We have caching servers set up in all of our offices, and this brought some great efficiencies to project team members that sit in the same office. However, due to the current situation gripping the world, 100% of our users are working away from the office, so no two users are on the same LAN. Our VPN is currently routed through one of 4 different offices throughout the country - depending, theoretically, on which one is closest to the user. As such, all our ProjectWise users are connecting to one of these caching servers through the VPN. This could theoretically put the project files "closer" to the user, though obviously the user now has to go through the VPN to download these files. My question is, should we be doing this, or should we be sending these users directly to our Bentley-hosted cloud data source? My sense is that we should not be using the caching servers and VPN and instead going directly to the Bentley-hosted cloud server, but that is just a guess. Can anybody here offer some advice that is perhaps better informed than my "gut"? Thanks.
Thank you for this well-written question. I think your gut sense is correct. In this configuration, I would expect you to see better performance by pointing the PW Explorer clients directly to the cloud-hosted data center. It's less hops, frees up the VPN traffic for other data and, as I'm sure you know, the PW Explorer client will still cache local copies of files and continue to leverage Delta File Transfer.
Stay safe ...Tom
Thank you for confirming my suspicion - would this be true, even if the users are on the opposite coast from the data center, or perhaps across the Atlantic?
HI Jon, this tool may help you determine if the speed is quicker going directly to the Azure datacenter from that users region or if the latency is lower/better performing using the VPN/Caching server. The caching server is just managing the file transfer, not the database calls that occur with end user functions like folder browsing, viewing the audit trail, or attribute updates. All of those calls from the client go directly to the Integration server.
If your users can run without VPN and the configuration will still work (not forced to a server they can't get to), that would be the most efficient for networking. VPNs are choke-points. Next most efficient would be to see if they actually go directly to their normal building. Usually, companies only have one VPN server. If you really have one on the same high speed network as the caching server in each building and users have to be on the VPN, you'd get the same improvement like the office if cache hits are high or people work on the same files. So that case would mean you're already running optimally.
Our users are still using VPN to access on-premise PW Integration servers and then for accessing external datsources/Bentley hosted the users are still looking at our internal Gateway/Cache server.
I have however adding some additional routing so if it recognizes the users are connected via the VPN we tell the users machines to go directly to the hosted servers using their internet connection rather than through the internal Gateway/Cache server. With this solution we still retain control of what datasources the users see and can centrally distribute the datasource and routing information rather than amend all the users network configuration settings.
So in our DMSKRNL file on the gateway/cache file it does the following.
1) Are the users on a office subnet if so point them to their local office cache server and then either out via the Cache/Gateway server or local office internet break out. If not go to the next step.
2) Are the users using the VPN (certain subnet) if so tell the users machine to go directly to the external/Bentley hosted server. If not go to the next step.
3) None of the above apply so allow user to go out via the Cache/Gateway server (Usually this means office does not have a local cache server).