Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Advice In site to site Topology

Posted on 2009-05-20
6
Medium Priority
?
282 Views
Last Modified: 2012-05-07
currently have a project in a new company .
My current Objective is to optmize resources in our company .

Present :
6 sites connected with VPN
each site with its own 2003 server ( AD, DNS, DHCP) , own ISA Server, own domain .
Each site has its own ADSL "internet" connection .

What i wanted:
exclude server infra-structure per site . Make all sites authenticate in the HQ via VPN ( by domain auth or terminal server ) , in only one DC, use only one ISA with only one ADSL Attached . Reason mainly, i see no point in having a server infra-structure in sites where only 3 employeers are working .

Questions :
is this possible ?
whats the best way to do this ? so i migrate users from one domain to another with not much trouble ?
should i auth users in remote DC or use local auth with remote Terminal server ?
what will be the cons about this ?


Any ideias, advices, new ways of optmizing resources are welcome .. will avcourse give the points to the most suitable response in my scenario .

thankz in advance,

0
Comment
Question by:lccviper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24439054

That sounds like, er.. fun? :)

Are any of the domains Small Business Server?

What kind of connection speeds do you have between sites? Centralising services might seem good, but if you have very low speed connections it may not work as well as you'd hope.

Chris
0
 
LVL 1

Author Comment

by:lccviper
ID: 24440554
just 2003 server standard .. connections between sites are 1Mb / 1 mb VPN in  IP MPLS ..

just particular interested in the best way to migrate users from local domains to the centralized one .
and whats the best way of doing this .. vpn with domain auth , or terminal services .


thankz in advance
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24440905

Terminal Services may get quite expensive. You'd need a server powerful enough to provide concurrent sessions for each user, and you'd still have to provide them with hardware to be able to connect.

If you already have sufficient hardware for each end user I suspect moving to a single domain would make for an easier life. So I'd say VPN with domain Auth.

Given that these aren't SBS you can potentially use the Active Directory Migration Tool to shift them from the current domain to your centralised one. That would require you to form trusts between each domain, which in turn requires that they all have unique names.

Version 3 of ADMT can be found here:

http://www.microsoft.com/downloads/details.aspx?familyid=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

They've moved the documentation somewhere, hopefully it comes packaged with the installer.

Do you have any other systems involved? Exchange, for example?

The main disadvantage of centralisation like this is the dependence on a single site. Whether that matters depends on your network topology to an extent. If they're no good without the central site anyway then it's not much of a concern.

Chris
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:lccviper
ID: 24449411
thankz Chris .. seems some testing up front 1st :) .. Well, we are centralized at the moment, i just want to get rid of local domains per site, doesnt justify since theres some sites with 2 to 3 users :) .

- how will i manage DHCP in multiple sites ? for ex: Central Site where DHCP server is = 192.168.80.0 , site B =  192.168.20.0 . will dhcp recognize router ip and assign a ip in the correct scope ?


0
 
LVL 1

Author Comment

by:lccviper
ID: 24449424
oh , sorry , no exchange ..
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24449458

If you want to centralise DHCP you'd use a SuperScope (which would contain a range for each office), each router would need a DHCP Helper configuring so that requests from the client site are passed back to the main site.

The range is matched up in the SuperScope based on the source IP address.

Of course if the connection is down they get no IP addressing either, which isn't much of a reason not to do it, but is something that should be considered.

Chris
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question