Connect two physically separate locations (different co-location centers) to share Active Directory (replication) and file sharing
Posted on 2009-07-01
Ive got a windows 2003 active directory domain with 3 servers set up in a collocation server rack for a non-profit (charity) that I volunteer for. Im definitely not (as will become obvious from this post) a networking expert, but I know my way around Windows 2003.
All of the machines have two NICs.
NIC #1 has a public IP address, firewalled to only allow access to services like web, smtp, and dns using the built in Routing and Remote access.
NIC #2 in each server is connected to a physically separate switch that allows non-firewalled access from server to server, using a private ip in the 10.1.1.x subnet.
One of the servers is acting as a VPN server, and hands out IPs in the same 10.1.1.x subnet
Were now interested in setting up a second collocation location (several states over) to give us more redundancy. Im looking for suggestions on how to best accomplish this, in terms of connectivity and AD replication.
Remember that this is for a charity, and the budget is TIGHT. If I can get away without purchasing VPN routers, that would be great. I would be interested in the right way to do this if budget was unlimited (as long as connectivity between the 2 locations still goes over the Internet and doesnt use a dedicated line) and also any alternative way that wouldnt involve any additional expenditure.
There will be 4 servers in the remote collocation rack. I was thinking of having one of these run AD and replicate the information over the WAN (via a VPN). How to accomplish that is one of the big questions I have.
I figured that the 4 servers would also be set with nic #1 on a public IP (different provider from the primary location, different subnet altogether) and having nic #2 on a private network, say 10.2.1.x.
Whats the best way to have all 4 servers in the second location also have access to the 10.1.1.x subnet at the first location? I assume if we can accomplish this, then the first location will be able to talk to the servers at the second location too.
Your ideas are appreciated!