Moving to datacenter/colocation, VPN over WAN
Posted on 2004-08-09
We are moving part of a small, single domain office's infrastructure to a datacenter. 3 servers being moved, only one is on the domain, but it is an Exchange 2003 server as well as the domain OC, without a second domain controller (other server is Linux and 3rd is a member server in it's own workgroup),.
Both sites will have a 1.5/T1 in both directions.
The plan consists of promoting a file server (also windows 2003) that is staying in the office to the AD OC, then establishing appliance-to-appliance VPN between two physically different sites, and syncing AD over the VPN. My concern is 1) AD replication traffic over the VPN and 2)if traversing the 2 VPN subnets will create problems. I am under the impression that I can control replication periods/times (I'd like to restrict this traffic to after-hours). The goal is to keep everything in one domain, unless this is not recomended. I don't how if AD replication can be scheduled, or if it can be forced to manually update other domain controllers outside of this schedule
All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup.
Backup MX from ISP will be holding mail during the move, so we don't loose any inbound email.
Remote exchange will host secondary DNS. New DC (old file server) will control primary DNS, DHCP and authentication on local subnet.
Looking for flaws in logic, any recommendations, and/or different approaches to this distributed computing scenario.