Solved

Advice In site to site Topology

Posted on 2009-05-20
6
265 Views
Last Modified: 2012-05-07
currently have a project in a new company .
My current Objective is to optmize resources in our company .

Present :
6 sites connected with VPN
each site with its own 2003 server ( AD, DNS, DHCP) , own ISA Server, own domain .
Each site has its own ADSL "internet" connection .

What i wanted:
exclude server infra-structure per site . Make all sites authenticate in the HQ via VPN ( by domain auth or terminal server ) , in only one DC, use only one ISA with only one ADSL Attached . Reason mainly, i see no point in having a server infra-structure in sites where only 3 employeers are working .

Questions :
is this possible ?
whats the best way to do this ? so i migrate users from one domain to another with not much trouble ?
should i auth users in remote DC or use local auth with remote Terminal server ?
what will be the cons about this ?


Any ideias, advices, new ways of optmizing resources are welcome .. will avcourse give the points to the most suitable response in my scenario .

thankz in advance,

0
Comment
Question by:lccviper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24439054

That sounds like, er.. fun? :)

Are any of the domains Small Business Server?

What kind of connection speeds do you have between sites? Centralising services might seem good, but if you have very low speed connections it may not work as well as you'd hope.

Chris
0
 
LVL 1

Author Comment

by:lccviper
ID: 24440554
just 2003 server standard .. connections between sites are 1Mb / 1 mb VPN in  IP MPLS ..

just particular interested in the best way to migrate users from local domains to the centralized one .
and whats the best way of doing this .. vpn with domain auth , or terminal services .


thankz in advance
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24440905

Terminal Services may get quite expensive. You'd need a server powerful enough to provide concurrent sessions for each user, and you'd still have to provide them with hardware to be able to connect.

If you already have sufficient hardware for each end user I suspect moving to a single domain would make for an easier life. So I'd say VPN with domain Auth.

Given that these aren't SBS you can potentially use the Active Directory Migration Tool to shift them from the current domain to your centralised one. That would require you to form trusts between each domain, which in turn requires that they all have unique names.

Version 3 of ADMT can be found here:

http://www.microsoft.com/downloads/details.aspx?familyid=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

They've moved the documentation somewhere, hopefully it comes packaged with the installer.

Do you have any other systems involved? Exchange, for example?

The main disadvantage of centralisation like this is the dependence on a single site. Whether that matters depends on your network topology to an extent. If they're no good without the central site anyway then it's not much of a concern.

Chris
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 1

Author Comment

by:lccviper
ID: 24449411
thankz Chris .. seems some testing up front 1st :) .. Well, we are centralized at the moment, i just want to get rid of local domains per site, doesnt justify since theres some sites with 2 to 3 users :) .

- how will i manage DHCP in multiple sites ? for ex: Central Site where DHCP server is = 192.168.80.0 , site B =  192.168.20.0 . will dhcp recognize router ip and assign a ip in the correct scope ?


0
 
LVL 1

Author Comment

by:lccviper
ID: 24449424
oh , sorry , no exchange ..
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24449458

If you want to centralise DHCP you'd use a SuperScope (which would contain a range for each office), each router would need a DHCP Helper configuring so that requests from the client site are passed back to the main site.

The range is matched up in the SuperScope based on the source IP address.

Of course if the connection is down they get no IP addressing either, which isn't much of a reason not to do it, but is something that should be considered.

Chris
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question