circuit wrote:
That's a lot of ifs! See inline:
> Howdy everyone,
>
> Current situation:
> 1 ms win2003 domain. Most users are in hq that houses citrix server
> utilized by users in location2..
> Citrix users in location2. Citrix users' client pc's belong to
> workgroup, not domain (due to wan speed), therefore they access network
> resources via Citrix only.
>
> Dumb question (at least I think so, I am having difficulty with this
> one):
> If hq client machines are 192.168.1.x , and default gw for
> hq=192.168.1.2 (long story why),
> and location2 machines are 192.168.2.x and default gw=192.168.2.2
>
> Would it be a stupid idea to change the location2 client machines to
> the same network (192.168.1.x) and add them to the domain managed by
> hq?
First of all, most T-1 connections are routed, so they must be on
different networks. Secondly, you don't need to be on the same subnet to
join them to the domain, you just need to have the clients using the DNS
server for the domain (WINS too if you need to browse the networks).
>
> I have a point-to-point T-1 with managed routers at both ends.
>
> The primary issue, among many, is that I wanted to create a partially
> wireless solution in location 2, and per linksys, weather you have a
> WAP and/or a wireless router, changing the ip of the wireless device to
> a .2 never works, and it loses connection.
Are you sure about this? There's no good reason why that wouldn't work.
If it's a WAP, it doesn't even need an IP address except to manage it if
you have another router. It just acts as a bridge between the wired and
wireless sides.
Also I want to make sure
> that if I change the location 2 to the same network (168.1.x) that
> apps, logging in, etc over the WAN all of the above would be slower
> than molasses...
I'm not getting this one. It may be possible to bridge across the WAN
depending on equipment, but either way, 1.5 megabits is 1/67 the speed
of most LANS. Routed or bridged, it will be slow.
>
> Finally, in terms of scalability, if we get a 3rd site, a)would it be a
> good recommendation to have server at each site communicating via the T
> to headquarters site (either for dhpc relay, or application
> replication, etc.)?? b)Is it possible to set it up as 192.168.3.x, and
> how would this affect wireless authentication at that site?
Any network number will work as long as it's different from the other
sites. Whether or not you need a server at each site depends on what you
mean by server and what services the server is providing. It also
depends on a whole lot of other things like how many computers/users at
the remote site, how much data will need to move across the WAN, etc.
>
> Thanks for the help in advance, this has been driving me bonkers.. I
> know this is a long description but the more info in the initial
> description, the better :-)
>
A few notes, observations.
1) If thin client (terminal services) is working, there's no need to
have the remote clients members of the domain unless you need to apply
group policy or other domain level stuff.
2) RDP has built-in encryption and you don't need a T-1 or even a VPN
for security. You can run it directly over the Internet. Of course
you'll want to take steps to harden your terminal server. If you have a
firewall between the terminal server and the Internet and your remote
site has a static IP, you can reject all traffic except from your site.
3) If you have high-speed Internet available at each site, you can
usually do more for less. Here in Washington state where I live, I can
get DSL up to 8 Megabits for less than $100/month. A T-1 across town is
more than 3 times that and less than 1/5 the speed. A VPN appliance at
each end can be had for less than $300.
....kurt
|
Similar Threads
