Problems running application with large database over VPN

[sibeer]

Just tapping up the helpful folks here for some advice / suggestions for a problem we have. I run a network as a part-time extra string to my bow in work. Our network has a head office with lots of machines, then 1-3 PC's in each of 5 remote locations. Each of these remote locations are connected via an ADSL site to site VPN that is fine for the occasional file transfers that are usually required.

Unfortunately this is all being scuppered by the requirements of a new database reliant HR application. The application is currently installed locally on a management machine at each branch, but it accesses a database at the head office to do anything. The application is windows only, but will run on any version. The network storage is provided by an old Windows 2000 SBS Server that is a little long in the tooth, but does all we need up till this.

Solutions wise I have a couple of options I have looked at:

1. Remote Desktop / Terminal Server: I can run a couple of XP machines left on in the head office. Using these like terminal servers will allow people to log on, but is fairly high bandwidth and not a very clean solution. I could also build a Terminal Server but Windows TS licensing is pricey and Linux + Wine is probably a little beyond my Linux ability (especially as I have never used Wine and the application is not officially supported)

2. Application Streaming (I think): Basically I have seen this app and the functionality sounds ideal: http://www.graphon.com/content/view/9/9/ it allows me to run multiple instances of a single application over the network and will work from a single XP machine. At each remote location they load the application through a kind of mini remote desktop. Again the problem with this is the cost at £169/user/year.

The second option sounds better, but I need to find a cheaper way of doing it. I need it to run at 5-6 machines, but I could probably get away with 3 concurrent users provided it notifies rather than automatically kicking users out.

Any suggestions of solutions used by others, etc are appreciated

 

[bigredshark]

Personally I wouldn't touch anything other than terminal services (or citrix) for that, it's the accepted way of doing it for a reason. Licensing for half a dozen users shouldn't be a big deal for a company that's got multiple sites...

 

[Yamahahahahaha]

Terminal services is a great way of doing it. As you have mentioned, cost is a factor. It's about £60 per license (can be done per user without enforcement, or per machine with enforcement).
Bandwidth utilisation can be kept to a minimum (down to a couple of KB/s) which would easily allow all users at all 5 sites to use the service.

How many users are likely to use this?
One person per branch? Or would all users at all branches use it?
The latter would make TS licensing less cost effective.

 

[blueboy2001]

Have a look at XPUnlimited it allows you to use a standard XP install effectively as a Terminal Server - http://www.xpunlimited.com/. We've got a farm of these supporting several hundred users and it works very well.

 

[sibeer]

Terminal services is a great way of doing it. As you have mentioned, cost is a factor. It's about £60 per license (can be done per user without enforcement, or per machine with enforcement).
Bandwidth utilisation can be kept to a minimum (down to a couple of KB/s) which would easily allow all users at all 5 sites to use the service.

How many users are likely to use this?
One person per branch? Or would all users at all branches use it?
The latter would make TS licensing less cost effective.

It is one user per branch, the head office doesn't need to run terminals as they have full speed access to the database over the network already. The cost issue surely comes from the need for a new server to run Terminal services? If I can just add some users to our SBS server at £60 a pop then that may be a good way to go. Also if it could be run from a SBS 2008 server (as well as being the domain controller) then the server may be able to justify a proper upgrade.

As regards the XP Unlimited option, it looks interesting too. What version do you use and how many users is a std XP system good for?

 

[iaind]

SBS 08 allows for terminal services, but you need to buy the CALs on top of the SBS CALs.

It does allow you to install a second server for TS, which is what I'd do as running a DC as a TS is a bad idea. Virtualise if hardware is a big concern

 

[bigredshark]

It is one user per branch, the head office doesn't need to run terminals as they have full speed access to the database over the network already. The cost issue surely comes from the need for a new server to run Terminal services? If I can just add some users to our SBS server at £60 a pop then that may be a good way to go. Also if it could be run from a SBS 2008 server (as well as being the domain controller) then the server may be able to justify a proper upgrade.

As regards the XP Unlimited option, it looks interesting too. What version do you use and how many users is a std XP system good for?

I don't know it's that much, £2k would get you a better server than you need fully licensed (hell, £1k would get you a base HP tower, some extra RAM and licenses almost), over 5 branches that's £400 per site over a two or three year lifecycle - surely you can loose £200 a year in each office's budget?

 

[Yamahahahahaha]

It does allow you to install a second server for TS, which is what I'd do as running a DC as a TS is a bad idea. Virtualise if hardware is a big concern

Good catch. Installing TS is a pain on a DC due to different permission levels compared to a member server.

 

[sibeer]

I don't know it's that much, £2k would get you a better server than you need fully licensed (hell, £1k would get you a base HP tower, some extra RAM and licenses almost), over 5 branches that's £400 per site over a two or three year lifecycle - surely you can loose £200 a year in each office's budget?

It's more the CAL licenses than the outright cost. To my reckoning it would want to be SBS 2008 Premium as that includes a second server license to run an SQL server. That costs almost £100 / CAL. We currently have just under 28-29 total PC's and matching CAL licensing for SBS 2000, so that is £2.5K off the bat. You then need SBS Premium at £900 and 5-10 TS licenses at about £100 each, not to mention at least £1000 of server hardware and a massive role out

Basically £5K + lots of work for one application would preferably be avoided. Is it OK to add a second server for TS only purposes to an existing Win 2K SBS domain?

 

[bigredshark]

Basically £5K + lots of work for one application would preferably be avoided. Is it OK to add a second server for TS only purposes to an existing Win 2K SBS domain?

Certainly used to be, I haven't used SBS in years but you used to be able to just add a 2k3 server as a member without any changes to the licensing of SBS at all...

 

[Sp00n]

Yes you can add the TS as a member server, shouldn't be a problem

 

[sibeer]

Is there any major advantage to using anything newer than Windows 2000 Terminal Servers? I am thinking of maybe hitting up ebay for a basic edition of 2000 or 2003 server and some CALS?

 

[mr.bond]

Is there any major advantage to using anything newer than Windows 2000 Terminal Servers? I am thinking of maybe hitting up ebay for a basic edition of 2000 or 2003 server and some CALS?

Yup, Windows 2000 is officially out of support from July this year.

 

[sibeer]

Sounds like the main server is going to want a rethink in the near future then. As a slight update / temp fix I have had a play with allowing multiple concurrent RD users on XP Pro and it seems to run fine. I can't see the difference between the free patching of XP to do this and the XPUnlimited software suggested. Think both fall into a grey area with the licensing though so will look to a more permanent solution in the future.

THANKS FOR ALL THE HELP, REALLY APPRECIATED

 

[Toughnoodle]

Is there any major advantage to using anything newer than Windows 2000 Terminal Servers? I am thinking of maybe hitting up ebay for a basic edition of 2000 or 2003 server and some CALS?

Yup, Windows 2008 upwards can run terminal services in "desktop" mode or an application window in "remoteapp" mode. I think this has always a feature restricted to Citrix, till now. It works a treat for running bloated apps over a VPN.

 

[sibeer]

Yup, Windows 2008 upwards can run terminal services in "desktop" mode or an application window in "remoteapp" mode. I think this has always a feature restricted to Citrix, till now. It works a treat for running bloated apps over a VPN.

Remote app mode sounds ideal, almost identical to the Graphon Product I was looking at. How does the licensing work for that, is it per active connection or per potential connection?

Also anyone got any rough ideas at what sort of costs I should be looking at to migrate a Windows 2000 SBS Domain to a new 2008 SBS server (or have any interest in quoting the work). No exchange setup at the moment, but that is wanted as part of the new setup.

 

[s0ck]

What does the app run like under an RDP session? Sometimes, the redraw rate is worse than the write delay over VPN; I've used an app like this myself and my assumption at the time was that RDP would be better; it was far worse.
Is there any desktop interaction, dragging of files, etc? This may be affected by going RDP.

You're obviously leaning towards SBS08 but I'm not a huge fan of it. You'll need some tidy hardware to run it on, software costs, implementation too as it looks like you're not gonna take it on yourself.

Citrix has always, allegedly, been a better performer but I'm not sure how much better, if any, the network footprint would be opting for ICA over RDP...

Prolly be far easier and cheaper to whack a 2003 TS server on the existing domain, if you're happy that RDP is the way to go.

 

[iaind]

It is a good point - what has lead you to the decision that the VPNs wont be suitable?

I'd be looking at trying it and measuring it first - get some bandwidth stats to see how much it uses and then see what effect the increase in latency will have. You could then look at what sort of compression could be used - whether natively within the application or by third party means.

Re Citrix performance - yes, ICA generally fares better than RDP, especially in low bandwidth high latenecy situations but the gap is narrowing. Your bog standard ADSL VPN within the UK should cope fine with a full screen desktop RDP session unless the application relies heavily on images

 

[mikeh501]

Re Citrix performance - yes, ICA generally fares better than RDP, especially in low bandwidth high latenecy situations but the gap is narrowing. Your bog standard ADSL VPN within the UK should cope fine with a full screen desktop RDP session unless the application relies heavily on images

We've got a hosting environment for our customers which uses citrix. We played with a bunch of other products including just straight Win2008 RDP and none of them could match the Citrix technology in terms of user experience. The bit that makes all the difference for redraws is called SpeedScreen. Basically its intelligent enough to not redraw large portions of the screen if they havent changed even if the application was telling the OS to redraw. It also gives immediate feedback to the user when typing and when clicking locally rather than waiting for the server to send the update.

 

[sibeer]

It is a good point - what has lead you to the decision that the VPNs wont be suitable?

I'd be looking at trying it and measuring it first - get some bandwidth stats to see how much it uses and then see what effect the increase in latency will have. You could then look at what sort of compression could be used - whether natively within the application or by third party means.

Re Citrix performance - yes, ICA generally fares better than RDP, especially in low bandwidth high latenecy situations but the gap is narrowing. Your bog standard ADSL VPN within the UK should cope fine with a full screen desktop RDP session unless the application relies heavily on images

There is no need to do the bandwidth stats, the thing is so slow it is unusable and that is with only one connection. The application doesn't seem to give the redraw issues that are a problem sometimes with RDP.

Given the age of Windows 2003 server, would it not be best to either use 2008 server, or wait for 2010/2011 Server for the TS implementation? This way it would last a lot longer before lack of security updates, etc resigned it to the scrap pile.