What are the steps to set up new offices Lan windows firewall router exchange and connect via wan to each other

Posted on 2006-11-22
Last Modified: 2010-03-18
Hi , This is an interview question that i was asked recently and would like some views on the steps to assess situation and steps to resolve problem.

"We have multiple branches width indivdual lans that all communicate via WAN for emails and document sharing etc.  There is a new branch, tell me the steps you would follow in setting up the new network, what information would you gather , hardware/software used use and how you would ensure security and correct permissions"

I know and understand various technologies and have worked in a network environment with Windows Server 2003 so use as much techy info as you like. Please detail info about how could Active Directory, Group policies, security, DNS, and exchanges be managed accross multiple sites be implemented, as i know there seems to be multiple ways of doing things and i am getting confused which is the best path. Include info on why you should implement something one way rather than another

Please note this is the first question posted here so, give feedback if i am using the best approach or awarding enough points

Question by:damothedude
  • 2
  • 2

Accepted Solution

tim1731 earned 125 total points
ID: 17995649

how are the offices connected

1.VPN Tunnel, mpls,point to point lines,eps 8,etc
2.If firewall what model and settings

Then what is the setup in other offices, are all files held in HQ and rdp to other offices or is the remote office a child domain,or its own OU

Do you need traffic shaping

Then how many desks,people, for number of nodes (network ports) what networking equipment are you going to do VOIP (PBX local or remote)

number and type of printers, model and type of desktops IE DELL sx280, do you have a gold image, what type of web filtering device,software do you use

Thats a start

Author Comment

ID: 17996700
Hi, thanks for the info, thats the problem , interview wise , its just an open ended question, not much info given but let me make some assumptions

1. 20 users on each site , using xp , widtch a printer for each 5 people
2. confidential info needs to be shared and permission and security is a must
3. It is a busy environment and needs to be reliable with plently of backup, speed
4. it has a dsl connection
5. There is a server for the remote site for local file storage and profiles

So i have a choice between 1 domain, where the remote site is an OU and contains sub OU's containing the sites stations and users and auth/group pol/ permissions over a tunnel

2 domains and the remote is a child domain width its own AD that synz with the HQ active directory so that all
Group policies

6 Both sites have to connect to the internet so let me assume they have a high speed dsl connection and work via VPN, so
they need a router and a firewall. Let me assume that it has a cisco router and a windows based firewall 'checkpoint'

7 They have 'ms exchange' : you can connect to the 1 exchnage server at HQ via the vpn or an exchange server at each location and the exchange servers synz over the vpn

8. I can get the dhcp set up locally on each site or make dhcp happen over the vpn witch one dhcp in the headquarters

9. There are a dns server on each site and each station points to the one closest first and then remotely to find a certain station

Ok thanks some more details , my problem i  understand a number of thing a bit but would like them put all together.  For the above points a have given 2 sides but you give me details why i would use one  than the other and why should i choose VPN over another tunnell protocol

Also should i consider having Document database functionality for examples the ability to check document in and out, or have a central file server that both sites can access

Thanks again

ps. i do not mind you tellling me if i am talking balls or off on the completly wrong direction


Assisted Solution

tim1731 earned 125 total points
ID: 17996830

if you DSL and not leased line you need to look at the reliabilty of the link hence no link somethings dont work if this is the case use child domain or point a DC,dns,and global cat server in remote office if good link look at ishared from packeteer this will cut down on traffic across the wan and allow the logon script to pick up the hone folders drive like its on the local lan we help we backup as changes sync at the byte level.

did they give a budjet for this

Author Comment

ID: 18002216
Nope, no info what so ever, its a very open question i assume to see if you understand the principles. Looked at the ishard looks interesting.

What about group policies and security accross the 2 domains, if the remote has a dc will the AD and group policies syzn if set up in the trust?

What if the company wanted to control the access to the web to reduce virus and misuse ,  should i create a filter on each site or one at HQ and route all http traffic via HQ

The same could go for spam for email access should i have a barracuda spam filter at HQ and let the remote exchange synz with HQ or have separate 2 barracuda


Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now