Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Rob (Microtrader) on October 24, 2003, 12:39:34 AM
-
What hardware configuration would you recommend (CPU and Memory mainly) for an e-smith 5.6 server acting only as a VPN router for 15-20 users?
This box isn't serving up any webpages or e-mail (that is handled by an NT server and exchange 5.5 behind the e-smith server using port forwarding) nor is it acting as a file server (making HDD requirements minimal).
The client currently has a real old box (pentium 100 or something with e-smith 4.x). I don't know how many users he has connecting but his main complaint right now is speed.
Any suggestions would be appreciated.
Thx
-
the usual answer applies, as fast as you can afford.
I am no guru, so I don't know what will help most, CPU or RAM.
I would go with at least a 1GHZ machine with as much RAM as you can throw at it, 512MB - 1024MB.
I think that would do nicely.
I had my p100 running e-smith and went to a PII-400 and was blown away at how much faster everything was, especially web admin
so, a p100 is definitely way to slow for what you need.
steve
-
You don't need much box speed but you do need RAM; I think any Pentium II would do, with 256 megs of RAM or more. Your limitation will be bandwidth! 15-20 VPN clients will potentially have issues even with a full T1, depending on what they're doing.
-
I would consider passing 5.6 and going 6.0. Applying the latest patches removes the reference to beta. I had vpn problems with 5.6 and can vpn into my 6.0 server for full days without a problem. I have also read in this forum that 6.0 is faster than 5.6 - but I can't make this claim.
-
Thanks for the help everyone. I kind of figured a pentium 2 class machine with plenty of memory should be sufficient. Way less expensive than one of those hardware VPN routers.
Bandwidth is cable modem so I will let them know of their potential bottleneck there. They figured that 15 is the max they would ever have but I have my doubts that that many people will ever be connected at once.
Also, e-smith 6 is the way to go? If it doesn't say beta and it runs decent I'll certainly load it up for them.
-
>> Way less expensive than one of those hardware VPN routers.
Have you looked at NetGear FVM 318
http://www.netgear.com/products/prod_details.asp?prodID=159&view=sb
For $300 you will have 70 IPSec VPNs.
Where are docs how to configure W2000/XP built-in IPSec to connect to them, or SafeNet's SoftRemoteLT.
-
Frankly if you're JUST using SME as a firewall/router & VPN server then you're probably not using the best distribution for this. SME's not a bad choice, indeed it's quite a capable choice, but there are distributions that specialize in what you're trying to do, are highly optimized for it, and somewhat more versatile in firewall/router/vpn operation. The reason I point this out is that it's likely that the more specific distribs will be faster on the hardware you're talking about.
However I gotta say there are few cable systems that offer enough bandwidth upstream to make more then one vpn session pleasent much less multiple ones. I'd do some testing and determine what kinda bandwidth the site in question is really getting and look there first for performance problems. Remember most cable plants have highly asymetric designs ie folks can download fast but sending up (or in this case, out) is a magnitude slower.
Finally as some other folks pointed out there are a lot of routers on the market that offer good vpn implementations in handy little black boxes. Again, if you're just using the PC in question as a router/firewall/vpn it'll probably be more effective in time/power/space/support/backup/distaster planning/cost to just put in a piece of dedicated hardware then a repurposed PC.
YMMV of course.