Global Connectivity for Company Networks

[jianneng]

Hi,

My main office is in South East Asia and it has a branch in Europe. Both offices have their respective networks. Now they want to share all the files and directories such that those people in Europe can see what is on our server in S.E.A and vice versa. I guess this also means the contents of both servers will be "merged" so that it can be managed by the main office in S.E.A.

I have not played with Virtual Private Networks (VPN) before. Although I think this is probably the answer to the scenario above, but I am not sure how this will work out.

If anyone has implemented this before or know how to do this, I wish you can share your knowledge about the server OS used, hardware, software, etc.. Any recommendations/suggestions are welcomed. I just want to have some idea on how this could be implemented. Thanks in advance.

Lim.

 

[cmetz]

SMB / CIFS (Windows file sharing) over any sort of WAN is painful; over that kind of distance it would be excruciating. Latency is the problem. NFSv3 (pretty much UNIX/Linux land only) is better, but still, over that kind of latency, I wouldn't want to go there. In general, direct network filesystem sharing over WAN links is not a good idea, and over international VPN links would especially not be a good idea.

Perhaps what you should investigate is to add HTTP browse & up/download capability to your file server, or to buy/build one that could do so. There's probably some Windows way to do it, a Linux/Samba server could do it with Apache covering the same directory tree. Another approach would be to get a Network Appliance fileserver for each site, those do SMB & NFS sharing and also have a HTTP browse/up/download server. NetApps fileservers are great anyway and would benefit local users well.

Another approach would be WebDAV or some other "collaborative software" / "shared web folder" system. There are a bunch of these around. Rather than try to share the entirety of your network filesystems, maybe you can only have a small subset of things be shared, which would make the problem easier.

Your description of the problem is very vague. The more specifics you give, the more specifics you can get in return.

 

[jianneng]

Hi, thanks for your reply.

So it looks like there is no easy way of doing this. The specific scenario is that each office in S.E.A and Europe has its own server and LAN. Each site has an IP address. Server in S.E.A has, for e.g. 5 directories and that in Europe has 3 directories. Whenever a user in any office explores the directories, they should see 8 directories altogether, without being aware that which belongs to which office.

Even if this is not possible, another scenario would be users see two root folders, one named "SEA" and another named "Europe". And under each of these root folders, SEA has its 5 directories and Europe has its 3 directories. Therefore, I still can achieve so called "I see you and you see me". My intention for this sharing is only for files and directories, we don't need application sharing or other purposes.

As you have said, latency is definitely a concern here. I guess one way to reduce this latency would be to upgrade both offices' bandwidth to a high-speed Internet access.

If both offices are running on Windows server operating systems, can this be achieved? (Let say we ignore the latency issue). I did consider Linux before, but since the Europe office is the smaller office with no IT support, I think perhaps I would go for some Windows software.

Lim.

 

[MysticLlama]

I would go about this by using DFS.

If AD Site/Services is set up correctly the users should always land on the box closest to them.

Basically, each site would have a server, but they would both host all 8 directories.

DFS would take care of replicating changes between the servers. Essentially it would be transparent to the users because they would be connected to a local server no matter what the data, and the servers could deal with the latency on the replication side of things.

 

[err]

Well DFS could work, but it all depends how big of files you're talking about.

We are doing DFS across dedicated 256k line linking 6 cities. For smaller files, DFS would work just fine. However for larger files, DFS would puke and replication doesn't take place properly.

I dunno if this is caused by our slow dedicated link or what. However, getting high bandwidht dedicated link spanning cities are expensive, let alone spanning global countries.

err

 

[Garion]

Setting up and maintaining a VPN and a multi-network Windows network can be very complex and require a lot of planning and skill to execute. I don't really know your level of expertise, but if you're not comfortable with these technologies, it might not be a bad idea to get some professional assistance. VPN's have gotten a LOT easier than they used to be, but it's still not quite as easy as it's cracked up to be.

- G

 

[cmetz]

jianneng, the first scenario you describe, where the user is not aware of location, is a bad idea, precisely because the user is not aware of the location. Location (specifically, what's local, and what's non-local) is very important because the difference in performance could be huge.

>I guess one way to reduce this latency would be to upgrade both offices' bandwidth to a
>high-speed Internet access.

Increasing either site's bandwidth, assuming they are not substantially congested, will not affect the latency. Latency in this case is substantially the result of the speed of light - there's a very fundamental limit to how fast you can get a signal from AP to Europe. If you come up with a solution to that, please let me know! So you see, that for certain interactive operations, the problem here is fundamentally not solvable.

Replication and caching may be a good approach. I have not used Microsoft's approach, but I would be highly skeptical of it. A version that might actually work is the Transarc-now-IBM AFS. I am not sure of the relationship between AFS and DFS, I thought DFS somehow was an evolution of AFS...? Network Appliance also has replication for their file servers, and it probably works. All of the replication and caching systems I've seen require seriously competent system administrators.

Garion is on the money here - this is a problem that will require you to pay a pro if you want to have it done right.

 

[cleverhandle]

AFS could work out very well here. One file server on each end, each one containing the read/write volume for its local network and a read-only volume for the remote one. Probably DFS could do this too, but I've never explored it. But as the others have mentioned, any kind of distributed filesystem is certainly not a do-it-yourself job.

 

[bgroff]

Originally posted by: cmetz
jianneng, the first scenario you describe, where the user is not aware of location, is a bad idea, precisely because the user is not aware of the location. Location (specifically, what's local, and what's non-local) is very important because the difference in performance could be huge.

>I guess one way to reduce this latency would be to upgrade both offices' bandwidth to a
>high-speed Internet access.

Increasing either site's bandwidth, assuming they are not substantially congested, will not affect the latency. Latency in this case is substantially the result of the speed of light - there's a very fundamental limit to how fast you can get a signal from AP to Europe. If you come up with a solution to that, please let me know! So you see, that for certain interactive operations, the problem here is fundamentally not solvable.

If you have a nice direct path from SE Asia to Europe, its not THAT bad. Its not like a satelite link or something! If you get a decent provider, you can expect to see sub 150ms ping times. Of course, that depends where in SE Asia to where in Europe and how direct the path actually is... What this guy really needs to check into is a MPLS VPN provider... That way they could have a VPN without the high encryption overhead. But with all things, performance comes at a price.