Printing at a remote location through a VPN

[Skylinerecording]

I am about do a network job that involves a inventory software that accesses a SQL database and runs through terminal services also the company has a main location and remote location. Right now they have a T1 backbone between the 2 locations but want to get rid of it. In this software they will be printing invoices, inventory print outs....... Is there a way to be able to print the invoices and all that at the remote location through a VPN connection or do they need to have that backbone with the direct connection to the main network. I have been reading up on it and keep getting conflicting answers. Also there are 5 people at the remote location that will be accessing the software on there own computers and will all need to be able to print.

 

[atomiser]

can terminal services map to a locally installed printer using generic drivers? i know citrix can do this, because i use it...

 

[shade_star]

OK your answer is it depends on what the company is doing.
Are they going to continue to run through terminal server? If so then they dont need a vpn they should be able to print through terminal server. Terminal server needs to have the drivers installed since it acts as the 'host' even though the printers are physically attached to the client machines.
I prefer a vpn with a dedicated line that they have now. Depending on the ISP they may be able to set you up on the back end with a vpn so you dont need to buy anymore hardware/software.
Are you sure that the T1 is linked back to the main office? If so why isnt there a vpn already set up?
Through a vpn printing will work as if you were sitting in the main office, thats the point of a vpn.

 

[Wolf-R1]

OK your answer is it depends on what the company is doing.
Are they going to continue to run through terminal server? If so then they dont need a vpn they should be able to print through terminal server. Terminal server needs to have the drivers installed since it acts as the 'host' even though the printers are physically attached to the client machines.
I prefer a vpn with a dedicated line that they have now. Depending on the ISP they may be able to set you up on the back end with a vpn so you dont need to buy anymore hardware/software.
Are you sure that the T1 is linked back to the main office? If so why isnt there a vpn already set up?
Through a vpn printing will work as if you were sitting in the main office, thats the point of a vpn.

Uhm...why would you need a VPN over a point to point T1 line? You're adding unnecessary overhead. The only reason you need a VPN is to secure traffic traversing networks that you do not control. A T1 line is a dedicated circuit.

In answer to the OPs original question, yes you can do your printing via VPN. Optimally you would need two termination points and do this router to router. Whether it's done by your ISP or where you purchase the equipment, build and maintain the VPN is up to you. Either way this scenario is a dial on demand solution. As soon as traffic is generated the router passing the traffic will initiate the tunnel to pass the traffic if the tunnel isn't already established. There may be a delay in traffic if the tunnel needs to be built but after that traffic is fairly rock solid.

 

[Skylinerecording]

Thanks for all the answers. I personally think a backbone is the best idea just for the fact that there would be 5 people with vpn tunnels that will be pounding on it for 8 hours a day plus you will have the employees up there accessing the internet and both places only have DSL for there ISP. I mean ideally wouldn't everyone say a backbone is the smartest idea

 

[shade_star]

Uhm...why would you need a VPN over a point to point T1 line? You're adding unnecessary overhead. The only reason you need a VPN is to secure traffic traversing networks that you do not control. A T1 line is a dedicated circuit.

In answer to the OPs original question, yes you can do your printing via VPN. Optimally you would need two termination points and do this router to router. Whether it's done by your ISP or where you purchase the equipment, build and maintain the VPN is up to you. Either way this scenario is a dial on demand solution. As soon as traffic is generated the router passing the traffic will initiate the tunnel to pass the traffic if the tunnel isn't already established. There may be a delay in traffic if the tunnel needs to be built but after that traffic is fairly rock solid.

Of course a T1 is dedicated but there are many different types of services to integrate this into a main office. The OP didnt say if its a PTP connection and if it is a true PTP the OP would be able to plug a computer on the remote office and then ping or pull up file shares from the main office. If they cant do this already then who knows what the T1 actually does. For all we know it could just be their internet line.

OP if you are able from the remote office to ping the main office or see the main office (through file shares or network browsing) then you dont need to do anything. If you cant do this you need to talk to your provider so they can set up some routing rules to the 2 locations can see one another.
Yes IMO a dedicated line between the 2 sites is the best idea

 

[Skylinerecording]

Just so everyone is aware as far as I know it's p2p the system they are running now is about 10 years old don't know what it runs in and the server is a 233 and all the "computers" are just little terminals. Then they have a separate DSL connection for all the new computers I just put in to be able to get out to the internet. They want to get rid of the T1 line because of the price and the software company they are getting there software package from says they don't need it anymore. I figured they were telling them they are able to do everything through a VPN. I just don't have a ton of experience with VPN's and didn't know if you were able to print at the remote location. But the more I think about it wouldn't there be a huge bottle neck with 5 VPN tunnels that are being used all the time and 10 people at the main office going out to the internet all the time on a DSL line.

 

[twwabw]

If that app is running on TS, then yes- remote printing is part of the program, although printing with TS to local desktop printers can sometimes become tricky. TS is fussy about remote printing to desktop attached printers. If they are generic laserjets, etc., it's easy. If they're using MFPs and certain USB printers, it can be a chore to get them set up. Generally speaking though, network attached printers will all work.

A dedicated T1 is not necessary- but if it's a dedicated point to point connection, it's still a great way to run it. This will also work fine over VPN, but I think you're confusing individual tunnels with point to point tunnels. If you set up PTP tunnels (I prefer to do it with hardware VPN appliances) the entire sites are joined, and no need for client tunnels. I do this exact same scenario at a couple sites. SonicWALLs at each site with permanent tunnels between the locations. The remote site clients connect to their accounting app via TS at the main site. Very little bandwidth used for each client, as that's the whole point of TS (or Citrix). The tunnel is secure, and 24/7, with no client intervention necessary. Each site can browse the other as though it were a local subnet.

 

[Party2go9820]

If that app is running on TS, then yes- remote printing is part of the program, although printing with TS to local desktop printers can sometimes become tricky. TS is fussy about remote printing to desktop attached printers. If they are generic laserjets, etc., it's easy. If they're using MFPs and certain USB printers, it can be a chore to get them set up. Generally speaking though, network attached printers will all work.

A dedicated T1 is not necessary- but if it's a dedicated point to point connection, it's still a great way to run it. This will also work fine over VPN, but I think you're confusing individual tunnels with point to point tunnels. If you set up PTP tunnels (I prefer to do it with hardware VPN appliances) the entire sites are joined, and no need for client tunnels. I do this exact same scenario at a couple sites. SonicWALLs at each site with permanent tunnels between the locations. The remote site clients connect to their accounting app via TS at the main site. Very little bandwidth used for each client, as that's the whole point of TS (or Citrix). The tunnel is secure, and 24/7, with no client intervention necessary. Each site can browse the other as though it were a local subnet.

twwabw has the right of it. This is actually two different questions/issues. Should the link be provided by VPN or T1 and how does the printing work for your application.

There is no one-size-fits-all answer for which is better - VPN or T1. They both have their pro's and cons. VPN's are usually cheaper, have less bandwidth available and thoretically aren't as stable because they are running over a less stable internet delivery system. T1's are generally more expensive, but offer a guaranteed SLA with better uptime and dedicated bandwidth.

 

[Skylinerecording]

Well they are keeping the T1 for atleast 6 months b/c that's how long they want to keep the old system up. I am thinking I might just use that and show them how nice it runs and try to explain to them this is best way to go. If not I guess it's back to the VPN. Thank you everyone of all the info though it's greatly appreciated.

 

[shade_star]

I would have them do a VPN through a leased line so the two sites talk to each other with no hardware to buy. Talk to your provider.

 

[Malivar]

TS is fussy about remote printing to desktop attached printers. If they are generic laserjets, etc., it's easy. If they're using MFPs and certain USB printers, it can be a chore to get them set up.

If you do go this route and are using MFP's the following reg-hack is what you need in my experience.


On the local computer:
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default\AddIns\RDPDR

Create a DWORD with the hex value of ffffffff and you should be set.

The key won't be there unless they have made one remote connection with the TS client. And of course it's per profile, hence the chore aspect if there is any sharing of pc's that goes on.