Jump to content

VPN for business. 100% uptime ??? Internet?

JCBiggs
By JCBiggs
in Networking
 Share
Posted

Hey guys  loaded little post here but Im trying to come up with a workable solution for my company,

 

We bought a new facility for distribution.  With our current MRP software, there is really no good option for a second physical location. Its either buy new MRP (not happening) or do data entry over the phone and by hand (not happening) So, we are going to attempt to make it work like its just another local office, using VPN.   I am curious if any of you have experience with VPNs for 100% on-time business networks, specifically in regards to how stable they are, and if I can expect the sites to stay connected 100% of the time, excluding situations like power outages.   This is important as any interruption in the network would essentially stop work on each end. (massive $ loss in just a couple hours)    Also, VPN would have priority over all other traffic, but what kind of latency and speed reduction do you think we can expect with gigabit?  (or is this more of a hardware selection issue)

 

2 more questions regarding traffic. 

In addition to the manufacturing database, (which is really small bandwidth usage) we are also going to be send security camera streams. H265. probably 100-150mbps continuously on a gigbit connection.  Im wondering if this is really a good idea, or if i should just build another server. (our current server is very underutilized)  I much prefer having the data over here in our climate controlled Server Room.  

 

Lastly; For other "normal" internet traffic.. google, youtube, etc.  is it possible to segregate that traffic and NOT send it over vpn?   I'm thinking of just putting in WIFI access points that are NOT on the VPN.   All computer's Ethernet connections would be locked into the vpn, but the WIFI dongles would be able to reach the internet. I'm thinking this should be doable with the localhost config file, but i'm wondering if there is a better way.   I just dont see a point in routing regular internet traffic through the primary location.  

 

fyi, the two buildings are physically less than 2 miles apart and are serviced by the Same locally  based ISP.

System: https://pcpartpicker.com/list/mgX2hq

Passmark: https://www.passmark.com/baselines/V9/display.php?id=91527558160
 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

What you are looking for is "point to point" (P2P) or "site to site" vpn.

Unfortunately this about as far i can go to help you... sorry. Networking is not my strong point. Ill tag another member that can help.

 

@leadeater

@Lurick

 

Also...

-= Moved to Networking =-

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

  

 

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

Reputation is a Lifetime to create but seconds to destroy.

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Docendo discimus - "to teach is to learn"

 

 CHRISTIAN MEMBER 

 

 
 
 
 
 
 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, JCBiggs said:

Hey guys  loaded little post here but Im trying to come up with a workable solution for my company,

 

We bought a new facility for distribution.  With our current MRP software, there is really no good option for a second physical location. Its either buy new MRP (not happening) or do data entry over the phone and by hand (not happening) So, we are going to attempt to make it work like its just another local office, using VPN.   I am curious if any of you have experience with VPNs for 100% on-time business networks, specifically in regards to how stable they are, and if I can expect the sites to stay connected 100% of the time, excluding situations like power outages.   This is important as any interruption in the network would essentially stop work on each end. (massive $ loss in just a couple hours)    Also, VPN would have priority over all other traffic, but what kind of latency and speed reduction do you think we can expect with gigabit?  (or is this more of a hardware selection issue)

 

2 more questions regarding traffic. 

In addition to the manufacturing database, (which is really small bandwidth usage) we are also going to be send security camera streams. H265. probably 100-150mbps continuously on a gigbit connection.  Im wondering if this is really a good idea, or if i should just build another server. (our current server is very underutilized)  I much prefer having the data over here in our climate controlled Server Room.  

 

Lastly; For other "normal" internet traffic.. google, youtube, etc.  is it possible to segregate that traffic and NOT send it over vpn?   I'm thinking of just putting in WIFI access points that are NOT on the VPN.   All computer's Ethernet connections would be locked into the vpn, but the WIFI dongles would be able to reach the internet. I'm thinking this should be doable with the localhost config file, but i'm wondering if there is a better way.   I just dont see a point in routing regular internet traffic through the primary location.  

 

fyi, the two buildings are physically less than 2 miles apart and are serviced by the Same locally  based ISP.

First of all I think your confused about VPN's. All a VPN is, is a secure connection between two points. So what many home users do is pay a VPN service so they have a secure tunnel from their home to the VPN services server. NOW in the business world you use VPN's to connect two sites, or people who work from home and need access to company resources. The point is, in a business situation your NOT using a VPN service. You will have your own servers and pretty much have complete control over the VPN. 

 

How stable it is, depends on the internet connection on each end. Now how to set this up is beyond me, Im sure there are people here or resources online you can consult. 

I just want to sit back and watch the world burn. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, JCBiggs said:

Lastly; For other "normal" internet traffic.. google, youtube, etc.  is it possible to segregate that traffic and NOT send it over vpn?   

Yes, the Site to Site VPN will only route traffic through it that matched the remote subnet list/route table. All other traffic will not go through the VPN.

 

7 hours ago, JCBiggs said:

We bought a new facility for distribution.  With our current MRP software, there is really no good option for a second physical location. Its either buy new MRP (not happening) or do data entry over the phone and by hand (not happening) So, we are going to attempt to make it work like its just another local office, using VPN.   I am curious if any of you have experience with VPNs for 100% on-time business networks, specifically in regards to how stable they are, and if I can expect the sites to stay connected 100% of the time, excluding situations like power outages.   This is important as any interruption in the network would essentially stop work on each end. (massive $ loss in just a couple hours)    Also, VPN would have priority over all other traffic, but what kind of latency and speed reduction do you think we can expect with gigabit?  (or is this more of a hardware selection issue)

 

7 hours ago, JCBiggs said:

fyi, the two buildings are physically less than 2 miles apart and are serviced by the Same locally  based ISP.

You can either setup your own Site to Site VPN between your firewalls or pay for a service from your ISP. Due to the short distance you should be able to get a service like a Private VLAN between the buildings or a Virtual Wire Pair and treat it as a long distance direct LAN connection. These types of services are more expensive but offer better latency and throughput as well as potentially better up times due to the SLAs on them, which is in part why the cost more.

Link to comment
Share on other sites
Link to post
Share on other sites
  • 2 weeks later...
Posted
  • Author

I think we are just going to go with a hardware option and replace our firewalls with USG', and use the built in P2P vpn option. I dont really understand how to segregate the traffic however, and i think im just going to let the IT company handle that. 

System: https://pcpartpicker.com/list/mgX2hq

Passmark: https://www.passmark.com/baselines/V9/display.php?id=91527558160
 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×