Avatar of Tbaba
Flag for Nigeria asked on

What steps can I take

My Organisation has a head office and 3 branches in different geological locations.  Presently we have servers in each of thewse locations each hosting their own domain.  I'm to implment a single domain architecture.  We also have exhcnage servers (with POP3 connectors) in each location and require a single global Address List and access to new emails by domain users in any location.  Is a VPN the right way? internet backbone is via Sattelite links with bandwdiths limited to 512Kb download and 256Kb upload. if VPN is the way, should it be hardware or software? What manufacturers are easy to configure and maintain?  thanks in advance...
Email ProtocolsVPNSBS

Avatar of undefined
Last Comment

8/22/2022 - Mon

It would be pretty foolish to try and setup a domain over the Internet without a VPN. Sending valuable cooperate data unprotected is asking for trouble, not to mention possible routing and firewalling issues you'd run into. A VPN will add a little overhead to your connection in terms of bandwidth & latency, but is well worth it.

Hardware networking will almost always be a better solution than software networking. It could be done with just Windows 2003 cheaply, but it's slower and less flexible.

Cisco is the main business networking provider, and you can't go wrong with them for the best equipment. Not the cheapest, and not always the easiest to configure, but the most reliable and most powerful.

I've seen pretty decent results with SonicWall. Maybe a bit easier to configure and cheaper, but not as powerful as Cisco gear.


I know it would be "foolish" ( u could've used a more polite work) that's why I was aking if its the right option.  My organisation/client is an SME and Cisco would be too costly.  They'll also have btw 5-10 VPN client users as well.

-research tells me Cyberguard is real good for site to site VPN, has anyone used this?

-There are 30 users in the head office and 10-15 users in the two branch offices.  I've been reading alot about Windows 2003 Server VPN, would that be good?

-  in the case I use a hardware VPN, after setting up the VPN should I disable routing on my Branch Windows servers? and demote them from Domain controller? and have all clients point to the domain controller at the head office via the VPN? or should the branch domain server replicate theAD of the head office Domain Controller? Like I said they want to implement a single domain.

-Sattelite links have alot of latency, will this seriously affect performance of AD across the VPN?


View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

thanks ALOT devenoel, you've shed so much light on this issue for me.

Dont know if you can assist me with this one but My next question would be, about the exchange servers on each of these DCs.  presently each DC has an Exchange server downloaded individual emails via a pop3 connector from popsecure.net.  Each has been configured to download messages for the email addys of the users in that location.  With a single domain AD and ability to access emails from any system on the network. how should the exchange servers be reconfigured? any thoughts?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

Exchange uses Active Directory to figure out where to route E-mail. If you have multiple Exchange servers at multiple sites using the same address space, it will work just fine. One server will pull everything in, then send it off to the right exchange server as configured on the users account in active directory.

I probably wouldn't be putting up additional exchange servers at each site unless you got over 100 users per site though.

i decided to order Secure Computing SG 580, 560 and 300 Models for site - tie VPN and AD with replication. acroos the VPN.  Thanks