I can recommend the Riverbed Steelheads (1)

slincolne (1111555) | more than 6 years ago | (#22132294)

Have used them successfuly over WAN links. They do a great job of accelerating Exchange traffic, and if you do the maths you'll probably find that they pay for themselves in data costs.


Where I have used them the costs of comms links was such that the Steelheads paid for themselves in around 18 months.


Of course your mileage may vary, but remember that cached data is bandwidth saved and that's either money in your pocket, or additional bandwidth for other uses.

Re:WAN Accelerators (1)

Niobe (941496) | more than 6 years ago | (#22132630)

No, don't check out Cisco, they are not leaders in this area and you will be disappointed. However F5 DO have a very impressive product range that can solve all of your problems (I have no affiliation).

Examine Your OS Contract (1)

wrfelts (950027) | more than 6 years ago | (#22131848)

It's time for your company to seriously examine your outsourcing company's contract with you. The consolidation recommendation obviously did not fully examine the needs of the remote offices. They have to bear some of the brunt of this mistake ...or lose their contract with cause.

Server consolidation is great for centralized offices. Until we reach the bandwidth critical mass where the pipe is wider than the need, removing server capabilities from satellite offices is a ridiculous idea. Even if it's a store-n-forward device, you will need local access capabilities.

There is really no excuse for the consultancy making a flub this big. They should either be fired or forced to float the cost difference for their mistake. In the long run, you should look at replacing them anyway. You don't want the company's crown jewels in the hands of incompetents.

Packeteer iShaper (1)

modemboy (233342) | more than 6 years ago | (#22131852)

I have been looking at this product for a similar situation I am in: http://www.packeteer.com/products/ishaper/ [packeteer.com]
Basically it is a WAFS box, with WAN traffic shaping, caching, etc, plus it acts as a Domain Controller, print server, authentication, dns/dhcp, etc.
If it works like they say it will it would be a good solution for you based on the problem description. Basically it is a server, plus WAFS, without being a server...
I wonder if anyone here has some hands on experience they could share?

Thin Client (1)

chipperdog (169552) | more than 6 years ago | (#22131886)

ICA, RDP, and some X variants work well over slow connections. Do applications need to be executed locally, or can you run a farm of application servers with fast connections to the storage. Then put diskless, fanless thin clients (I typically use Wyse V50s), which DHCP configured to give them a config file to load on each startup. This gives you data security (no data is stored locally, or even at a branch office like your situation - someone steals a thin client, you are only out the hardware, application roll outs and updates are centrally managed, no rouge software can be installed (i.e. no weather bugs, cutsy screensavers, etc) by users, and many more advantages.
I publish applications via Citrix (Windows Apps.) and X (*nix apps)...They run on the same thin client desktops and the user knows no difference as to which server the application is actually running on - it appears local to them...I've also experimented with publishing OS X applications via vnc, but that requires the whole OS X desktop be served (not just the application)

What We Do (1)

CrankyFool (680025) | more than 6 years ago | (#22131922)

We're a largeish company with one HQ (and associated data center), about 400 field offices, and four regional field service centers. Our approach was to centralize everything but printing, but that means EVERYTHING -- so people use Terminal Services to go into HQ. This means that once they've done the TS hop, everything is local, because they're accessing their files, running their apps, and accessing databases locally to where the terminal server is. Printing is, of course, still done in the office, via print servers in HQ.

The users don't seem to complain of speed issues -- then again, this whole thing is running on fairly old hardware (6-7 year old PCs) in the field, and they're not doing anything particularly high-performance (e.g. video).

Riverbed (1)

Danborg (62420) | more than 6 years ago | (#22131934)

Check out a company called Riverbed, http://www.riverbed.com/ [riverbed.com] they have a WAN optimization appliance called Steelhead that solves the exact problem you are describing. I won't turn this post into a sales pitch -- read their website, call them up and ask for a demo, then decide for yourself. I would insist on a proof of concept or pilot implementation before making an enterprise wide committment.

Sack half the staff (0)

Anonymous Coward | more than 6 years ago | (#22131938)

Given what the US markets are going to do tomorrow, it wouldn't surprise me if this is the way that your management chooses to "solve" the problem.

Terminal Services? (1)

karearea (234997) | more than 6 years ago | (#22131992)

What I did in a previous job was implement terminal services across the board.
Stuck an AD server in each remote offices for workstation authentication, dns, dhcp, updates, etc.
Files were stored centrally.
Accessibility was increased (eveyone had access to their files which ever office they were in without them being dragged across the network.
Bandwidth has grown as the number of people in offices (and the amount they print) has grown.

RCA of your situation... (3, Insightful)

rickb928 (945187) | more than 6 years ago | (#22132006)

... seems to be that your oursourcing partner has you on the Merry-Go-Round. They work it like this...

1. Propose a WAN-based solution.

2. When that slows to a crawl, propose a branch server solution.

3. When that proves to be too expensive to administer, propose a centralized solution.

4. When that proves to be difficult, unproductive, or slow, propose a branch office solution with accelerators, DFS, and all the goodies.

5. When that proves too expensive to administer, propose a thin client/remote app solution.

6. Repeat steps 2-5 as needed, substituting current technology for at least three iterations.

7. If you still have this client, you may now feel free to propose ANYTHING, including cans and string, or gerbils. They will buy it. Change your technical onsite staff every 6 months, rotating in fresh and untrained candidates. Rotate out those who show promise to be re-deployed at newer clients who are at step 4 or earlier in the process.

It's kinda sad. Consulting outfits can rarely make a living by doing right for a large client. Sooner or later, they either get replaced when the client starts 'analysing' the operation, or get replaced when some other outfit has a stronger line of bull to offer management.

Of course, there's incompetence, but my former boss isn't involved. He's busy screwing people in a different business, when he's not busy screwing his employees.

Published Apps or WAN Accelerators (1)

Jester998 (156179) | more than 6 years ago | (#22132012)

There would be two major paths I would investigate.

If you're in a Windows environment, look at getting Citrix (or something similar) set up. Centralized files, centralized management, and it works very well. The one major issue is printing, although we use a product called Uniprint at work that is fucking fabulous. We went from 60% of helpdesk calls being "reset print spooler" down to 0% when we rolled out Uniprint. Very impressive stuff. We use Citrix at work primarily for our DB-intensive apps (so we don't return millions of rows over the VPNs, just the end result via the user interface), but we do have it in use for Word, Outlook, Excel, etc, as well.

The other option is WAN acceleration. There are many vendors that have them now (Juniper, Cisco, Packeteer, yadda yadda). They're expensive and I'm not sure how well they work if each office only has a few users (only a couple people may not 'seed' the cache sufficiently to make a major impact), but I've heard they work well for larger offices.

Re:Published Apps or WAN Accelerators -Citrix (0)

Anonymous Coward | more than 6 years ago | (#22132750)

Having installed Citrix in close to 200 organizations, from 25 users to 400,000 users, I can say that it is a great solution. With the current version [4.5], you even have the option of streaming an app to a machine, so in the case of a laptop user who wants to get on a plane and be completely disconnected, you can still access your applications at all times. Your access speeds are great, since everything is on high speed. People complain about the cost, but they don't understand the ROI or where the dollars are going and where they are saved. Is the software more expensive than a distributed server only? Yes. But the savings of centralized manangement and increased efficiency are magnitudes higher. For example, a bottom line savings at a 4000 user installation I did showed that they saved a million a year in IT costs from decreased downtime and faster responses from the application in the first year, and 2 million a year after that [the cost of the implementation reduced the bottom line savings the first year].

The same is true at almost every level. The little 25 user network running on Citrix basically had no need for an in-house helpdesk person any longer since the system never appeared to be 'down' at any time and all the apps suddenly had no inconsistencies from user to to user.

Good luck to you and I hope you find an answer quickly.

Riverbed Steelhead (0)

Anonymous Coward | more than 6 years ago | (#22132056)

http://www.riverbed.com/products/appliances/ [riverbed.com]

or something similar; I mention Riverbed because it is what we use. Good luck.

Re:Riverbed Steelhead (1)

nixobilly (74325) | more than 6 years ago | (#22132402)

Highly recommended!

Many large corps have implemented this solution and it really works great. (I don't work for Riverbed) Check out their website and contact sales. They can deliver a pair of demo devices and have it working in about 20min. This company does not get the attention it deserves.

Good luck.

Samba and rsync (1)

FridayBob (619244) | more than 6 years ago | (#22132100)

Dedicated servers for each field office is out of the question, ...
Well, how about just an old workstation at each remote site to run Linux on with Samba (assuming you're supporting M$ clients) and CUPS for file and printing services, while using rsync to synchronize the data with your centralized servers? You can even make additional automatic local backups to disk with things like faubackup or dirvish. It worked for me and you don't have to use such cheap hardware as long as I did.

But seriously, it sounds like your company followed some pretty bad advice. It may have allowed you to cut costs, but it also introduced a new set of problems for which there is no cheap and easy solution. Except perhaps what I've outlined above. Yes, strictly speaking thatt would mean adding "dedicated servers", but it would not be an expensive solution and it certainly sounds a lot less expensive to me than your current daily loss of productivity from 1,000 employees.

Re:Samba and rsync (1)

MightyMartian (840721) | more than 6 years ago | (#22132156)

A lot of this really depends on what else is going over those lines. If it's just files and email, and maybe lightweight web and database apps, then your solution will work. But there are apps out there (I have to deal with one) that are really disk intensive, and running over any kind of network file system is just plain slow. In that case, you really have to consider running each branch semi-independent with some sort of batch merges to and from the central database. At that point, you have to have a server at each location. Or you can pay for a REALLY BIG PIPE, but that can be pretty damned costly, and depending on where branch locations are, may not even be possible.

In my case, both branches are in small communities with a highly unreliable cable provider and a more reliable but still rather slow DSL provider. Even if we wanted to, there's no way to get faster speed, so you have to start working with DFS or rsync or something along those lines, and with semi-independent asynchronous databases that update to the master when and if they can.

Rearrange your thinking (0)

Anonymous Coward | more than 6 years ago | (#22132176)

Let's see...
1000+ employees/100 locations = 10 employees/location = 0.25-0.5 FTE in IT per location.

Step 1. Hire an inhouse IT staff to operate core systems.
Step 2. Deny outsourcing partner a role in testbed project.
Step 3. Choose 5 remote sites for testbed.
Step 4. Hire 2 IT support professionals for testbed remote sites.
Step 5. Implement inexpensive directory server for each testbed site.
Step 6. Configure a VPN over DSL for each testbed site.

Network printers these days don't need a print server. But if you feel you prefer one, use the directory server. It won't be breaking much of a sweat handling the authentication of 10+ employees and synching with corporate.

Client-server interaction that needs to happen between offices can happen over the 3Mbit DSL line. That should easily handle the traffic of 10+ employees.

Because you haven't provided any details of the nature of the inter-office data traffic, it's hard to design any further than that. However, it might be completely appropriate to make all the user machines in the testbed offices be thin clients, netbooting off the directory server.

It is a bit odd to me to hear a company with 1000+ remote employees (and some additional non-remote employees?) skimp on buying office servers. If you can afford to pay 1000+ employees (including 100 office managers) and pay the rent and utilities on 100 remote office locations... Can't you spring a little money for an office server?

Figuring costs for just one of the five testbed sites averaging 10 employees:

$300K Salaries (1)
$120K Benefits (2)
$ 20K Office rental (3)

Ignoring furniture, utilities, PCs, security, janitors, etc., etc., each remote site costs $450K per year to operate. Let's round it to an even $500K. And that is still on the very conservative side.

Over the three year life of a server, that is $1.5 million to operate the remote location.
But we can't spring for a $1500 server?

* The sample numbers above are extremely conservative and could easily be double those shown here. For instance, a site with 15 employees could easily cost $5 million over three years. And you still can't squeeze for a $1500 server?

(1) Figuring an average salary of $30K. This is obviously a very wild gueww, having no clue of industry, geography, etc. The numbers here are all very conservative.
(2) Figuring 40% labor burden.
(3) 10 employees * 100 s.f./employee. Again this is very conservative. With bathrooms, water coolers, and other common areas thrown in, this would be a very cramped sweatshop. Figure $20/s.f./year.

WAFS is not the only solution btw (1)

keeboo (724305) | more than 6 years ago | (#22132212)

Here where I work, we replaced pretty much all the conventional applications (the ones which are required globally within the organization) for web-based ones. No, it didn't happen from a day to another.

We have pretty much everything centralized, except cases when you simply cannot escape from .doc/.xls/etc documents and stuff like that. Such cases are processed locally and only the relevant files are sent (either through FTPS or e-mail), SMB shares are not transported through WAN at all.
It helps our structure reflects (most of the time) the physical segmentation of our organization.

Currently most of our (typical) traffic is HTTP (~80%) and e-mail (>10%).
We do have quite tight WAN links (1Mbps in most cases, slower in other places) so we apply a fairly elaborate QoS and, for HTTP besides the obvious local HTTP cache we also compress that with Ziproxy (what renders it less than half its size, in our case).

Replicate your databases (0)

Anonymous Coward | more than 6 years ago | (#22132232)

Hard drive space is very cheap. You could probably replicate all your company's databases in every office. That leaves you with the problem of syncing the databases but there are some solutions. Lotus Notes took that approach about fifteen years ago iirc. It worked well. WAN traffic was greatly reduced and performance was quite acceptable even with the slower WANs of the day.

I haven't done this kind of thing for a while so I googled on "replicate sync database" and got lots of relevant hits.

What would Google do (2, Interesting)

rossy (536408) | more than 6 years ago | (#22132268)

I used to work in the high tech industry with companies that made lots and lots of money. These companys had the fastest bandwidth, and the most creative people coming up with cool solutions to solve problems. But basicly the point was, everyone made lots of money, so if IT infastructure was a problem, they threw money at the problem, and it was solved...period. Since that time, I have seen general compression of the $$ side of things, the bright people go somewhere else, and the people outsource the smart clever IT folks that worked at the the tech company to some outsourcing firm...
and all the call centers are shipped off to India.
So... I think... where is all the money now, and clever people?
Google.
Just ask Google to host your IT applications, they already index the rest of the damn web anyway.
This would beat Googgle to their next big thing anyway... why not just host the world at Google?
Storing your sensitive financial information will be just a spec of content compared to the rest of the web. Then buy some good fiber connections from Verizon. (I'm spoiled with my FIOS service at home...better than the DSL at my companies remote office)... and viola, problem solved. Besides, then anyone can get to your data from anywhere.... the security issue is a myth... who has time to look up all this financial information anyway... most people are reading Dilbert cartoons about how your company outsourced the network.
Plus, you can tell all your clients to buy Google stock, prior to handing over all the data.
-- R

Bad Partner (1)

nurb432 (527695) | more than 6 years ago | (#22132288)

Sounds like you need another IT partner, at the least.

And good luck having branch offices with no server. Only way i can think of doing that is 100% terminal services.

Oh whats the difference beteen a "branch office in a box" and a branch server? I bet nil.

Re:Bad Partner (1)

MightyMartian (840721) | more than 6 years ago | (#22132460)

I'm assuming what "branch office in a box" means is some sort of fileserver/VPN black box. And you're right, it's just a server, but one with some of the legwork done for you.

Don't run a domain structure over your WAN (1)

a.d.venturer (107354) | more than 6 years ago | (#22132412)

In fact don't run a domain at all. Let the end users manage their own PCs / laptops / printers and run a real virtual organization. You'll save heaps of cash using Skype, Salesforce, GoToMeeting and other solutions designed for this. If you want to manage your end points, buy a solid endpoint management solution like Kaseya (Disclaimer: I work for Kaseya) rather than trying to customize something with GPOs.

I've worked with both trying to get a domain structure running over a wide area network with slow/cheap bandwidth links, and not running any kind of domain structure at all and the later is by far the best way to go. Forget trying to lock down local machines, manage user data and so on. It's like holding a leaky bucket.

Yes, you lose control of your data. The only way to avoid that is to centralize completely, go with a Citrix solution and do ridiculous things like prevent users printing or connecting any USB devices to their machines. There are solutions out there that completely lock and encrypt all data on the user endpoints, but you said that your company doesn't want to spend any money, so I'm assuming that they aren't going to fork out for any kind of real solution.

Re:Don't run a domain structure over your WAN (1)

MightyMartian (840721) | more than 6 years ago | (#22132440)

You lose more than your data. You lose the ability to maintain, update and audit local machines. What you suggest is the kind of scenario that works, until it doesn't, and then it's a nightmare. Laissez-faire networking with heaps of trust in outside providers from your critical apps and data is, in my humble opinion, crazy for any substantial organization.

Re:Don't run a domain structure over your WAN (1)

a.d.venturer (107354) | more than 6 years ago | (#22132492)

You can achieve everything that you suggest with an endpoint management system that doesn't require a domain structure in place to use - e.g. the product I mentioned in the OP. I would say more but I'll just end up astroturfing.

As for putting trust in critical apps and data - I see that most substantial organisations don't trust banks, and keep their cash in a very large mattress, don't trust the grid supply, and run their own power stations, don't trust the existing transport infrastructure and build their own roads to get staff to work and so on. You have a huge number of dependencies already - you're just living in a world where data and applications aren't yet expressed in utility terms.

Re:Don't run a domain structure over your WAN (1)

MightyMartian (840721) | more than 6 years ago | (#22132530)

First of all, you are borderline astroturfing. Second of all, there are very good reasons for domain structures, not the least of which is a sane authentication system and a centralized means of controlling resource access. Third, banks have spent decades and billions of dollars creating robust and secure systems, and have largely staked their reputations on it, so don't even bother trying to compare your company to your average bank. It's a bullshit analogy that might work for those willing to submit themselves to your sales pitch, but doesn't seem terribly impressive to me.

At last (1)

geekmansworld (950281) | more than 6 years ago | (#22132480)

Thank God, I'm not the only one grappling with this problem.

Astronomical real estate prices in Vancouver have made it difficult to justify consolidating our two offices into one location. So management has come up with the great idea of running our two offices as a single LAN. It sounds like a great idea at first, but when you get down to the nitty gritty it becomes decidedly less practical. We deal with big files and need a speedy ODBC database connection, so our IPSec over WAN tunnel just isn't cutting it. Management was surprised to find that my estimates of several thousand dollars a month for leasing a dedicated fiber connection were, in fact, entirely accurate. I've suggested cloning our server equipment, but again, cost is balked at.

The future is not-quite-now, it seems.

Re:At last (1)

MightyMartian (840721) | more than 6 years ago | (#22132620)

The problem with moving infrastructure around is that management quite often only looks at fixed costs like rent, leases, electricity, telephone, Internet pipes, and the like, without considering the work and costs involved in modifying network infrastructure. The other thing I blame is all those computer and business management rags with their bullshit reviews and advertising (is there a difference any more) which make it sound like magic black boxes make all the problems disappear.

Part of the solution is to look at your comms (0)

Anonymous Coward | more than 6 years ago | (#22132604)

I attended a Cisco bash last year where they were expounding the virtues of their ACE (Cisco Application Control Engine) technologys.

Basically you use a couple of routers in between your server room and your remote office which know
about layer 4-7 of the protocol stacks. This allows the routers to short-cut a lot of the protocol
handshaking that causes the latency in things like HTTP, SMB, SQL etc.

These are meant to be quite effective for remote sites & greatly improve performance. Cisco claim that these engines have been optimized for a wide range of common office protocols.

Have a talk to your Cisco rep, they'd be more than happy to do a presentation & possibly lend you
some loan gear for testing.

read all of this: near the bottom it mentions other associated & relevant technologies such as "Application Velocity System"
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_brochure0900aecd804595e1.html [cisco.com]

Packeteer iShared (formerly Tacit) (1)

sdanic (8197) | more than 6 years ago | (#22132636)

'Branch office in a box' appliances look ideal, but they don't implement WAFS.

I'm pretty sure that the "Branch office in a box" servers from Packeteer (formerly Tacit) do implement WAFS, or something very similar.

Branch office in a box turnkey servers seem great on paper, but the reality is, you'll still need to manage them just like any other server. They're not quite as "fire and forget" as the manufacturers would like you to think.

In the end, network traffic compression is a better solution.
Look to Riverbed for these type of solutions. They reduce traffic significantly.

Citrix + Softgrid (1)

bmfs (467488) | more than 6 years ago | (#22132640)

I'd go with Citrix (I don't think MS Terminal Services is there just yet) and deploy MS Office to those servers and then distribute all other software via Microsoft Softgrid (soon to be called Microsoft Application Virtualization): http://www.microsoft.com/systemcenter/softgrid/default.mspx [microsoft.com]

The combination of Citrix + Softgrid is a pretty powerful combination - there's no need to silo your Citrix farm any more, and apps deployed via softgrid don't leave any junk behind on the filesystem or registry (since both are virtualised). Use a Citrix access gateway (basically an SLL VPN device that integrates with Citrix) to publish a windows desktop and then your remote offices just need a decent connection to the internet (budget approx 50 kbit/sec per user with 30% concurrent usage). Users can then work from home or from a notebook with a 3G data card too. Or forget the access gateway and connect the offices to the data centre with dedicated leased lines / MPLS links etc.

In each office install network printers onto each local device and then use the Citrix Universal Printer driver to send compressed print jobs from the data centre to the printer via the citrix client. Or if you have the bandwidth, install the printer on a print server located in the data centre and send jobs directly from the print server, over the WAN, to the printer in the remote office (this is easier to manage).

Lock down the citrix servers and client desktops with AppSense http://www.appsense.com/ [appsense.com] and you'll then have a secure, remotely accessible system which is managed centrally.

Complex problem - no easy solutions (1)

boethius (14423) | more than 6 years ago | (#22132642)

Unfortunately there are no silver bullets to solve this problem, no "remote office in a box" solutions that will solve 100% of your problems. I can pretty much guarantee that.

I work for a company that is committed to WAFS 100%, using Packeteer's iShare solution. They spent several months building their own homebrew iShare (software) on top of Win2K3 Server so they could have iShare and SMS on the same server. This setup was blessed by Packeteer after thorough testing. It is used in over 80 remote offices worldwide over a wide variety of WAN conditions. Some of these WAN conditions are quite bad.

This environment is carefully integrated into DFS so users connecting from remote offices get referrals to the proper regional file server for their WAFS-accelerated files. Obviously they want to avoid users in India getting files from the U.S. or referring through the U.S. if a file server cluster exists in India.

Presently none of the iShare boxes run in-line with the WAN connection, which basically means they're not taking full advantage of iShare's capabilities like TCP, Exchange, and Web acceleration. In a previous incarnation I used Riverbed's WAN accelerator boxes in-line and found that helped our remote sites quite a bit. I never got around to upgrading them to use the Riverbed's WAFS feature set before we were bought out, however, so can't speak to Riverbed's strength or weaknesses there.

All this said, iShare, while helpful, isn't magical. CAD applications in particular haven't been helped much and forget it if you want WAFS to help with any file that does internal locking (e.g., Access DBs). If you have lots of Access DBs across your organization, WAFS, iShare or otherwise I suspect, very likely will not help you. You need to go to enterprise-friendly databases. Access is a very hard habit to break, however, and if you're anything like my company you may have tens of thousands globally to deal with. CAD applications that may have thousands of small files will often bog down in the WAFS world. And CAD (or other) applications that require client-server version control like through PDMWorks or Teamcenter are not helped at all by WAFS. TCP acceleration could likely be helpful here, however.

The print queues remain on the local iShare server for each site since we rolled our own Win2K3 Server environment for iShare. I am not sure how feasible this would be if we used the actual iShare appliance--probably not, I'd wager.

Pure appliances are probably fine if all you need are WAFS and not much else. Beyond that a single box to do it all is more pie-in-the-sky marketing than reality.

Cisco WAAS (1)

Vesperi (10991) | more than 6 years ago | (#22132706)

Cisco WAAS units are what you are looking for. They will do network packet optimizations as well as network caching. It keeps a hash database of the largest possible chunks of data, it sends the hashes first - if it gets a hit in the remote devices database it doesn't have to send all the data. Very effective when it works.

They can also serve as local print servers.

tapestry brocade and FAN's (1)

pjr.cc (760528) | more than 6 years ago | (#22132812)

Speaking of WAFS, brocade had a product suite based on an architecture called FAN's (file area networks). Originally it was several cobbled together disparate bits of software and an "appliance" running windows server 2003 - though i believe the components that make up tapestry now look more like they belong together rather then the way they used to look where it was very obvious the products were all from different vendors and had different design paradigms. Take a look though, http://www.brocade.com/products/tapestry.jsp [brocade.com] (brocade arent the only ones that do this, so look around).

And if you look here: http://en.wikipedia.org/wiki/File_Area_Network [wikipedia.org] - this is the generic term for most of the technology involved, file area networks.

Assuming your running windows everywhere (which wouldn't be a leap) then its not a bad solution - the on-site box is literally a "branch office in a box" solution that incorporates wafs/distributed locked/etc and runs a version of windows server, which i believe can be a AD server as well. But the point of it all is that the remote side has no real date unto itself (Everything goes back to head office) but can manage everything at a remote site (including such things as printers) as well as being easy to replace (in fact, its supposed to be constructed in such a way that if the branch office box fails, people shouldn't notice, everything just starts going back to "head office" in a seamless way). Supposedly its operates over very small amounts of bandwidth, but i can imagine the first time someone opens a large file being a painful excersize.

Still, ive not seen the product except in demo's, but i have heard good things about it.

Terminal Services (1)

Eskarel (565631) | more than 6 years ago | (#22132824)

Well there are a few ways to make this work. You can set up something like terminal services, or a web portal structure so that all you're transmitting is presentation layer stuff, which can be run on less bandwidth. You can make sure the pipes going out to your remote offices is as fast as a LAN would be. There are also some things that can be done with some of the fancier network hardware you can buy from folks like Cisco.

That said unless your remote offices barely use the LAN, you already have a really fast WAN, or really high end equipment plus the in house resources to manage it, none of which appear to be true, all these options are going to be expensive.

Limited server consolidation can be a good thing, and large companies with really fat network pipes can actually centralize even file servers, and sometimes they even save money doing it(at least if they needed the network pipes anyway), but if you were with one of those companies you wouldn't be asking for a solution.

Your only real solution is to fire your outsourcing company, whichever meat head manager on your side thought it was a good idea, and anyone in a network or server role who didn't have the balls to say this was a terrible idea. If you're one of the above start by resigning. Then use the money you were going to spend on them to hire a few competent people and put servers back where they belong.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...