Merger

scottalanmiller

@StefUk said:

@scottalanmiller said:

We could ask in another way, given that they chose a VPN to connect the offices, why is there RDP? What is the VPN not handling well that as made them feel the need to have redundant connection technologies back to the main office?

line speed at each office is slow ( less then 10Mbps ) . Rdp ( remote desktop ) solutions is used to compress the data and make the application work at the branch offices. without the rdp the apps run too slow at think client.
is that what you are asking ? everything is hosted at the main office

Well that helps to explain why RDP is used, but it doesn't cover what the VPN is used for.

If everything is hosted in the main office and RDP is used for the apps, what does the VPN do?

Has the line speed been looked into? That's terribly slow.

scottalanmiller

@hobbit666 said:

@StefUk said:

@scottalanmiller said:

We could ask in another way, given that they chose a VPN to connect the offices, why is there RDP? What is the VPN not handling well that as made them feel the need to have redundant connection technologies back to the main office?

line speed at each office is slow ( less then 10Mbps ) . Rdp ( remote desktop ) solutions is used to compress the data and make the application work at the branch offices. without the rdp the apps run too slow at think client.
is that what you are asking ? everything is hosted at the main office

Think what they are both trying to say is you don't need the VPN link to use RDP to the HO location. Open up the ports on the Firewall and allow access through the internet connection.

The VPN link is not required for what you are using i.e. RDP

And if the VPN is not fast, it can slow down the RDP, as well.

scottalanmiller

@Dashrender said:

@hobbit666 said:

@StefUk said:

@scottalanmiller said:

We could ask in another way, given that they chose a VPN to connect the offices, why is there RDP? What is the VPN not handling well that as made them feel the need to have redundant connection technologies back to the main office?

line speed at each office is slow ( less then 10Mbps ) . Rdp ( remote desktop ) solutions is used to compress the data and make the application work at the branch offices. without the rdp the apps run too slow at think client.
is that what you are asking ? everything is hosted at the main office

Think what they are both trying to say is you don't need the VPN link to use RDP to the HO location. Open up the ports on the Firewall and allow access through the internet connection.

The VPN link is not required for what you are using i.e. RDP

Though, this only applies if the assumption is that there is no local access from the branch offices, only RPD access, which hasn't been confirmed.

Which is what we are asking... what is the VPN for?

scottalanmiller

@StefUk said:

ok maybe we don t need it but I don t have time to create more work for me .. it works and I don t need to change it . it doesn't cost anything and I don t have a problem with this .. ?
i would like to know what i can do with the AD - exchange - LAN etc ..maybe i should post something more specific

Is it saving you work? That's what we are asking. You are rolling out AD to these branches, right? Why? Is there any need for it or is the AD at the branches only serving to justify the VPN(s). And how there are two different VPN infrastructures, right? So unless I am missing something, the VPN is creating more work here. So we are trying to both save you work and help the company come up with the right way to do things. How does ignoring their needs make this easier given that there two companies merging so no unified VPN infrastructure? At least the one company would have no networking back to the main office, right?

scottalanmiller

@StefUk said:

we are discussing why they use VPN when the VPN was never been mentioned as an issue here.

You can't just isolate things to ignore like that. It's all one holistic system. We have to understand how the system all works to be able to help. We can't just pick up one isolated function and try to determine what to do when we don't know what it is for, if it is even needed or how changes ripple through the system.

scottalanmiller

@StefUk said:

...I was just reaching out to understand how we can incorporate the apps of the two companies in to one without causing too much downtime.

As were we. The VPN infrastructure and AD infrastructure are part of that picture and it sounds like they are likely creating an unnecessary amount of confusion and work involved for something that might be a lot simpler if the whole thing was looked at instead of the apps in isolation.

But the VPN came up because you asked how to consolidate the apps and we were trying to determine what the apps even were.

scottalanmiller

@Dashrender said:

What are the applications, specifically? Sometimes different apps have different requirements, so a blanket response will be of little help.

Yes, this is the one part where no information was given. The VPN we can discuss, the apps we have no way to give recommendations, really.

scottalanmiller

@StefUk said:

Company A and company B are merging on to company C with company B moving to company A . How can I get the two systems to work from company A premise in a short time as possible ?

Two RDP servers, no VPN. That's the fastest, easiest, I would guess. Do you see that by asking this question you make the VPN front and center as it appears to be the only piece presenting any barriers to the situation? If the VPN isn't what you are asking about, what's the answer? Just put the two app servers in the datacenter. Easy peasy.

scottalanmiller

@StefUk said:

Company A has an exchange company B has an exchange, when compnay B moves in to company A is there a way to make exchange from company B to talk to exchange in to company A and vice versa without migrating mailboxes to a new exchange .

I don't understand this bit - or more I don't understand the "why" of this bit. what is the goal in merging the email systems (before fully merging them?) Email systems talk to each other natively, that's what email does. What do you specifically want these email systems to do with each other?

scottalanmiller

@StefUk said:

@Dashrender said:

@StefUk said:

are not looking at saving money or justify expenditure I was just reaching out to understand how we can incorporate the apps

Are you merging the datacenters?

What are the applications, specifically? Sometimes different apps have different requirements, so a blanket response will be of little help.

both companies have a fully working infrastructure in house. In two months time company B will move in to company A. company B computers will be plugged in to company A data center ( infrastructure). at that stage, if the new merged company infrastructure ( company C ) is not ready how can i mitigate the move.

The core application are
specific legal - accounting package and document management. ( different for company a and b at the moment - the plan is to move company b to company A app)
Email - exchange ( one server for each company )
file and print server
AD
Remote desktop
SQL dictation package
a legal form package

and some other generic apps like antivirus - internet filtering etc

I guess the biggest question is... what is the end goal? One single AD, one email, one application or is the goal to keep operating as two companies? I get that you might not want to jump all of the way to a fully merged company on day one, but it sounds like almost as much effort to hold off on the merging of everything but the applications themselves than to just merge it from the beginning.

Why not just make a new AD system and a new Exchange system and move everyone equally to a single, new, pristine environment designed from the ground up for the operations of the new company?

StefUk

@scottalanmiller said:

@StefUk said:

@Dashrender said:

@StefUk said:

are not looking at saving money or justify expenditure I was just reaching out to understand how we can incorporate the apps

Are you merging the datacenters?

What are the applications, specifically? Sometimes different apps have different requirements, so a blanket response will be of little help.

both companies have a fully working infrastructure in house. In two months time company B will move in to company A. company B computers will be plugged in to company A data center ( infrastructure). at that stage, if the new merged company infrastructure ( company C ) is not ready how can i mitigate the move.

The core application are
specific legal - accounting package and document management. ( different for company a and b at the moment - the plan is to move company b to company A app)
Email - exchange ( one server for each company )
file and print server
AD
Remote desktop
SQL dictation package
a legal form package

and some other generic apps like antivirus - internet filtering etc

I guess the biggest question is... what is the end goal? One single AD, one email, one application or is the goal to keep operating as two companies? I get that you might not want to jump all of the way to a fully merged company on day one, but it sounds like almost as much effort to hold off on the merging of everything but the applications themselves than to just merge it from the beginning.

Why not just make a new AD system and a new Exchange system and move everyone equally to a single, new, pristine environment designed from the ground up for the operations of the new company?

i think that is the most sensible way forward instead of trying to figure out a way of integrating the two ..without VPN of course

scottalanmiller

@StefUk said:

i think that is the most sensible way forward instead of trying to figure out a way of integrating the two ..without VPN of course

How does the VPN help, though? I think a VPN does something different than assumed. If you are using RDP they are already integrated. The VPN is just a red herring, extra work. It's not providing anything, right?

scottalanmiller

For example, NTG is integrated with its remote users, but there is no VPN. In our case it is not because we are using RDP, but it is the same difference. If we implemented a VPN, people might feel like the VPN was handling some part of the integration, but it is not, our applications are doing that. If we turned on a VPN the VPN itself would be idle, doing nothing. It might look to someone doing a quick audit that it was serving a purpose, but you would be able to turn it off and everything would work the same as before.

hobbit666

@scottalanmiller Still waiting for your report/article on NTG's rise to a LANless design

Dashrender

The biggest issue I see on day one of moving the hardware from company B's location to company A's location will the an IP schema issue.

There are two possibilities here:

1. both networks use the same IP scheme (i.e. 172.16.1.x/24) and have devices that are assigned the same IP. For example, they both have servers on IP 172.16.1.1.
   I'd solve this by changing the servers/printers/switches, etc to IPs not in use on company A. then you can just plug them into the network there and continue to work as if nothing has changed.

2. networks use different IP schemes (i.e. A - 172.16.1.x/24 and 10.0.0.x/24)
   This situation is a bit easier assuming the default Gateway in company A can be multi-homed (have two or more internal networks). You have a few choices. Create a VLAN for company B's IP range, create an interface on the firewall for this new network, assign all ports for the company B computers/servers, etc to the new VLAN. Another option would be to bring company B's switches over, use them for company B computers and connect them also to the new port created on the firewall.

Jason

@Dashrender said:

2. networks use different IP schemes (i.e. A - 172.16.1.x/24 and 10.0.0.x/24)
   This situation is a bit easier assuming the default Gateway in company A can be multi-homed (have two or more internal networks).

That's adding complexity (and Latency) for no reason.. Just rescope. You almost always have to rescope with mergers anyway.

Dashrender

As for the VPN's, as Scott mentioned, assuming you are only using them for RDP access, get rid of them. Instead create the firewall rules that allow RDP access to the RDS servers directly. If you don't have multiple IP addresses at the firewall, there will be more work to do.

But if VPNs are used for more than RDP, have all locations converge on company A's firewall and get rid of company B's firewall (the main office one, obviously the remote offices will need to keep theirs).

Dashrender

@Jason said:

@Dashrender said:

2. networks use different IP schemes (i.e. A - 172.16.1.x/24 and 10.0.0.x/24)
   This situation is a bit easier assuming the default Gateway in company A can be multi-homed (have two or more internal networks).

That's adding complexity (and Latency) for no reason.. Just rescope. You almost always have to rescope with mergers anyway.

I gave options, not recommendations - though if you're looking at my list of options as a list of recommended ways of doing this, the option 1 is above option 2, which is more or less what you were saying.

scottalanmiller

@Dashrender said:

As for the VPN's, as Scott mentioned, assuming you are only using them for RDP access, get rid of them. Instead create the firewall rules that allow RDP access to the RDS servers directly. If you don't have multiple IP addresses at the firewall, there will be more work to do.

And put in an RDS Web Gateway. Works great and covers any security concerns by creating SSL connections for the RDP.

scottalanmiller

@Dashrender said:

But if VPNs are used for more than RDP, have all locations converge on company A's firewall and get rid of company B's firewall (the main office one, obviously the remote offices will need to keep theirs).

Yes, one way or another the VPN infrastructure sounds like it has to be addressed, and I mean has to be or things won't function. So no matter how much we feel like sticking our heads in the sand or acting like this isn't a core decision point, it really is. It's unavoidable. If AD, Exchange, RDP or anything else is to be discussed, the VPN is part of all of those and cannot be treated as a foregone conclusion because the existing VPN system won't work with the intended future design(s).