There are many requirements that need to evaulted before you can implement a decent WAN design.
Also, there are a few question that need to be asked and some clarifcation.
- In your design, will all 5 sites need to communitcate with each other?
- Is there is a central site that is responsible for shared services
- WIll voice or streaming media traverse the WAN
- What type of routers and firewalls are at each location
- What type of link does each site have to the internet (T1, cable, DSL, etc)
In order to implement a good WAN design, you will need to know all the types of traffic and the frequency of this traffic, that is expected to traverse across the WAN. If one site is going to be a central site, then that site should have a have link that is suitable to hande the increased load of traffic from the other sites. Also, security might need to play a role if client/patient information is accessed. If voice and or streaming media is a requirement,. then a QoS design must be in place in order to prioritze said traffic. There are many other factors that I will not go into at this point without knowing more information
As far as the design, there are a few options
– Layer 3 MPLS – Probably one of the most popular design methods for interconnecting muliple sites, this design has been quickly replacing the frame-relay designs of the past. You will need to work with you ISP in order to implement this at an extra cost.
- Spoke-to-Spoke VPN tunnels: A central firewall acts as a hub and controls VPN traffic for the multiple spoke sites. This can not be done on all firewalls.
- Full Mesh stie-to-site VPN’s: Each site has a VPN tunnel to every other site
- DMVPN: Hub and spoke topology using cisco routers. Hub router creates dynamic tunnels to each spoke
It sounds like you need some technical assistance in both design and management. I would recommend you contact a Cisco or Juniper partner/reseller in your area and/or a telecom service provider for WAN services. They can help you understand the technology solutions out there and help you in implementing a solution for your organization.
I agree with everything that was said above, but one thing that I would recommend doing is to make sure that each of the sites has its own domain controller that is also acting as a DNS server and global catalog server. You could technically get away with centralizing your domain controllers, but the problem with that is that if the WAN link were to fail, then nobody would be able to log in at the individual offices.