Jump to content
RESET Forums (homeservershow.com)

Domain Controllers


kgozar
 Share

Recommended Posts

Hi,

I am tasked to hook up 8 offices located remotely.All have public IP addresses. How do i go about it?How can i have access to one location to the other. We will be running server 2008 r2.

Thanks

Link to comment
Share on other sites

There are several options on how to do this, and I have seen and been involved in deploying several different variations. Whilst many methods will work, there may be other business rules that dictate how a system may be implemented.

 

The two most common ones are a couple of servers at a central site then creating a WAN (usually through VPN) to distribute out the authentication. This however, can cause headaches with routing and requires a substantial amount of bandwidth at the central site and creates a possible single point of failure

 

More commonly these days I am seeing a central read/write DC with RODC's at the client sites that update from the central RWDC's at a predetermined period (15 minutes is common where I am). This not only increases redundancy but also speed as the clients authenticate locally. Utilising things like the password replication policy allows for this authentication to happen when the links are down.

 

On a side note, I would suggest utilising VM infrastructure on the servers if licencing allows as it allows for much faster restores.

  • Like 1
Link to comment
Share on other sites

Hi ShadowPeo,

thanks for your reply. i will try this out. I think with this,there will be no need for VPNs since the RODCs will be replicating with the RWDC(Read Write Domain Controller).

All I need is public IPs for my remote locations,right?

Link to comment
Share on other sites

In theory yes, and the appropriate ports open, I would strongly recommend against it for security reasons however but that is your choice

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

It worked. Just that I experienced some high bandwidth usage at the Main DC. I took care of it by scheduling the times for the replications to take place from the various branches. How then can i secure this network?

Link to comment
Share on other sites

There are several options on how to do this, and I have seen and been involved in deploying several different variations. Whilst many methods will work, there may be other business rules that dictate how a system may be implemented.

 

The two most common ones are a couple of servers at a central site then creating a WAN (usually through VPN) to distribute out the authentication. This however, can cause headaches with routing and requires a substantial amount of bandwidth at the central site and creates a possible single point of failure

 

More commonly these days I am seeing a central read/write DC with RODC's at the client sites that update from the central RWDC's at a predetermined period (15 minutes is common where I am). This not only increases redundancy but also speed as the clients authenticate locally. Utilising things like the password replication policy allows for this authentication to happen when the links are down.

 

On a side note, I would suggest utilising VM infrastructure on the servers if licencing allows as it allows for much faster restores.

 

nice suggestion VM infrastructure will be considerable choice.

o.png

Link to comment
Share on other sites

  • 1 month later...

Hi,

It worked. Just that I experienced some high bandwidth usage at the Main DC. I took care of it by scheduling the times for the replications to take place from the various branches. How then can i secure this network?

No idea, I have always relied of VPN's and firewalls to take care of this for me. A firewall you can implement, but that is only useful if you have static IP's. As I said above though I would not reccomend it without a VPN

Edited by ShadowPeo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • flyboyco
      By flyboyco
      I have a server 2008 with 16gig ram, 3.1 gig dual-core processor.
      I Run Hyper-v with:
      WHS1 (4-gig ram)
      Win7 vm (8-gig ram) for video processing and transcoding.
      Win7 vm (2-gig) for misc testing.
      XP VM for other testing.
       
      I have 3 dedicated 2tb drives for the WHS, (1) 2tb drive for the video machine, and all the vm's are using small (127gb) vhd's off the main 2tb drive for the system drives..
       
      I also have a HTPC (Win7) 2.5gig dual-core machine with 12gig ram.(2) 2tb drives.
       
      Nothing is RAID. I stick with JBOD and drive extender.
       
      I just bought a vertex plus 120gb SSD.and want to know where I should use it. I thought about putting in the HTPC, but it is used mostly for recorded TV and I believe that if I use the SSD for a new system drive, we can not view the recorded TV.
       
      Any input is appreciated!
      Keith in denver.
×
×
  • Create New...