We help IT Professionals succeed at work.

Optimal namespace and client settings

SimonUK
SimonUK asked
on
240 Views
Last Modified: 2011-09-20
Hi everyone

I'm working on the most appropriate solution for a combination of Server 2003, desktops and laptops in what I'd like to be a contiguous namespace covering 10 office locations (rather than a forest of 10 domains) - HQ and 9 satellite offices.  The sites are connected with slow WAN links (limited by 256k upstream ADSL at least for now) and are geographically far apart.  There'll be a DC at each site, about 25 people per site and 20 at HQ.

I've got a few questions so I'm trying to spread them across threads to make the point awarding fair.

1) I'm setting up one of the satellite offices first, say site1.company.local - after that, I'll build hq.company.local then all the other sites will gradually be upgraded to Server 2003 (from straightforward workgroups, no upgrading of servers to do) and will become site2, site3, etc.

I was originally going to make HQ simply company.local - but I guess because I'm not starting with that DC I can't - unless I make site1 a standalone server, wait until company.local is running then dcpromo site1 to join the namespace.  Is my logic correct?  It wouldn't be a problem to make the HQ domain = hq.company.local - that way, because there's then no higher level than xxxx.company.local am I right in saying I can create the sites in any order?  Am I also right in thinking that I can't realistically make every site simply company.local because of the reduced ability to manage traffic between the DCs over slow links?

2) We have a lot of mobile users who work from home, out on the road, and at several of our sites.  Our e-mail solution is entirely outsourced so that's not an issue - what I'm trying to suss now is the best way to handle their profiles.  I'd like desktop users to have roaming profiles in order that everything is available to them, including their documents, at every desktop per site.  Laptop users I'll probably use file synchronisation so they are responsible for choosing which files to store on the server shares and sync, and which to keep to themselves.  However, I still want laptop users to use a mandatory profile, so they can't mess with settings.

I don't have much experience of laptop users working outside their domain but I see from tests that machines will load a local copy of their profile if they can't reach the DC.  What happens if user@hq.company.local logs in at site1.company.local ?  I guess because he's a user for a different domain his machine wont attempt to sync back to his "home" server (not a great idea over a slow link) but I'd like him to be able to see the shares available at that site, even if he has to have UNC shortcuts to the shares at each site.  Would he have to exist as a user in every domain for this to work?

Your input appreciated, as always!

Simon
Comment
Watch Question

CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Cole, thanks.

Autonomy would be good (the sites are actually companies in their own right) but it doesn't really matter if they all logon to company.local - that's the parent company - so your point about just one domain is very interesting.

E-mail actually works really well in our current situation, so I don't really want to change that.  Perhaps I wont bother with roaming profiles - it would be nice if people could work from any desk but they'll soon fuss about slow logons (they probably wont care about log offs!).

If file sync is flaky, what's the best solution for laptop users?  Tell them to store important stuff on the shares and less crucial data locally - and take a copy of any files they want to work with away from the server?

I understand if we have one domain, laptop users could authenticate at any site.  I take it the best thing to do is to have them load their profile from the server, which should replicate around sites, but keep their files local.


Simon
CERTIFIED EXPERT

Commented:
Hi Simon,

I would definitely have the laptop users store the important data on a server somewhere.  If there are a lot of remote users a terminal server might make the management a lot easier since you will only have to administer a single computer rather than all the individual laptops.  From the sounds of what you are describing though, I would definitely go with the single domain structure unless there is a turf war going on between IT guys from the child companies (which doesnt sound like the case).  Is there anything else you are completely clear on that I could lend a hand with?

Cole

Author

Commented:
Hi all

No turf war, there's only me and my collegue looking after all sites!

However, some people tell me that the traffic generated between DC's over slow links can bring WANs down very easily. Any comments on that point?

On the laptop data: I think that'll need some thinking about.  I'm leaning towards a simple policy - tell them to copy any critical data to "their" area of the server storage.

Also, I'm currently looking at a single DC per site with RAID5 storage + backup device.  However, someone else suggested always having 2 DC's per site, so another choice would be two simpler DC's with just a mirror each, and a RAID5 NAS instead.  Given that with the right kit I could do that for a similar price... further suggestions welcome !

Thanks


Simon
CERTIFIED EXPERT

Commented:
Replication traffic can bring a slow WAN link down to a grinding hault but a 256k connection should be good enough for at least one replication an hour or so (depends).  As far as DCs go - the more, the merrier.  If you have the budget to put two DCs in each site, then definitely proceed with that plan because it is more robust and fault tolerant.  I would just keep in mind a backup strategy whichever course you choose for servers and storage though.  Othat than that, it sounds like youre good to go.

Cole

Author

Commented:
Thanks for your time Cole, points are yours.

I think there are more topics on this but in the interests of keeping points focussed on questions I've closed this one now.

cheers


Simon
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.