Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Advice In site to site Topology

Posted on 2009-05-20
6
Medium Priority
?
284 Views
Last Modified: 2012-05-07
currently have a project in a new company .
My current Objective is to optmize resources in our company .

Present :
6 sites connected with VPN
each site with its own 2003 server ( AD, DNS, DHCP) , own ISA Server, own domain .
Each site has its own ADSL "internet" connection .

What i wanted:
exclude server infra-structure per site . Make all sites authenticate in the HQ via VPN ( by domain auth or terminal server ) , in only one DC, use only one ISA with only one ADSL Attached . Reason mainly, i see no point in having a server infra-structure in sites where only 3 employeers are working .

Questions :
is this possible ?
whats the best way to do this ? so i migrate users from one domain to another with not much trouble ?
should i auth users in remote DC or use local auth with remote Terminal server ?
what will be the cons about this ?


Any ideias, advices, new ways of optmizing resources are welcome .. will avcourse give the points to the most suitable response in my scenario .

thankz in advance,

0
Comment
Question by:lccviper
  • 3
  • 3
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24439054

That sounds like, er.. fun? :)

Are any of the domains Small Business Server?

What kind of connection speeds do you have between sites? Centralising services might seem good, but if you have very low speed connections it may not work as well as you'd hope.

Chris
0
 
LVL 1

Author Comment

by:lccviper
ID: 24440554
just 2003 server standard .. connections between sites are 1Mb / 1 mb VPN in  IP MPLS ..

just particular interested in the best way to migrate users from local domains to the centralized one .
and whats the best way of doing this .. vpn with domain auth , or terminal services .


thankz in advance
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24440905

Terminal Services may get quite expensive. You'd need a server powerful enough to provide concurrent sessions for each user, and you'd still have to provide them with hardware to be able to connect.

If you already have sufficient hardware for each end user I suspect moving to a single domain would make for an easier life. So I'd say VPN with domain Auth.

Given that these aren't SBS you can potentially use the Active Directory Migration Tool to shift them from the current domain to your centralised one. That would require you to form trusts between each domain, which in turn requires that they all have unique names.

Version 3 of ADMT can be found here:

http://www.microsoft.com/downloads/details.aspx?familyid=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en

They've moved the documentation somewhere, hopefully it comes packaged with the installer.

Do you have any other systems involved? Exchange, for example?

The main disadvantage of centralisation like this is the dependence on a single site. Whether that matters depends on your network topology to an extent. If they're no good without the central site anyway then it's not much of a concern.

Chris
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:lccviper
ID: 24449411
thankz Chris .. seems some testing up front 1st :) .. Well, we are centralized at the moment, i just want to get rid of local domains per site, doesnt justify since theres some sites with 2 to 3 users :) .

- how will i manage DHCP in multiple sites ? for ex: Central Site where DHCP server is = 192.168.80.0 , site B =  192.168.20.0 . will dhcp recognize router ip and assign a ip in the correct scope ?


0
 
LVL 1

Author Comment

by:lccviper
ID: 24449424
oh , sorry , no exchange ..
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24449458

If you want to centralise DHCP you'd use a SuperScope (which would contain a range for each office), each router would need a DHCP Helper configuring so that requests from the client site are passed back to the main site.

The range is matched up in the SuperScope based on the source IP address.

Of course if the connection is down they get no IP addressing either, which isn't much of a reason not to do it, but is something that should be considered.

Chris
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question