Jump to content
RESET Forums (homeservershow.com)

Domain Controllers


kgozar
 Share

Recommended Posts

Hi,

I am tasked to hook up 8 offices located remotely.All have public IP addresses. How do i go about it?How can i have access to one location to the other. We will be running server 2008 r2.

Thanks

Link to comment
Share on other sites

There are several options on how to do this, and I have seen and been involved in deploying several different variations. Whilst many methods will work, there may be other business rules that dictate how a system may be implemented.

 

The two most common ones are a couple of servers at a central site then creating a WAN (usually through VPN) to distribute out the authentication. This however, can cause headaches with routing and requires a substantial amount of bandwidth at the central site and creates a possible single point of failure

 

More commonly these days I am seeing a central read/write DC with RODC's at the client sites that update from the central RWDC's at a predetermined period (15 minutes is common where I am). This not only increases redundancy but also speed as the clients authenticate locally. Utilising things like the password replication policy allows for this authentication to happen when the links are down.

 

On a side note, I would suggest utilising VM infrastructure on the servers if licencing allows as it allows for much faster restores.

  • Like 1
Link to comment
Share on other sites

Hi ShadowPeo,

thanks for your reply. i will try this out. I think with this,there will be no need for VPNs since the RODCs will be replicating with the RWDC(Read Write Domain Controller).

All I need is public IPs for my remote locations,right?

Link to comment
Share on other sites

In theory yes, and the appropriate ports open, I would strongly recommend against it for security reasons however but that is your choice

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

It worked. Just that I experienced some high bandwidth usage at the Main DC. I took care of it by scheduling the times for the replications to take place from the various branches. How then can i secure this network?

Link to comment
Share on other sites

There are several options on how to do this, and I have seen and been involved in deploying several different variations. Whilst many methods will work, there may be other business rules that dictate how a system may be implemented.

 

The two most common ones are a couple of servers at a central site then creating a WAN (usually through VPN) to distribute out the authentication. This however, can cause headaches with routing and requires a substantial amount of bandwidth at the central site and creates a possible single point of failure

 

More commonly these days I am seeing a central read/write DC with RODC's at the client sites that update from the central RWDC's at a predetermined period (15 minutes is common where I am). This not only increases redundancy but also speed as the clients authenticate locally. Utilising things like the password replication policy allows for this authentication to happen when the links are down.

 

On a side note, I would suggest utilising VM infrastructure on the servers if licencing allows as it allows for much faster restores.

 

nice suggestion VM infrastructure will be considerable choice.

o.png

Link to comment
Share on other sites

  • 1 month later...

Hi,

It worked. Just that I experienced some high bandwidth usage at the Main DC. I took care of it by scheduling the times for the replications to take place from the various branches. How then can i secure this network?

No idea, I have always relied of VPN's and firewalls to take care of this for me. A firewall you can implement, but that is only useful if you have static IP's. As I said above though I would not reccomend it without a VPN

Edited by ShadowPeo
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...