How to secure AD replication between two Windows 2003 Server Sites
Posted on 2004-08-23
We are getting ready to bring online a second Windows 2003 Server site. Both sites have broadband connections, and are using SonicWall firewalls. We need to ensure the replication between the two sites, over the Internet, is secured. The two options we are looking at are: (1) setup a VPN between the two SonicWall firewalls (and replication AD via the VPN tunnel), or (2) setup Windows 2003 Server certificates (SSL) to encrypt the communications between the two sites.
I'm leaning towards the later (SSL), but am wondering about the pros and cons of each? Has anyone used the Windows 2003 Server certificate services to accomplish this, and if so, how hard is this to setup?