Moving to datacenter/colocation, VPN over WAN
We are moving part of a small, single domain office's infrastructure to a datacenter. 3 servers being moved, only one is on the domain, but it is an Exchange 2003 server as well as the domain OC, without a second domain controller (other server is Linux and 3rd is a member server in it's own workgroup),.
Both sites will have a 1.5/T1 in both directions.
The plan consists of promoting a file server (also windows 2003) that is staying in the office to the AD OC, then establishing appliance-to-appliance VPN between two physically different sites, and syncing AD over the VPN. My concern is 1) AD replication traffic over the VPN and 2)if traversing the 2 VPN subnets will create problems. I am under the impression that I can control replication periods/times (I'd like to restrict this traffic to after-hours). The goal is to keep everything in one domain, unless this is not recomended. I don't how if AD replication can be scheduled, or if it can be forced to manually update other domain controllers outside of this schedule
All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup.
Backup MX from ISP will be holding mail during the move, so we don't loose any inbound email.
Remote exchange will host secondary DNS. New DC (old file server) will control primary DNS, DHCP and authentication on local subnet.
Looking for flaws in logic, any recommendations, and/or different approaches to this distributed computing scenario.
Both sites will have a 1.5/T1 in both directions.
The plan consists of promoting a file server (also windows 2003) that is staying in the office to the AD OC, then establishing appliance-to-appliance VPN between two physically different sites, and syncing AD over the VPN. My concern is 1) AD replication traffic over the VPN and 2)if traversing the 2 VPN subnets will create problems. I am under the impression that I can control replication periods/times (I'd like to restrict this traffic to after-hours). The goal is to keep everything in one domain, unless this is not recomended. I don't how if AD replication can be scheduled, or if it can be forced to manually update other domain controllers outside of this schedule
All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup.
Backup MX from ISP will be holding mail during the move, so we don't loose any inbound email.
Remote exchange will host secondary DNS. New DC (old file server) will control primary DNS, DHCP and authentication on local subnet.
Looking for flaws in logic, any recommendations, and/or different approaches to this distributed computing scenario.
Just make sure that you set up sites for the different subnets. I would set up an exchange cluster, or a relay server to reduce traffic. AD traffic wont matter much, as long as the sites are set up correctly. You cann configure AD replication to occur less often and use less bandwidth. Also set up QoS for user-specific traffic that needs to be executed immediatly (such as email).
Get Cisco routers :)
Get Cisco routers :)
ASKER
synack: Yes, there is and will only be one Exchange server, and user will be connecting to it over the WAN/VPN connection. We have a total of 10-15 concurrent connections to exchange with about 25 active mailboxes. RPC and/or OWA will simply be alternative means to connecto to the server in the event the VPN goes down or remote access is needed.
Justin: I'm not sure what you mean by setting up "sites" for the different subnets, I'm not familiar with that setup. I would love to setup a cluster, but HA is not a requirement and is pretty expensive. When reffering to a relay, do mean just and SMTP relay or a relay of another kind? How do I modify the AD replication behavior? Can you refer me any atricles explaining the QoS configuration (i.e., how to dpeloy, manage, etc...)
Justin: I'm not sure what you mean by setting up "sites" for the different subnets, I'm not familiar with that setup. I would love to setup a cluster, but HA is not a requirement and is pretty expensive. When reffering to a relay, do mean just and SMTP relay or a relay of another kind? How do I modify the AD replication behavior? Can you refer me any atricles explaining the QoS configuration (i.e., how to dpeloy, manage, etc...)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup."
Is there only one Exchange server and all users are going to connect to it over the WAN? Sounds slow. How many users?