Solved

Moving to datacenter/colocation, VPN over WAN

Posted on 2004-08-09
4
385 Views
Last Modified: 2007-02-12
We are moving part of a small, single domain office's infrastructure to a datacenter. 3 servers being moved, only one is on the domain, but it is an Exchange 2003 server as well as the domain OC, without a second domain controller (other server is Linux and 3rd is a member server in it's own workgroup),.

Both sites will have a 1.5/T1 in both directions.

The plan consists of promoting a file server (also windows 2003) that is staying in the office to the AD OC, then establishing appliance-to-appliance VPN between two physically different sites, and syncing AD over the VPN. My concern is 1) AD replication traffic over the VPN and 2)if traversing the 2 VPN subnets will create problems. I am under the impression that I can control replication periods/times (I'd like to restrict this traffic to after-hours). The goal is to keep everything in one domain, unless this is not recomended. I don't how if AD replication can be scheduled, or if it can be forced to manually update other domain controllers outside of this schedule

All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup.

Backup MX from ISP will be holding mail during the move, so we don't loose any inbound email.

Remote exchange will host secondary DNS. New DC (old file server) will control primary DNS, DHCP and authentication on local subnet.

Looking for flaws in logic, any recommendations, and/or different approaches to this distributed computing scenario.
0
Comment
Question by:sadasupport
  • 2
4 Comments
 
LVL 4

Expert Comment

by:syn_ack_fin
ID: 11755205
Having the same domain across the WAN doesn' present much of an issue, but I don't understand this:
"All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup."
Is there only one Exchange server and all users are going to connect to it over the WAN? Sounds slow. How many users?
0
 
LVL 3

Expert Comment

by:cmsJustin
ID: 11755799
Just make sure that you set up sites for the different subnets. I would set up an exchange cluster, or a relay server to reduce traffic. AD traffic wont matter much, as long as the sites are set up correctly. You cann configure AD replication to occur less often and use less bandwidth. Also set up QoS for user-specific traffic that needs to be executed immediatly (such as email).

Get Cisco routers  :)
0
 
LVL 1

Author Comment

by:sadasupport
ID: 11756373
synack: Yes, there is and will only be one Exchange server, and user will be connecting to it over the WAN/VPN connection. We have a total of 10-15 concurrent connections to exchange with about 25 active mailboxes. RPC and/or OWA will simply be alternative means to connecto to the server in the event the VPN goes down or remote access is needed.

Justin: I'm not sure what you mean by setting up "sites" for the different subnets, I'm not familiar with that setup. I would love to setup a cluster, but HA is not a requirement and is pretty expensive. When reffering to a relay, do mean just and SMTP relay or a relay of another kind? How do I modify the AD replication behavior? Can you refer me any atricles explaining the QoS configuration (i.e., how to dpeloy, manage, etc...)
0
 
LVL 3

Accepted Solution

by:
cmsJustin earned 500 total points
ID: 11756970
Sites:
     If you goto Active Directory Sites and Services (ADSS) you will see Default-First-Site-Name. Rename this to something like "Office". Then make a new site called "Datacenter". Now in ADSS goto Subnets and make two new subnets (we'll pretend they are 10.1.0.x and 10.2.0.x). When you make each, you can associate them with each site. Once you set that up, you can move servers to each site (IP configuration on the server is still manual, alot of people get confused). Then you can set up inter and intra site replication, see topologies, etc.. here is a step by step article:

http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/adsites.asp

QoS:
     QoS prioritizes packets based on the destination port or IP (or other things depending on the router/switch). You would set it up on your VPN devices and routers, and possibly switches if they support it. There isnt any broad documentation for this, only for specific devices. Check with the manufaturers website on how to configure it, or if you tell us which devices, we could help.

Truthfully, the email relay thing, I dont know much about. I'll leave that open to someone else to explain. I beleive it involves sort of like a cache server for email, but I'm not sure.....

-Justin
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
nmap scanner? 7 82
HP Laser Jet Errors 10 57
Server Room Hardware 5 50
Connecting LAN to a new leased line 2 26
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now