It depends :)

I'd certainly push for having the Windows Servers in the same data center
as the IBM i.

If not, I'd want a direct VPN between them. Can that be done? Sure. Will
both data centers be willing to do it and how much will it cost are the

Same thing goes for the sales people's laptops. You say that currently "The
order gets sent from the laptop over the internet
to a Windows server in our office
​" Which to me means that the Windows server is in your DMZ and is
publically accessible ​with the right credentials. A data center should be
able to provide the same DMZ; though in my
​ having a DMZ server at data center​ costs more than having
just private servers.

Now if your salespeople currently have to connect via VPN to your office
before they can send the order to your windows server; then your windows
server is private. There's no technical reason why the sales people
couldn't VPN direct to the data center without needing to go through your
office. Again it's a question of what the data center is willing to do and
for how much.

The data center might not be willing to allow the direct VPN given the
added complexity. Remember, unlike a VPN to your office where the remote
device usually has full access to the network in your build. A VPN direct
to the data center has to be carefully set up so that the remote devices
can only see your servers.


On Wed, Jul 30, 2014 at 3:21 PM, Jeff Crosby <jlcrosby@xxxxxxxxxxxxxxxx>


Bear with me as it will take a bit to explain what I'm asking.

We're considering putting all our servers (IBM i and Windows) in the cloud
in a data center(s). Ideally (and our definite preference) the IBM i and
Windows would be in the same data center, but it's conceivable they would
be split into different data centers because the same provider may not be
able to do both.

Here's the example. Our billing and invoicing is done on the IBM i. We
use a 3rd party ordering app for our outside salesreps to take and place
orders on laptops. The order gets sent from the laptop over the internet
to a Windows server in our office, which FTPs it to the IBM i, the IBM i
processes the order and FTPs the results back to the Windows server. The
Windows server then passes this on to the laptop. This happens in seconds.
So the flow looks like this:

Laptop --> Dilgard router --> Windows server --> IBM i --> Windows server
-->Dilgard router --> laptop

It goes from the laptop to our office and back. The laptops connection for
sending orders is DNS aware: When the sales
rep clicks the option to send an order, the software connects, sends it,
and waits for the results.

When in a data center, there is a PTP VPN set up between our office and the
data center. I assumed that once the servers are in a data center, when a
salesrep sends an order the flow would be the same, except it would go
directly from the laptop to the data center and back. (This assumes we
changed to point to the data center instead of
our office.) There is no need at that point for it even to come to our
router in our office.

Something I was told however leads me to believe it does come through our
router, like this:

Laptop --> router at Dilgard --> router at data center --> data center
Windows server --> data center IBM i --> data center Windows server -->
router at data center --> router at Dilgard --> laptop.

coming through our office twice, even though it doesn't "do anything" while
here. And if the Windows and IBM i servers are in different data centers,
it's even worse:

Laptop --> router at Dilgard --> router at Windows data center --> data
center 1 Windows server --> router at Windows data center --> router at
Dilgard --> router at IBM i data center --> data center IBM i --> router at
IBM i data center --> router at Dilgard --> router at Windows data center
--> data center Windows server --> router at Windows data center --> router
at Dilgard --> laptop

It goes through our office *4* times, each time doing nothing but being
routed back out. IOW there is no internet access provided at the data
center (so to speak), the only access to the data center is via the PTP
VPN, which means everything has to come through our office.

Which way is it? Does it depend on the data center? If there is an online
document that explains how it works please point me to it. I evidently
can't come up with the right search words. The older I get, the dumber I


Jeff Crosby
VP Information Systems
UniPro FoodService/Dilgard
P.O. Box 13369
Ft. Wayne, IN 46868-3369

The opinions expressed are my own and not necessarily the opinion of my
company. Unless I say so.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page