Requirement summary:
- Remote access server (RAS) solution for central site of corporate network
- Fault-tolerant for 99.9% uptime
- Secure access for authorized users only
- Centralized management providing full set of usage statistics
- Remote access connectivity for telecommuters, mobile sales force and executives
- 1,000 users accessing accessing network at central site
- 500 users accessing network at each regional office, with 10 regional offices
- Support for IP and IPX protocols
Assumptions:
- A key objective is keeping remote access costs low.
- Solution must be able to integrate with existing network infrastructure and allow for future growth.
- Remote users are approximately 50% local and 50% long-distance (based on actual customer experience).
- PSTN and Internet are available to all remote users.
- User:port ratio is the industry guideline of 10:1.
Recommendation:
A hybrid solution combining direct dial and VPN remote access best meets Abbig Corporation’s need for high availability and security at an economical price point. This is preferable to either a pure remote access server or pure VPN solution (see attached Remote Access Analysis Report). From a cost perspective, direct dial remote access is cost-effective for local connections, because it doesn’t incur time or distance charges. This complements VPN remote access, which saves money on long-distance users, who can dial a local ISP POP instead of a more expensive 800 number. As a result, the most cost-effective solution is a mix of both direct dial and VPN remote access. To ensure high availability, an Intel LanRover Access Switch and LanRover VPN solution at each site provides built-in redundancy for all remote users, giving them access over the PSTN or Internet. Typically, local users access the network through the direct dial Access Switch but can also use the LanRover VPN solution as a backup option. The routing capability of the Intel VPN solution establishes an alternate path to the central site over the Internet, and the integrated, ICSA-certified firewall provides redundancy for the regional firewall. All the LanRover Access Switches and LanRover VPN solutions can be managed from the central site, and the Shiva Access Manager RADIUS server provides centralized authentication, authorization, and accounting for all remote users, regardless of how they access their sites. A secondary RADIUS server ensures redundancy and is accessible over the internal network, PSTN, or Internet. The Shiva Accountant can be used in conjunction with Shiva Access Manager to produce detailed usage reports and charts for capacity planning and individual billback. (see sample chart on page 4)Equipment cost:
The recommended configuration for each site is based on the industry guideline that 10% of remote access users will be online at any one time. This translates into 50 concurrent users per regional site and 100 concurrent users at the central site. Individual sites are set up with both a direct dial and VPN server, each of which can accommodate the full load of concurrent users independently as backup. Intel’s solution is designed for future growth, well beyond the initial six-month deployment period. By adding modem cards, network managers can easily scale the LanRover Access Switch to accommodate new users. As VPN remote access usage grows, they can add multiple LanRover Expresses or Gateways, providing greater capacity as well as redundancy, load-balancing and automatic failover. The Shiva Accountant can be used to determine capacity planning, and the Shiva Remote Access Analysis Tool, available for free at www.shiva.com/remote/vpnroi, can assist in determining the right mix of direct dial and VPN remote access for maximum cost savings. Regional Site| Product | # concurrent users | Quantity | List Price/Unit | Total List Price |
| LanRover VPN Express | 1 | $3,995 | $3,995 | |
| VPN 50 client license | N/a | 1 | Included | Included |
| VPN 250 client license | N/a | 1 | $11,000 | $11,000 |
| VPN Manager software | N/a | 1 | Included | Included |
| LanRover Access Switch DPS (48-port configuration) | 48 analog30 ISDN | 1 | $28,000 | $28,000 |
| Shiva Configurator | N/a | 1 | Included | Included |
| Cost per Regional Site | $42,995 |
Central site:
| Product | # concurrent users | Quantity | List Price/Unit | Total List Price |
| LanRover VPN Gateway Plus | 400 | 1 | $9,950 | $9,950 |
| VPN 1000 Client license | N/a | 1 | $18,000 | $18,000 |
| VPN Manager software | N/a | 1 | Included | Included |
| LanRover Access Switch DPS (48-port configuration) | 48 analog30 ISDN | 1 | $28,000 | $28,000 |
| Shiva Configurator | N/a | 1 | Included | Included |
| Shiva Access Manager (Primary RADIUS server) | 500 | 1 | $4,250 | $4,250 |
| Shiva Access Manager (Secondary RADIUS server) | 500 | 1 | $3,185 | $3,185 |
| Shiva Access Manager 1000-user license | 1000 | 1 | $800 | $800 |
| Shiva Accountant | Unlimited | 1 | $1,995 | $1,995 |
| Total Central Site Cost | $66,180 |
