Moving to datacenter/colocation, VPN over WAN

We are moving part of a small, single domain office's infrastructure to a datacenter. 3 servers being moved, only one is on the domain, but it is an Exchange 2003 server as well as the domain OC, without a second domain controller (other server is Linux and 3rd is a member server in it's own workgroup),.

Both sites will have a 1.5/T1 in both directions.

The plan consists of promoting a file server (also windows 2003) that is staying in the office to the AD OC, then establishing appliance-to-appliance VPN between two physically different sites, and syncing AD over the VPN. My concern is 1) AD replication traffic over the VPN and 2)if traversing the 2 VPN subnets will create problems. I am under the impression that I can control replication periods/times (I'd like to restrict this traffic to after-hours). The goal is to keep everything in one domain, unless this is not recomended. I don't how if AD replication can be scheduled, or if it can be forced to manually update other domain controllers outside of this schedule

All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup.

Backup MX from ISP will be holding mail during the move, so we don't loose any inbound email.

Remote exchange will host secondary DNS. New DC (old file server) will control primary DNS, DHCP and authentication on local subnet.

Looking for flaws in logic, any recommendations, and/or different approaches to this distributed computing scenario.
Who is Participating?
cmsJustinConnect With a Mentor Commented:
     If you goto Active Directory Sites and Services (ADSS) you will see Default-First-Site-Name. Rename this to something like "Office". Then make a new site called "Datacenter". Now in ADSS goto Subnets and make two new subnets (we'll pretend they are 10.1.0.x and 10.2.0.x). When you make each, you can associate them with each site. Once you set that up, you can move servers to each site (IP configuration on the server is still manual, alot of people get confused). Then you can set up inter and intra site replication, see topologies, etc.. here is a step by step article:

     QoS prioritizes packets based on the destination port or IP (or other things depending on the router/switch). You would set it up on your VPN devices and routers, and possibly switches if they support it. There isnt any broad documentation for this, only for specific devices. Check with the manufaturers website on how to configure it, or if you tell us which devices, we could help.

Truthfully, the email relay thing, I dont know much about. I'll leave that open to someone else to explain. I beleive it involves sort of like a cache server for email, but I'm not sure.....

Having the same domain across the WAN doesn' present much of an issue, but I don't understand this:
"All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup."
Is there only one Exchange server and all users are going to connect to it over the WAN? Sounds slow. How many users?
Just make sure that you set up sites for the different subnets. I would set up an exchange cluster, or a relay server to reduce traffic. AD traffic wont matter much, as long as the sites are set up correctly. You cann configure AD replication to occur less often and use less bandwidth. Also set up QoS for user-specific traffic that needs to be executed immediatly (such as email).

Get Cisco routers  :)
sadasupportAuthor Commented:
synack: Yes, there is and will only be one Exchange server, and user will be connecting to it over the WAN/VPN connection. We have a total of 10-15 concurrent connections to exchange with about 25 active mailboxes. RPC and/or OWA will simply be alternative means to connecto to the server in the event the VPN goes down or remote access is needed.

Justin: I'm not sure what you mean by setting up "sites" for the different subnets, I'm not familiar with that setup. I would love to setup a cluster, but HA is not a requirement and is pretty expensive. When reffering to a relay, do mean just and SMTP relay or a relay of another kind? How do I modify the AD replication behavior? Can you refer me any atricles explaining the QoS configuration (i.e., how to dpeloy, manage, etc...)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.