Suggestions on a VPN Solution
-
Given the number of workstations and the single server, why not use ZeroTier and go to something more advanced and flexible? Why deal with the complication of the site to site VPN when you could easily go to a full mesh?
-
@scottalanmiller said in Suggestions on a VPN Solution:
What kind of data and traffic will go between the sites? What will the satellite be accessing from the main office?
They use a custom quoting software, near as I can tell it's more or less a standard database back end with a custom front end. But they also need the ability to upload high resolution photos to the server. These are catalogued and used as a sort of before and after thing, which they archive for about 6 months after the job is done.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
Does the ERL do NAT/firewalling and what not? Or would it be a device that I would need to put behind a more robust NAT/Firewall solution?
Yes, everything does. You literally can't buy anything that doesn't do that.
Yes, good point, but I meant are the edge routers appropriate to use as the sole internet gateway, but given the name (Edge router) I am guessing this may be a silly question...
-
@jrc said in Suggestions on a VPN Solution:
But they also need the ability to upload high resolution photos to the server. These are catalogued and used as a sort of before and after thing, which they archive for about 6 months after the job is done.
That would be a bad use case for a VPN. Moving to something like NextCloud would seem like a better system, even for the main office users.
-
@jrc said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
Does the ERL do NAT/firewalling and what not? Or would it be a device that I would need to put behind a more robust NAT/Firewall solution?
Yes, everything does. You literally can't buy anything that doesn't do that.
Yes, good point, but I meant are the edge routers appropriate to use as the sole internet gateway, but given the name (Edge router) I am guessing this may be a silly question...
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
But they also need the ability to upload high resolution photos to the server. These are catalogued and used as a sort of before and after thing, which they archive for about 6 months after the job is done.
That would be a bad use case for a VPN. Moving to something like NextCloud would seem like a better system, even for the main office users.
Well we are not talking Gigabytes of data here. I'm talking maybe two dozen or so images over the day, in the 3 or 4 mb size range each.
The bigger need here is the ability for the clients at the satellite store to be able to communicate with the quoting software. Which is why VPN was my first thought.
-
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
-
@jrc said in Suggestions on a VPN Solution:
Well we are not talking Gigabytes of data here. I'm talking maybe two dozen or so images over the day, in the 3 or 4 mb size range each.
It's the overall business impact and complication and cost that I'm thinking about. Running Windows servers and so forth for something that something free would do better and then no need for the VPN, at least not for that portion, anyway.
-
@scottalanmiller said in Suggestions on a VPN Solution:
Given the number of workstations and the single server, why not use ZeroTier and go to something more advanced and flexible? Why deal with the complication of the site to site VPN when you could easily go to a full mesh?
That looks like something you setup on each client, which I think they would not be happy about. They do not take kindly to new ways of doing things, hell they'd still be running Windows XP and Server 2000 if I had not pushed very hard to get them moved to Windows 7.
The other issue is the corporate franchise entities IT department is staffed and run by people who actually know very little about IT. So the tech mandates that come from there are a joke at best. So having the VPN as transparent as possible will help me stave away the "we don't support that" mentality they have, which to them really means "we won't help you with anything we don't understand, even if it's not a factor in the issue you are having"
-
@gjacobse said in Suggestions on a VPN Solution:
If you have Static IPs at both ends - and why not... Go with the ERL.
Nah - ER-X.. save the money.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
It was, and poorly at that. And believe or not it was actually "updated" recently, but still no web front end at all. Plus it's mandatory for all franchise to use it.
-
@jrc said in Suggestions on a VPN Solution:
That looks like something you setup on each client, which I think they would not be happy about. They do not take kindly to new ways of doing things, hell they'd still be running Windows XP and Server 2000 if I had not pushed very hard to get them moved to Windows 7.
It is and... how would they even know? The whole point is to make it as transparent for them as possible.
-
@jrc said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
It was, and poorly at that. And believe or not it was actually "updated" recently, but still no web front end at all. Plus it's mandatory for all franchise to use it.
Oh, this is not your customer's custom app, this is an app that they are forced to use from elsewhere.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
It was, and poorly at that. And believe or not it was actually "updated" recently, but still no web front end at all. Plus it's mandatory for all franchise to use it.
Oh, this is not your customer's custom app, this is an app that they are forced to use from elsewhere.
Ahh, yes. Sorry when I said custom I meant for the franchise in general and not for the specific branch.
-
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
-
Use an ERL at both sites, not an ER8, you have zero need for anything like that.
Do not use the ERX, without a console port, you lose troubleshooting.
If you want switch ports on your router, then go with the ERPoE.
-
I agree, once we dug into it, the ERL sounds like the right solution. Two ERLs are dirt cheap and an upgrade from what is there now, too. Solid site to site solution.
-
@scottalanmiller said in Suggestions on a VPN Solution:
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
That is an over broad assumption, but is generally a solid assumption.
If it is a locally installed application that just connects to the database at the main site, it will work great.
If it is a application launched form a shared drive, it will likely run like shit.
-
@JaredBusch said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
That is an over broad assumption, but is generally a solid assumption.
If it is a locally installed application that just connects to the database at the main site, it will work great.
If it is a application launched form a shared drive, it will likely run like shit.
It is a locally installed application that connects to a DB at the main site (running on the SBS server).
Is there a comprehensive list of the differences between an ER8, ERL and ERLX somewhere? Ubiquities site is not too clear on this.
-
@jrc said in Suggestions on a VPN Solution:
@JaredBusch said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
That is an over broad assumption, but is generally a solid assumption.
If it is a locally installed application that just connects to the database at the main site, it will work great.
If it is a application launched form a shared drive, it will likely run like shit.
It is a locally installed application that connects to a DB at the main site (running on the SBS server).
Is there a comprehensive list of the differences between an ER8, ERL and ERLX somewhere? Ubiquities site is not too clear on this.
Their data sheet clearly lists all of the models.
https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf
