Site Planning

Posted on 2009-03-29
Last Modified: 2012-05-06
First post is always frightening, but i'll live.
I've currently got a site with two locations geographically spread by around 200m.
They are currently tied together with Cisco 1200 series waps in bridge mode with directional antennas at 54mbps.

Site A - is the main site with fibre to the curb providing internet and wan activity. It currently houses a 2k8 PDC (DHCP/DNS/AD) and 2k3 BDC(DNS/Print/WSUS/Deployment/AV) and a Web server.  Site A houses around 200 workstations and 50+ mobile devices, 1000 odd users.
No issues, just working really smoothly.

Site B - currently has about 50 workstations and 10 mobile devices. Workstations cabled, mobile wi-fi. All cisco Hardware. The building is going to be demolished in a years time and a new one built in its place so I'm holding out on the fibre or microwave link to get them connected flawlessly.

Im concerned that in an AD environment where there is a whole lot of traffic with the SOE currently in commission that Symantec updates/wsus updates/ logins, gpo's, software all sorts of things arent going to cope. So im trying to figure out what I do as far as getting network continuity.

Im just throwing around ideas at the moment. I'm not quite sure how to tackle it.
My thoughts are to build another DC making it a global catalog and dns server in the same Domain and localise some of the services to that server, break down the traffic flow locally.

Do clients make authoritive connections to the DC with the lowest latency or do they always pass via the PDC. Is putting another DC down at the other site a viable option? Am I going to increase replication traffic due to creating another Global Catalog? Can you throttle full replication to the back of the clock? Do I create another domain within the forest on another subnet? Am I wasting my time even considering this. Feel free to chime in. Theres too many Ideas floating around my head.


Question by:InsightNetworks
LVL 18

Accepted Solution

Americom earned 125 total points
ID: 24016090
User authenticate to any DC respond to user upon request. What you can do is create AD site to control user authentication as well as replication. With AD Sites, user will by default authenticate to the local DC to it's local site. User can still be authenticated by the remote site DC if the local site DC is not available.

I don't see creating a domain is going to help you at all as I don't see any security need for it. It just going to make things more complicated and will create more administrative overhead and not justify in your description above.
LVL 57

Expert Comment

by:Mike Kline
ID: 24016337
I agree creating a domain won't help you; Tony Murray has a good article about when you may need multiple domains
If you go about halfway down the thread below you will see my comment which is a more detailed step by step on the site creation
Currently are users in site B complaining about any slowness or latency issues?

Author Comment

ID: 24093590
Americom: Thank you for the help, ive chosen this path and have setup the majority of it.
Next step I have is im part of a large WAN and have a 10.x.y.z/22 ip range for the whole network.
I have no idea as to how to subnet it for AD sites. I've read quite a lot of information and cant figure it out. Do you need to create subnets for Sites to work correctly?
I've got 4 ranges with the /22
Site A needs the majority of the host addresses....
Site B could do with one complete range, 254 Usable hosts.
I know its probably an annoying question but if someone could shed a little light.

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question