TOPIC: 2 T1's or DSL/Fiber

Okay, so this is more of an advice question that it is a technical one. I currently run a PTP T1 between two sites about 200 miles apart. The problem is that the site has no support personnel and runs a couple of servers w/ about 100GB of data that needs to be backed up. Our nightly backups are done locally at that site. However, the week-end and month-end backups are required to be stored in off-site storage. Our solution has been to use Veritas and backup over our current T1.

Well, business is getting really busy and our remote facility is working 24x7. The backups are clogging the T1 over the weekend making the rest of their remote services (file, exchange, net apps, etc) unusable.

I have a limited budget to work with and PTP T1's are expensive. I've thought about implementing QoS to priortize traffic but it will push our backup times beyond our time window. Right now, we pay about $1400/mo for our PTP T1. A second would double that putting us at about $33,600/yr. I can get a 10Mb fiber connection to the net for about $100 a month on our remote end. On our local end, I should be able to get a 3Mb DSL line for pretty inexpensive. I could set up a VPN tunnel between the two sites and save the company some money.

Does anybody have any other suggestions? There has to be a better solution than forking out a ton of money for two PTP T1's. My goals is to get roughly 3Mb+ of throughput.

Any ideas?

Drew

Does it have to be a technical solution? I know you have no support personnel on the site, but all you need is a trained monkey. Automate the backup and tell them to stick a tape in each morning, take it out each evening and take it home when they leave. I know it will require a little hand-holding at first but it will be by far the cheapest solution

LOL!!! I wish it were that simple. We are a small DoD contractor so we have very strict security policies. One of the reasons I don't even know if I can get away with the VPN solution is security. We are not allowed to have any internet connections at either of our sites. I am going through all our policies to find out if there is a way around it to allow the VPN solution to work.

Our backups at our main site are put on tape every week, put into a lock box and stored in an off site, fire-proof safe in a secured building. Because we are a DoD contractor, we have very strict policies regarding data retention and backups.

I know there are ways to make an internet VPN tunnel safe. I have thought about hardware encryption like the military but those solutions tend to be very expensive.

Do you feel a VPN tunnel, given the right hardware and configuration, could be made truly secure? I realize there are always security holes. Hell, all my laptops have encrypted hard drives but half the users have a sticky note on keyboard with the encryption username and pwd.

Well, you all can just ignore this post. I just got in contact with our "security advisor" who basically said PTP T1's or nothing. It sucks being stuck with a s**t budget and non-technical security folks who are stuck in the past and won't even look forward toward the future. Oh well... Looks like I'm off to find a replication server so I can just keep a replicated copy of the data here at our main site.

Any suggestions...

I share your pain with the security people. One project I worked on involved a solution to reduce the amount of hardware on desks in an operation where the users had to access two physically separated networks. So we said the obvious - use a single monitor, keyboard and mouse between the two systems using a KVM switch. Enter the security man who insisted on a thorough security evaluation of the KVM switch. But it's just a switch, we said. Oh nonononono, it's an electronic device! What if the data displayed on the screen of one system somehow found it's way through the switch, backwards down the screen cable of the other system and thus onto the other network? (I'm not embellishing, that is exactly what they said) What if the device could be compromised by an attacker to make it do this? What if this, and what if that? (And what if we thump you, which we were tempted with I can tell you).
Eventually they saw sense, but only after insisting that we use a totally passive switch box (i.e. literally a switch in a box), which caused endless support calls because when you switched it over there was a momentary break between systems and the mouse and/or keyboard used to stop working.
It worries me that our governments have such technically inept people making sure I can sleep safely in my bed at night. Murderers, terrorists and flesh-eating aliens might overrun us, but at least the hideous threat of the active KVM switch will be robustly defeated

Scary thought! I'd better firewall all my KVM switches.