New Network Setup ---- Your Thoughts.........
Good afternoon everyone. I am pretty new here and some what new to networking so forgive my ignorance on some of these questions. I've just been assigned the wonderful task of designing and implementating a new project that will connect 4 different sites country wide. Here is the concept. There will be a main datacenter that will be the file repository of all the engineering files from all 4 sites (acutally another topic in the storage forum :) ). Each site will have its own file/application server that the companies will use to analize their own engineering data. Once the analizing is done, then the data will need to be replicated back to the datacenter for storage and future analization/collabration. One thing to remember, is that each company has access to the network already and has been assigned different IP's So, the stump factor here is how do I setup the network and/or servers to accomplish this? Would I have the datacenter server act as the AD server and then just have the other servers join the domain through their existing network even if thats possible? Or, do I need to buy a class C lets say or a block of IP's so that all of the servers are on the same ip string? The other stumper is that each site will have 4-5 local computers that will need to access the local server. So do all of these servers need AD loaded on them and the clients then log into their domain? Its almost like a AD question but need help on the networking.....Was so use to the PDC / BDC thing and then MS has to go and do this to me :) ... tks everyone in advance.... hope this wasnt too stupid :)...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
JRaster
Do you currently have 4 physical locations that all have thier own network that need to connect another location (sight 5)?
Ment to type (site 5) =)
I would have the main data storage site be your (primary) domain controller, by this I mean it is the global catalog holder ie the first DC in active directory. Then add each of the other servers as (child) Domain Controllers and you want to run DHCP and DNS from each location. This way if you have internet trouble, your users can still log in and work =)
As stated above connection between the Sites depends on your connection, are you directly connected to each site, or are they going through the internet for connection? A VPN is a MUSt for network connections transfering sensitive data across the internet. You want to get a firewall or router at your main site that can handle at least 5 site-to-site VPN's and each remote site only needs to handle 1 site-to-site VPN. You only need a couple of "live" IP's at each site, you don't need a full class C. and if you can avoid it never assign your data server a LIVE IP =)
As stated above connection between the Sites depends on your connection, are you directly connected to each site, or are they going through the internet for connection? A VPN is a MUSt for network connections transfering sensitive data across the internet. You want to get a firewall or router at your main site that can handle at least 5 site-to-site VPN's and each remote site only needs to handle 1 site-to-site VPN. You only need a couple of "live" IP's at each site, you don't need a full class C. and if you can avoid it never assign your data server a LIVE IP =)
ASKER
To all -- Thank you for your response......Just got some more information this morning. It seems that this netowrk will be a closed network and will not be touching the internet at all. Think of it as an research and development network. It has the basic setup as the internet but it never touches it.
@ JRaster -- Currently I have 3 sites remotly and then the datacenter making 4 sites all together....
@Mazaraat -- Understand about your first paragraph... Setup the datacenter as the main DC and then each of the other 3 remote sites set them up as Child DC to run DHCP and DNS off of from those locations. Correct ? Second paragraph -- We are not directly connected to each of the sites. Each site can 'connect' to the RDT&E network, just like a user connecting to the internet so their connection is already established. What I'm getting from everyone so far is eventhough this is a 'closed' network envirnoment, I might consider VPN?
@ etracsupport -- TY
To add more confusion to the pot, it seems that there will be 4-5 workstations at each physical location. I want to thank you all for the good information... I'd like to get more information / solution if possible. If anyone has an IM program, please let me know if i can 'bug' them :) .. tks much....
@ JRaster -- Currently I have 3 sites remotly and then the datacenter making 4 sites all together....
@Mazaraat -- Understand about your first paragraph... Setup the datacenter as the main DC and then each of the other 3 remote sites set them up as Child DC to run DHCP and DNS off of from those locations. Correct ? Second paragraph -- We are not directly connected to each of the sites. Each site can 'connect' to the RDT&E network, just like a user connecting to the internet so their connection is already established. What I'm getting from everyone so far is eventhough this is a 'closed' network envirnoment, I might consider VPN?
@ etracsupport -- TY
To add more confusion to the pot, it seems that there will be 4-5 workstations at each physical location. I want to thank you all for the good information... I'd like to get more information / solution if possible. If anyone has an IM program, please let me know if i can 'bug' them :) .. tks much....
Ok, my first thoughts (brief);
1) Use a VPN to connect each of the sites together with the main data centre site, this will reduce any connectivity and possible security problems with connecting separate sites together. The VPN can either be setup via internet (which from your previous post is not an option), Or setup a new network to the datacentre using ADSL/ISDN/T1 private conections (depending on required speed/cost) and firewalls between clients/datacentre (you can never haver too many firewalls ;) )
2) Setup a new domain at the data centre, use trusts to the client networks. Since each client network most likely has their own domains already in place, one way (or if neccesary two way) trusts - This depends on how access will be done. If only dedicated workstations will be using this domain then child domains (as mentioned previously) would be a better idea. The use of child domains also provides extra security between sites (since there are only trusts between the parent and child domains and none between each child by default) . One server at each site acting as a child DC with any neccesary services running on it.
1) Use a VPN to connect each of the sites together with the main data centre site, this will reduce any connectivity and possible security problems with connecting separate sites together. The VPN can either be setup via internet (which from your previous post is not an option), Or setup a new network to the datacentre using ADSL/ISDN/T1 private conections (depending on required speed/cost) and firewalls between clients/datacentre (you can never haver too many firewalls ;) )
2) Setup a new domain at the data centre, use trusts to the client networks. Since each client network most likely has their own domains already in place, one way (or if neccesary two way) trusts - This depends on how access will be done. If only dedicated workstations will be using this domain then child domains (as mentioned previously) would be a better idea. The use of child domains also provides extra security between sites (since there are only trusts between the parent and child domains and none between each child by default) . One server at each site acting as a child DC with any neccesary services running on it.
After rereading your second comment I gathered that you should use VPN connections from site to site (site A router maintains a VPN connection to Site B router). If they aren't directly connected the VPN is a must for security reasons. Creating the VPN at the router level will allow all the computers at each site to utilize the VPN tunnel so the number of workstations isn't an issue.
Happy Networking!
Happy Networking!
ASKER
Thanks again for all the replies so far....I am going to setup a mocc lab using Virtual PC to see how to do all of this..... I'll keep you posted... Thanks again and keep it comming.... :) .....