Customer adding a new site and potentially a new Server

[Big Jim]

This is not my typical work so looking for some advice on the best solution for my client.

Current setup is a single site with on site server
roles are DHCP, AD and file server with folder redirection
5 pcs on site with around 5-7 users


they are soon adding a second site likely to have 2 machines which won't be in use all the time,
so we are going over options for them.
1st option which I am looking into now is to add a 2nd DC at the new location,
I assume I would need 2 routers capable of site to site VPN permanently connected.
I already know how to setup the 2nd DC for AD , however with it being on a different site how would the folder redirection and file serving duties for mapped drives behave ?
The connection speed at current site is normally 15/1 I believe, but can drop at peak times.
Not sure on connection speed at the new site yet, Based on its physical location I think they will probably get 40/10.

What other options do they have ?
I have thought about having them use RDP at the new site to one of the desktops at site 1 as a cheaper solution, this seems a bit hacky to me though.

 

[Markverhyden]

Not sure why you/they are considering a second server. Is the existing one getting long in the tooth? Having that 1 mb up at HQ is going to be a problem. If it was me I'd try getting that upgraded and then setup a point2point VPN between the 2 locations.

 

[SAFCasper]

1Mb upload is going to be your worst enemy here.

Accessing file shares directly over a site-to-site VPN is going to be painfully slow. Need to access a 15Mb file? Seems relatively small right? Best case scenario, assuming none of the 5 PC's are using bandwidth at the same time, that's going to be a 2 minute wait. But don't worry, explorer will likely hang and crash before it has time to complete.

You could setup a second DC and sync the shares, including redirected folders, with DFS-R but again that's likely going to fall over regularly due to bandwidth.

SharePoint, Teams, Dropbox etc are also likely to struggle. Just takes one user to drop a 2GB folder of photos into the share and boom, everyone's internet is crippled for the next few hours. QoS can help but it's a loosing battle.

RDP into a computer, as janky as it sounds, could be your most reliable option here. Or if you have the budget for a new server I'd consider setup a new RDS (Terminal server) at the main site and have them RDP into that. You could use thin clients or low spec/refurbed machines at the new site to keep those costs down. Plus easily scalable if they need to add more remote sites / wfh staff in future.

 

[Big Jim]

Thanks guys

to answer your questions
the existing server is less than a year old, the reason we are considering a 2nd server is because of the slow internet speed.
There are no better alternatives for internet at HQ, judging by the customer's behaviour thus far, if an option became available at an inflated price they would likely pay it. They are in the middle of nowhere, there line to the exchange is 8KM long so they get around 1MB download or worse on regular broadband, when I first met them they were using satellite broadband, they have since struck a deal with a company that offers wireless broadband via there own antenna based system.
4/5G signal is also very poor at this site.

P2P VPN is an option of course but I am guessing that due to the slow speed, anyone at the site without a server will run atrociously slow.
if we were to use P2P VPN we would almost definitely need a second server.

How reliable is DFS-R over VPN ? do you end up with file conflicts or do the 2 servers talk to not allow the same file open by 2 users.
Sharepoint/Dropbox/teams not in use.


How does RDS terminal server differ from RDS to a desktop computer ?
I assume it just creates a VM that the user logs into rather than needing additional physical hardware ?
But otherwise the same ?
Could the existing server have this role added to it or does it need specific hardware ?

 

[SAFCasper]

We have been running DFS-R over VPN for several years with a 300Gb share which is accessed frequently by 8-9 users. No problems whatsoever however we have 100/100 connection one end and gigabit at the other.

Unfortunately DFS-R doesn’t have distributed file locking. It will lock the copy on the local server but someone can still edit the version on a remote sever. Whichever one is saved last wins.

Terminal server (or Remote Desktop Session Host - RDSH) is essentially a shared desktop which multiple users RDP into simultaneously. It scales well as you can have 10-15 users on a single RDS server. Compare that to RDP into a desktop computer where it’s one user to one computer.

An example of where this scaling starts to make sense. We have 5x RDSH serving 50-60 users daily. This all runs from a single physical server. Imagine we needed 50-60 desktops sitting in a room somewhere waiting on remote users to RDP in.

You can add RDS roles to any Windows server however you need RDS CAL’s to licence each user. About £110 a pop one-off purchase.

EDIT: Updated some parts now I'm not on a mobile.

 

[Big Jim]

It seems to me that RDP would make most sense here.

so next question is given the low amount of users and low amount of traffic, do I need a dedicated firewall to run the site to site VPN or will an upgraded router suffice ?

I think I'm going to have to have a firewall on the slower site as the company that provides the internet there does not allow end users access to their routers, any changes have to be made by them. They also told me they do not support VPNs but can allow passthrough for me to install a firewall.

 

[trevm999]

Thanks guys

to answer your questions
the existing server is less than a year old, the reason we are considering a 2nd server is because of the slow internet speed.
There are no better alternatives for internet at HQ, judging by the customer's behaviour thus far, if an option became available at an inflated price they would likely pay it. They are in the middle of nowhere, there line to the exchange is 8KM long so they get around 1MB download or worse on regular broadband, when I first met them they were using satellite broadband, they have since struck a deal with a company that offers wireless broadband via there own antenna based system.
4/5G signal is also very poor at this site.

P2P VPN is an option of course but I am guessing that due to the slow speed, anyone at the site without a server will run atrociously slow.
if we were to use P2P VPN we would almost definitely need a second server.

How reliable is DFS-R over VPN ? do you end up with file conflicts or do the 2 servers talk to not allow the same file open by 2 users.
Sharepoint/Dropbox/teams not in use.


How does RDS terminal server differ from RDS to a desktop computer ?
I assume it just creates a VM that the user logs into rather than needing additional physical hardware ?
But otherwise the same ?
Could the existing server have this role added to it or does it need specific hardware ?

Starlink isn't available there?

 

[YeOldeStonecat]

Do the end users need to run a line of business application? Or...are they just accessing files? If it's typical Microsoft Office (and other types) of files...I'd strongly consider going with Microsoft 365, and leveraging Teams/Sharepoint/OneDrive.
With the lower upload speed, you can control bandwidth usage via policies in 365 so that if an individual plops a big folder/file...it will not cripple everyones connection.

DFS across 2x sites will still have the same impact on bandwidth...you can manage the link speed there also...but..same limitation. Either way, files need to "sync".
DFS does work fine across VPN tunnels, you leverage AD Sites 'n Services to define the link/networks. However...to me, for file sharing, that's just taking a 15 year old approach, when modern services like 365/Teams/Sharepoint can deliver better, more reliable, far less cost, far less maintenance.