What steps can I take
My Organisation has a head office and 3 branches in different geological locations. Presently we have servers in each of thewse locations each hosting their own domain. I'm to implment a single domain architecture. We also have exhcnage servers (with POP3 connectors) in each location and require a single global Address List and access to new emails by domain users in any location. Is a VPN the right way? internet backbone is via Sattelite links with bandwdiths limited to 512Kb download and 256Kb upload. if VPN is the way, should it be hardware or software? What manufacturers are easy to configure and maintain? thanks in advance...
ASKER
@devinnoel
I know it would be "foolish" ( u could've used a more polite work) that's why I was aking if its the right option. My organisation/client is an SME and Cisco would be too costly. They'll also have btw 5-10 VPN client users as well.
-research tells me Cyberguard is real good for site to site VPN, has anyone used this?
-There are 30 users in the head office and 10-15 users in the two branch offices. I've been reading alot about Windows 2003 Server VPN, would that be good?
- in the case I use a hardware VPN, after setting up the VPN should I disable routing on my Branch Windows servers? and demote them from Domain controller? and have all clients point to the domain controller at the head office via the VPN? or should the branch domain server replicate theAD of the head office Domain Controller? Like I said they want to implement a single domain.
-Sattelite links have alot of latency, will this seriously affect performance of AD across the VPN?
thanks!
I know it would be "foolish" ( u could've used a more polite work) that's why I was aking if its the right option. My organisation/client is an SME and Cisco would be too costly. They'll also have btw 5-10 VPN client users as well.
-research tells me Cyberguard is real good for site to site VPN, has anyone used this?
-There are 30 users in the head office and 10-15 users in the two branch offices. I've been reading alot about Windows 2003 Server VPN, would that be good?
- in the case I use a hardware VPN, after setting up the VPN should I disable routing on my Branch Windows servers? and demote them from Domain controller? and have all clients point to the domain controller at the head office via the VPN? or should the branch domain server replicate theAD of the head office Domain Controller? Like I said they want to implement a single domain.
-Sattelite links have alot of latency, will this seriously affect performance of AD across the VPN?
thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks ALOT devenoel, you've shed so much light on this issue for me.
Dont know if you can assist me with this one but My next question would be, about the exchange servers on each of these DCs. presently each DC has an Exchange server downloaded individual emails via a pop3 connector from popsecure.net. Each has been configured to download messages for the email addys of the users in that location. With a single domain AD and ability to access emails from any system on the network. how should the exchange servers be reconfigured? any thoughts?
Dont know if you can assist me with this one but My next question would be, about the exchange servers on each of these DCs. presently each DC has an Exchange server downloaded individual emails via a pop3 connector from popsecure.net. Each has been configured to download messages for the email addys of the users in that location. With a single domain AD and ability to access emails from any system on the network. how should the exchange servers be reconfigured? any thoughts?
Exchange uses Active Directory to figure out where to route E-mail. If you have multiple Exchange servers at multiple sites using the same address space, it will work just fine. One server will pull everything in, then send it off to the right exchange server as configured on the users account in active directory.
I probably wouldn't be putting up additional exchange servers at each site unless you got over 100 users per site though.
I probably wouldn't be putting up additional exchange servers at each site unless you got over 100 users per site though.
ASKER
i decided to order Secure Computing SG 580, 560 and 300 Models for site - tie VPN and AD with replication. acroos the VPN. Thanks
Hardware networking will almost always be a better solution than software networking. It could be done with just Windows 2003 cheaply, but it's slower and less flexible.
Cisco is the main business networking provider, and you can't go wrong with them for the best equipment. Not the cheapest, and not always the easiest to configure, but the most reliable and most powerful.
I've seen pretty decent results with SonicWall. Maybe a bit easier to configure and cheaper, but not as powerful as Cisco gear.