I'm currently going to be undertaking a project that requires the migration of about 5 domains into one or two, in a single forest.
Currently, we host many websites and have an environment which includes database servers, web servers, load balancers etc. I am a Windows guy, but not a networking guy -- that is to say, I can figure out the Active Directory layout but I need to understand how and where firewalls and routers will be used.
Anyways, here's the jist of the idea.
We have geographic locations A, B, C, D, and E. Locations A & B are production, mirrors of one another (offsite mirror, similar hardware, servers, etc). Locations C, D, and E are internal locations, where people work in the office and may potentially connect to the production environments.
Since the 'hub' of all servers reside at location A (and I'll leave B out since it's a mirror), the idea I was thinking is to place our PDC at location A. BDCs would be placed at each geographic location so that users authenticate to their local server, and the BDCs replicate on their own to the PDC. Let me know if I have anything wrong so far..
Domain A consists of production and 'outward facing' machines. Domain B is internal, with a trust to Domain A. I'm not certain if this is necessary but it will necessitate another domain controller. I was thinking perhaps to have just a single large domain -- tell me if there's anything wrong with this.
So now the problem I face, is how the networks actually connect with one another. My job is to work with our network guy however, I want a good overview before I sit down with him which is why this question is worth 500 points :) To keep the network segmented, what's the best way to go as far as a network for this? I don't know how the firewall should be set up to segment everything. Will I need a router? I want to have production and each geographic location on a separate IP segment ie, 10.10.1.x for location a, 10.10.2.x for B, etc etc.
Anyways, any help is appreciated.