Merger
-
@scottalanmiller said
Sounds like two outdated IT departments that weren't being watched over too carefully spending money a bit recklessly.
How did you reach that conclusion?
-
@scottalanmiller
remote app you mean cloud based ?yea each office has a VPN to connect the branch offices.
company A has 4 branch office connected via VPN
company B has 3 branch office connected via VPNthey access the main apps and services via RDP
-
@Carnival-Boy said:
@scottalanmiller said
Sounds like two outdated IT departments that weren't being watched over too carefully spending money a bit recklessly.
How did you reach that conclusion?
ESXi for one... spending money or lacking capabilities in an SMB. We know the size of these companies, they are not big enough to even thing about getting the advantages that VMware can offer at scale. The cost of VMware licensing to be useful would be larger than we would expect the entire budget for IT for a company of this size to be. It's an order or magnitude off in this case. We don't know every detail, but this one is extreme. Sure it might be lingering from long ago, but that means that either people have not been overseeing the spending for years, investing in technical debt and/or just letting things age.
-
@StefUk said:
@scottalanmiller
remote app you mean cloud based ?No, just remote apps in the general sense.
-
@StefUk said:
they access the main apps and services via RDP
Then what is the purpose of the VPN? Why have a LANless design around app handling but then extend the LAN anyway? What's the goal and reason behind each?
-
@StefUk said:
o365 not an option as DMS ( document management systems core application ) dont integrate with this too well so not an option at present.
have you checked into this? What's causing this problem? is this an outdated core dependency?
-
@Carnival-Boy said:
How did you reach that conclusion?
Dependencies on on premises email for another. The dependency is possibly real, but how did it happen?
-
@scottalanmiller
let's not start this .. this is not a character assassination on what could have been done better and why company use certain technologies nor other.. you can create an other post on best practices .. ( i m sure we have a few)
-
yes the legal industry is what it is ... no option to change the DMS systems
-
@scottalanmiller
i don t understand .. what you mean.
VPN's are there to connect offices to the main office where the main apps are hosted via rdp. again it is what it is .. at list they use the same way of connecting offices RDPs
-
@StefUk said:
@scottalanmiller
let's not start this .. this is not a character assassination on what could have been done better and why company use certain technologies nor other.. you can create an other post on best practices .. ( i m sure we have a few)I was asked why.
-
@StefUk said:
i don t understand .. what you mean.
VPN's are there to connect offices to the main office where the main apps are hosted via rdp. again it is what it is .. at list they use the same way of connecting offices RDPI understand that "it is what it is", but... why? I'm confused... is the goal here to "maintain the technical debt" in which case there is literally nothing to be done, just leave it all as it is. Or is the goal to "do the best thing going forward?" If the latter, then we must understand the reasoning and logic for the existing system to understand what makes sense to meet their needs in the future.
If we ever say "let's not go into this" then the entire point of trying to recommend anything for them is pointless, the decisions are made and this is a farce. We have to examine their past and their needs in order to find out what is a good solution for them.
So the question remains: what is the function of the VPN? Why does it exist? Does it have a purpose or is it just technical debt kept around because no one is evaluating needs until now?
-
@StefUk said:
VPN's are there to connect offices to the main office where the main apps are hosted via rdp.
Would you add a VPN to look at a web site or get email? Why for RDP? I know that lots of companies do this, but I don't know why companies do this. More importantly, we don't know why these two do it.
What if you find that the VPN is in the way and causing problems? Wouldn't it be good to remove it now rather than after money is spend due to a false assumption?
-
@aaronstuder said:
@scottalanmiller said:
You can have unlimited AD on a single LAN.
Not that you should, but you can
What is your reason for not? not that I disagree, I just wouldn't be in a huge hurry to get rid of company B's setup.
-
@Dashrender said:
What is your reason for not? not that I disagree, I just wouldn't be in a huge hurry to get rid of company B's setup.
The purpose of AD is authentication consolidation. If you have multiple AD, clearly some of that purpose is lost.
-
@scottalanmiller said:
@StefUk said:
i don t understand .. what you mean.
VPN's are there to connect offices to the main office where the main apps are hosted via rdp. again it is what it is .. at list they use the same way of connecting offices RDPI understand that "it is what it is", but... why? I'm confused... is the goal here to "maintain the technical debt" in which case there is literally nothing to be done, just leave it all as it is. Or is the goal to "do the best thing going forward?" If the latter, then we must understand the reasoning and logic for the existing system to understand what makes sense to meet their needs in the future.
If we ever say "let's not go into this" then the entire point of trying to recommend anything for them is pointless, the decisions are made and this is a farce. We have to examine their past and their needs in order to find out what is a good solution for them.
So the question remains: what is the function of the VPN? Why does it exist? Does it have a purpose or is it just technical debt kept around because no one is evaluating needs until now?
the site to site VPN is there as a way to connect the branch office to the main office .. how do you suggest they connect to the main office to access the core applications ? cloud - hosted application is not an option .
-
@StefUk said:
the site to site VPN is there as a way to connect the branch office to the main office .. how do you suggest they connect to the main office to access the core applications ? cloud - hosted application is not an option .
I never suggested another means or cloud in any way (other than email.) What I asked is, or what I meant to ask is... why are the offices connected? VPN is a great way to connect offices, but what we have not heard about is why they are connected. We've seen that they use RDP which you use, in most cases, because you don't want to connect the offices. So you have one piece, RDP, that would exist "because you don't have a VPN" and another, VPN, that exists for the opposite purpose.
I'm not suggesting that this is bad, I'm just stating that we have no idea based on the description what the VPN is used for as the only thing we see it used for is its alternative, not its pairing.
Like saying that they have to have a truck but they drive a car everywhere. Then when I ask why they have a truck you say "well how else do they drive to the other office?" Well, I was assuming that that is what the car was for. Make sense?
-
We could ask in another way, given that they chose a VPN to connect the offices, why is there RDP? What is the VPN not handling well that as made them feel the need to have redundant connection technologies back to the main office?
-
I'll restate Scott's comment my own way.
Do you have PCs at those branch offices that run applications locally but access resources that are at the main branch?
If yes - why? You've already told us that you have RDP - why are you using both?
RDP itself can be/is secure and doesn't require VPN for connectivity to the main location. This is the LANless design Scott it talking about. You don't need a secure local network to use RDP, because RDP itself provides it's own security, so why waste the time, energy and money on VPN if you don't need it.
-
There is a lot of info that is needed here and from the description, there just isn't enough information to make a good determination as to need.
