Moving to datacenter/colocation, VPN over WAN

Posted on 2004-08-09
Medium Priority
Last Modified: 2007-02-12
We are moving part of a small, single domain office's infrastructure to a datacenter. 3 servers being moved, only one is on the domain, but it is an Exchange 2003 server as well as the domain OC, without a second domain controller (other server is Linux and 3rd is a member server in it's own workgroup),.

Both sites will have a 1.5/T1 in both directions.

The plan consists of promoting a file server (also windows 2003) that is staying in the office to the AD OC, then establishing appliance-to-appliance VPN between two physically different sites, and syncing AD over the VPN. My concern is 1) AD replication traffic over the VPN and 2)if traversing the 2 VPN subnets will create problems. I am under the impression that I can control replication periods/times (I'd like to restrict this traffic to after-hours). The goal is to keep everything in one domain, unless this is not recomended. I don't how if AD replication can be scheduled, or if it can be forced to manually update other domain controllers outside of this schedule

All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup.

Backup MX from ISP will be holding mail during the move, so we don't loose any inbound email.

Remote exchange will host secondary DNS. New DC (old file server) will control primary DNS, DHCP and authentication on local subnet.

Looking for flaws in logic, any recommendations, and/or different approaches to this distributed computing scenario.
Question by:sadasupport
  • 2

Expert Comment

ID: 11755205
Having the same domain across the WAN doesn' present much of an issue, but I don't understand this:
"All users in office will connect to remote exchange via TCP over VPN, and will use RPC over HTTP and/or webmail as a backup."
Is there only one Exchange server and all users are going to connect to it over the WAN? Sounds slow. How many users?

Expert Comment

ID: 11755799
Just make sure that you set up sites for the different subnets. I would set up an exchange cluster, or a relay server to reduce traffic. AD traffic wont matter much, as long as the sites are set up correctly. You cann configure AD replication to occur less often and use less bandwidth. Also set up QoS for user-specific traffic that needs to be executed immediatly (such as email).

Get Cisco routers  :)

Author Comment

ID: 11756373
synack: Yes, there is and will only be one Exchange server, and user will be connecting to it over the WAN/VPN connection. We have a total of 10-15 concurrent connections to exchange with about 25 active mailboxes. RPC and/or OWA will simply be alternative means to connecto to the server in the event the VPN goes down or remote access is needed.

Justin: I'm not sure what you mean by setting up "sites" for the different subnets, I'm not familiar with that setup. I would love to setup a cluster, but HA is not a requirement and is pretty expensive. When reffering to a relay, do mean just and SMTP relay or a relay of another kind? How do I modify the AD replication behavior? Can you refer me any atricles explaining the QoS configuration (i.e., how to dpeloy, manage, etc...)

Accepted Solution

cmsJustin earned 2000 total points
ID: 11756970
     If you goto Active Directory Sites and Services (ADSS) you will see Default-First-Site-Name. Rename this to something like "Office". Then make a new site called "Datacenter". Now in ADSS goto Subnets and make two new subnets (we'll pretend they are 10.1.0.x and 10.2.0.x). When you make each, you can associate them with each site. Once you set that up, you can move servers to each site (IP configuration on the server is still manual, alot of people get confused). Then you can set up inter and intra site replication, see topologies, etc.. here is a step by step article:


     QoS prioritizes packets based on the destination port or IP (or other things depending on the router/switch). You would set it up on your VPN devices and routers, and possibly switches if they support it. There isnt any broad documentation for this, only for specific devices. Check with the manufaturers website on how to configure it, or if you tell us which devices, we could help.

Truthfully, the email relay thing, I dont know much about. I'll leave that open to someone else to explain. I beleive it involves sort of like a cache server for email, but I'm not sure.....


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question