Solved

Advice In site to site Topology

Posted on 2009-05-20
6
272 Views
Last Modified: 2012-05-07
currently have a project in a new company .
My current Objective is to optmize resources in our company .

Present :
6 sites connected with VPN
each site with its own 2003 server ( AD, DNS, DHCP) , own ISA Server, own domain .
Each site has its own ADSL "internet" connection .

What i wanted:
exclude server infra-structure per site . Make all sites authenticate in the HQ via VPN ( by domain auth or terminal server ) , in only one DC, use only one ISA with only one ADSL Attached . Reason mainly, i see no point in having a server infra-structure in sites where only 3 employeers are working .

Questions :
is this possible ?
whats the best way to do this ? so i migrate users from one domain to another with not much trouble ?
should i auth users in remote DC or use local auth with remote Terminal server ?
what will be the cons about this ?


Any ideias, advices, new ways of optmizing resources are welcome .. will avcourse give the points to the most suitable response in my scenario .

thankz in advance,

0
Comment
Question by:lccviper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24439054

That sounds like, er.. fun? :)

Are any of the domains Small Business Server?

What kind of connection speeds do you have between sites? Centralising services might seem good, but if you have very low speed connections it may not work as well as you'd hope.

Chris
0
 
LVL 1

Author Comment

by:lccviper
ID: 24440554
just 2003 server standard .. connections between sites are 1Mb / 1 mb VPN in  IP MPLS ..

just particular interested in the best way to migrate users from local domains to the centralized one .
and whats the best way of doing this .. vpn with domain auth , or terminal services .


thankz in advance
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24440905

Terminal Services may get quite expensive. You'd need a server powerful enough to provide concurrent sessions for each user, and you'd still have to provide them with hardware to be able to connect.

If you already have sufficient hardware for each end user I suspect moving to a single domain would make for an easier life. So I'd say VPN with domain Auth.

Given that these aren't SBS you can potentially use the Active Directory Migration Tool to shift them from the current domain to your centralised one. That would require you to form trusts between each domain, which in turn requires that they all have unique names.

Version 3 of ADMT can be found here:

http://www.microsoft.com/downloads/details.aspx?familyid=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

They've moved the documentation somewhere, hopefully it comes packaged with the installer.

Do you have any other systems involved? Exchange, for example?

The main disadvantage of centralisation like this is the dependence on a single site. Whether that matters depends on your network topology to an extent. If they're no good without the central site anyway then it's not much of a concern.

Chris
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:lccviper
ID: 24449411
thankz Chris .. seems some testing up front 1st :) .. Well, we are centralized at the moment, i just want to get rid of local domains per site, doesnt justify since theres some sites with 2 to 3 users :) .

- how will i manage DHCP in multiple sites ? for ex: Central Site where DHCP server is = 192.168.80.0 , site B =  192.168.20.0 . will dhcp recognize router ip and assign a ip in the correct scope ?


0
 
LVL 1

Author Comment

by:lccviper
ID: 24449424
oh , sorry , no exchange ..
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24449458

If you want to centralise DHCP you'd use a SuperScope (which would contain a range for each office), each router would need a DHCP Helper configuring so that requests from the client site are passed back to the main site.

The range is matched up in the SuperScope based on the source IP address.

Of course if the connection is down they get no IP addressing either, which isn't much of a reason not to do it, but is something that should be considered.

Chris
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question