12 Replies Latest reply on Sep 26, 2013 6:48 AM by disabled_jackrodgers

    Remote Host and VPN and...

      A client is having a lot of problems with a remotely hosted file using VPN and Comcast. Plus the host is not a Filemaker Friendly host but one of those server farms designed for email and web pages.

       

      12 user Filemaper Pro 12 v4 and FMPSA 12 v2

       

      Problems include stalls, freezes, lost records and clients not being able to see the database.

       

      There is a network copy of Viper anti-virus running. I suspect this is part of the problem with not being able to enter a record.

       

      VPN and encryption create slowness and we have run a copy on another network using just SSL. Noticeably faster and smoother but just one user was online.

       

      Comcast in my mind is a big issue since we know how it often stalls during video and its outages might only be a nuisance for browsing but a nightmare for a database.

       

      The database is a bit of a newbie nightmare and shows the traits of design under pressure and unfinished areas plus outright questionable design. Doing a show all of 30,000 records of 714 fields and 30-40 connected TOs is a bit of a problem.

       

      OK, my real question is: How will using a large scale host not designed for Filemaker Server affect FMSA performance? Will a rack mounted server not set up to maximize Filemaker performance nesteled among a thousand other rack mounted servers perform well?

       

      My second question is will switch from VPN and encryption to SSL via FMSA boost the speed and/or eliminate many of the stalls and pauses?

       

      Are performance jitters charactistics of using Comcast Business networking or any other cable provider?

       

      I think the client switched from T1 to Comcast Business to save money...

       

      Answers and comments appreciated.

        • 1. Re: Remote Host and VPN and...
          Mike_Mitchell

          "Doing a show all of 30,000 records of 714 fields and 30-40 connected TOs is a bit of a problem."

           

          I think it's more than a bit of a problem. It's probably the core of the problem.

           

          Most people (myself included, in my younger days) immediately start looking for a hardware or network problem when our databases start acting up, when the problem is in the mirror. Here's why:

           

          With FileMaker, the client/server model is "record-centric". That means whenever the client requests a record from the server, it gets it. All of it, every field, whether it appears on the current layout or not. (Notable exceptions include unstored calculations, container fields not yet displayed and a few others.) However, I'm going to take a guess that you have some aggregates involved here, since you mentioned a "show all" command. That would indicate, most likely, the use of Sum, or Count, or perhaps summary fields. In that case, FileMaker has to load all 30,000 records, all 714 fields, across the wire in order to process the aggregate calculations.

           

          Slow. Especially across the open Internet.

           

          My suspicions are further bolstered by the fact your client switched from T1 to a broadband service. That's a smaller pipe, so I would expect network performance to drop.

           

          Solution: Fix the design first. Get rid of any excess fields in that table (which probably means properly normalizing the database) and try to do away with any aggregates that aren't needed. Other speed-improving tips might include:

           

          1) Use lightweight graphics (small size, few colors) and use the same graphics on every layout. Takes advantage of caching.

          2) Take further advantage of caching behavior by considering using one-to-one relationships to move fields that are rarely updated (like product descriptions) into a parallel table with those fields that are frequently updated. This allows the client to fetch only what it needs (i.e. what's changed) when the cache is refreshed.

          3) Consider moving business and application logic into the interface layer with tools like Conditional Formatting, ExecuteSQL ( ) (defined using a script and stored in a variable), Merge Variables, and the like. These can be processed on the client without adding network overhead.

          4) Further, using ExecuteSQL for temporary joins can release memory burden that would normally be used for the join cache. This can help the client with processing and improve felt performance.

           

          In short, while you can see some degree of improvement from moving off a VPN, I don't think it'll be much. The behavior you're describing is fairly typical of a high-overhead database that needs to be thinned out. I've been there. Designing for bandwidth is, at least in my experience, much more likely to produce a good return than fiddling around with the hardware.

           

          HTH

           

          Mike

           

          P.S. OTOH, I would definitely recommend you get someone to host the database who actually knows something about FileMaker - but not for performance reasons. Server admins who don't know FileMaker are notorious for doing things that are, well, dangerous, like running virus scans on live databases and using the Windows "restart" commands without properly shutting down the databases first. Those can be Bad.

          • 2. Re: Remote Host and VPN and...

            Thanks Mike.

             

            I forgot to mention I have 27 years experience with Filemaker and consulting so I have done or am doing most of what you mention plus a lot more.

             

            But the problem was mine in the post. I added too much info.  Here's what I am really asking:

             

            Comcast offers a minimum of 20 Megs which is much faster than a T1 but the client has experienced many problems since the change which is why I was asked to help. I believe using Comcast is the core of their problems.

             

            OK, my real question is: How will using a large scale host not designed for Filemaker Server affect FMSA performance? Will a rack mounted server not set up to maximize Filemaker performance nesteled among a thousand other rack mounted servers perform well?

             

            My second question is will switching from VPN and encryption to SSL via FMSA boost the speed and/or eliminate many of the stalls and pauses?

            • 3. Re: Remote Host and VPN and...
              PointInSpace

              Is this a dedicated hardware server or a virtual machine?  If the

              latter, many providers use sub-par disk subsystems for their VMs, as

              well as over-subscribe their VMs' processor and/or RAM allocations.

               

              This is where we differ, as we have architected our VM cloud

              specifically to handle the enhanced needs of FileMaker.  This includes

              using 15k SAS RAID 6 Fibre Channel SANs, dedicating RAM to VM instances

              and never oversubscribing processor cores.

               

                   - John

               

               

              Thanks Mike.

               

              I forgot to mention I have 27 years experience with Filemaker and

              consulting so I have done or am doing most of what you mention plus a

              lot more.

               

              But the problem was mine in the post. I added too much info.  Here's

              what I am really asking:

               

              Comcast offers a minimum of 20 Megs which is much faster than a T1 but

              the client has experienced many problems since the change which is why I

              was asked to help. I believe using Comcast is the core of their problems.

               

              OK, my real question is: How will using a large scale host not designed

              for Filemaker Server affect FMSA performance? Will a rack mounted server

              not set up to maximize Filemaker performance nesteled among a thousand

              other rack mounted servers perform well?

               

              My second question is will switching from VPN and encryption to SSL via

              FMSA boost the speed and/or eliminate many of the stalls and pauses?

               

              --

              • 4. Re: Remote Host and VPN and...
                Mike_Mitchell

                In my experience, a VPN is only minorly slower than an SSL connection. Not enough to make a difference.

                 

                But moving it to a hosting service that actually knows something about FileMaker is nevertheless a good idea.

                 

                Mike

                • 5. Re: Remote Host and VPN and...

                  Know of any experiened and qualified Filemaker Server hosts that provide HIPPA certified service?

                  • 6. Re: Remote Host and VPN and...
                    Mike_Mitchell

                    I suggest you contact Ron Smith. He posts here regularly and deals with HIPPA issues.

                     

                    Mike

                    • 7. Re: Remote Host and VPN and...
                      jormond

                      Jack,

                      There are a lot of variables, obviously, in that question.  Some of those server farms will perform superbly.  Other, not so much.  I would recommend switching to something like PointInSpace. They know FM and what it needs.

                       

                      As for the performance with a VPN vs SSL...it will depend on the actual hardware and software involved. The VPN we use here at the office is painfully slow outside the local network.  But I have used others that are fine.

                      • 8. Re: Remote Host and VPN and...

                        VPN seems designed for email and other items not Filemaker, especially if encryption is used. I think the SSL is adequate for that although VPN will mask the host IP and using just SSL might not. That is just a theory at present which I am trying to resolve.

                         

                        HIPPA compliance is the most pressing issue for this client. SSL satisfies that but there are many regs regarding the host and few willing to try to comply due to the expense.

                         

                        The sites that are HIPPA certified do not have Filemaker expertise. At least I haven't found one but welcome any referral.

                        • 9. Re: Remote Host and VPN and...
                          jormond

                          I must have been typing still when you posted the part about HIPPA. I can see that as a tricky spot to be in. Hopefully some of the providers themselves will speak up and let us know if they are, or can be, HIPPA compliant.

                          • 10. Re: Remote Host and VPN and...
                            PointInSpace

                            There is no specific standard or requirement for "HIPAA certification":

                             

                                 http://www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/2003.html

                             

                            We have not had any HIPAA evaluation done by an external third party.

                            However, we have numerous clients that are meeting their HIPAA

                            requirements using our services.

                             

                                 - John

                             

                             

                            VPN seems designed for email and other items not Filemaker, especially

                            if encryption is used. I think the SSL is adequate for that although VPN

                            will mask the host IP and using just SSL might not. That is just a

                            theory at present which I am trying to resolve.

                             

                            HIPPA compliance is the most pressing issue for this client. SSL

                            satisfies that but there are many regs regarding the host and few

                            willing to try to comply due to the expense.

                             

                            The sites that are HIPPA certified do not have Filemaker expertise. At

                            least I haven't found one but welcome any referral.

                             

                             

                             

                            --

                            • 11. Re: Remote Host and VPN and...
                              PointInSpace

                              I just wanted to follow up on this thread from a while ago because of new info that has come to light.

                               

                              The new HIPAA Omnibus rule, with compliance required by September 23rd of this year, has greatly changed the landscape of HIPAA requirements. I won't summarize here, but a Google search should turn up plenty of info.

                               

                              That said, we are not currently entering into Business Associate Agreements with customers, particularly due to auditing and chain of custody issues, though we are evaluating the possibility of doing so in the future.

                               

                                  - John

                              • 12. Re: Remote Host and VPN and...

                                Filemaker Server will do SSL encryption in both directions. A client is convinced this SSL encryption will satisfy HIPAA requirements.

                                 

                                So many of the files used by Windows type databases use plain text files not protected with a password. Foxbase is a perfect example of files that are not protected. Filemaker files can no longer be read by a word processor but the format might be crackable.

                                 

                                My client needs a complete rewrite of their file to conform to HIPPA regulations.

                                 

                                Filemaker can do the job but it is not one for the novice or even one for a developer with a few years experience.

                                 

                                I can see why a host would not want to get involved with HIPAA...