Solved

Advice In site to site Topology

Posted on 2009-05-20
6
251 Views
Last Modified: 2012-05-07
currently have a project in a new company .
My current Objective is to optmize resources in our company .

Present :
6 sites connected with VPN
each site with its own 2003 server ( AD, DNS, DHCP) , own ISA Server, own domain .
Each site has its own ADSL "internet" connection .

What i wanted:
exclude server infra-structure per site . Make all sites authenticate in the HQ via VPN ( by domain auth or terminal server ) , in only one DC, use only one ISA with only one ADSL Attached . Reason mainly, i see no point in having a server infra-structure in sites where only 3 employeers are working .

Questions :
is this possible ?
whats the best way to do this ? so i migrate users from one domain to another with not much trouble ?
should i auth users in remote DC or use local auth with remote Terminal server ?
what will be the cons about this ?


Any ideias, advices, new ways of optmizing resources are welcome .. will avcourse give the points to the most suitable response in my scenario .

thankz in advance,

0
Comment
Question by:lccviper
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24439054

That sounds like, er.. fun? :)

Are any of the domains Small Business Server?

What kind of connection speeds do you have between sites? Centralising services might seem good, but if you have very low speed connections it may not work as well as you'd hope.

Chris
0
 
LVL 1

Author Comment

by:lccviper
ID: 24440554
just 2003 server standard .. connections between sites are 1Mb / 1 mb VPN in  IP MPLS ..

just particular interested in the best way to migrate users from local domains to the centralized one .
and whats the best way of doing this .. vpn with domain auth , or terminal services .


thankz in advance
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24440905

Terminal Services may get quite expensive. You'd need a server powerful enough to provide concurrent sessions for each user, and you'd still have to provide them with hardware to be able to connect.

If you already have sufficient hardware for each end user I suspect moving to a single domain would make for an easier life. So I'd say VPN with domain Auth.

Given that these aren't SBS you can potentially use the Active Directory Migration Tool to shift them from the current domain to your centralised one. That would require you to form trusts between each domain, which in turn requires that they all have unique names.

Version 3 of ADMT can be found here:

http://www.microsoft.com/downloads/details.aspx?familyid=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

They've moved the documentation somewhere, hopefully it comes packaged with the installer.

Do you have any other systems involved? Exchange, for example?

The main disadvantage of centralisation like this is the dependence on a single site. Whether that matters depends on your network topology to an extent. If they're no good without the central site anyway then it's not much of a concern.

Chris
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:lccviper
ID: 24449411
thankz Chris .. seems some testing up front 1st :) .. Well, we are centralized at the moment, i just want to get rid of local domains per site, doesnt justify since theres some sites with 2 to 3 users :) .

- how will i manage DHCP in multiple sites ? for ex: Central Site where DHCP server is = 192.168.80.0 , site B =  192.168.20.0 . will dhcp recognize router ip and assign a ip in the correct scope ?


0
 
LVL 1

Author Comment

by:lccviper
ID: 24449424
oh , sorry , no exchange ..
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24449458

If you want to centralise DHCP you'd use a SuperScope (which would contain a range for each office), each router would need a DHCP Helper configuring so that requests from the client site are passed back to the main site.

The range is matched up in the SuperScope based on the source IP address.

Of course if the connection is down they get no IP addressing either, which isn't much of a reason not to do it, but is something that should be considered.

Chris
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question