theffernan
asked on
Domains with same name across VPN - no trust necessary
I am testing a disaster recovery plan which involves using Microsoft's Hyper-V to recreate the domain at an offsite location. There is a VPN established between these points so that files can be replicated and so that users can access the disaster VPN if required. In addition, one user in the remote location accesses the domain (not the virutalized one) terminal server. That user is actually on a third subnet.
Anyway, can I safely bring my virutal servers/domain on-line with a connected configuration (not local/private) network so that I can test connectivity to the Imternet, test applications and log in as a user remotely? Will this cause any problems for the "real" domain that is running on the other side of the VPN?
BTW, this virtual domain will be in a "live" IP subnet so I am assuming i will have to be careful about DHCP running, etc., when I try this. I figured I would work out one issue/concern at a time.
Thanks.
Anyway, can I safely bring my virutal servers/domain on-line with a connected configuration (not local/private) network so that I can test connectivity to the Imternet, test applications and log in as a user remotely? Will this cause any problems for the "real" domain that is running on the other side of the VPN?
BTW, this virtual domain will be in a "live" IP subnet so I am assuming i will have to be careful about DHCP running, etc., when I try this. I figured I would work out one issue/concern at a time.
Thanks.
ASKER
mutahir:
I am not sure you understand what I am tyring to accomplish. On the "real" domain we are running Symantec's disaster recovery and creating VHD's which are then copied to the remote site. The remote site is expected to run only when the "real" site is down. Everything will be a mirror of the "real" stie that only goes on line if a disaster occurs. In that case, users will all connect to the virtual domain through terminal services from either the "real" site or from remote locations such as their home or a hotel or other temporary office.
We don't plan to keep the virtual site up. We will be regularly replicating vhd's and will build the remote virutal servers once they are needed. I just want to be able to test this ability every now and again. What I am trying to determine is if I need to bring the "real" site down during the testing process due to the names confilicts or if I can do my testing during regular business hours.
I am not sure you understand what I am tyring to accomplish. On the "real" domain we are running Symantec's disaster recovery and creating VHD's which are then copied to the remote site. The remote site is expected to run only when the "real" site is down. Everything will be a mirror of the "real" stie that only goes on line if a disaster occurs. In that case, users will all connect to the virtual domain through terminal services from either the "real" site or from remote locations such as their home or a hotel or other temporary office.
We don't plan to keep the virtual site up. We will be regularly replicating vhd's and will build the remote virutal servers once they are needed. I just want to be able to test this ability every now and again. What I am trying to determine is if I need to bring the "real" site down during the testing process due to the names confilicts or if I can do my testing during regular business hours.
I had an idea what you are after as I am doing the same thing but I have setup all dcs and other two servers in Hyper-v internal network so they don't speak to the outside world at all.
I have backed up using BESR 2010 Recovery and converted them or restored them into VMs
---
If there is VPN Connectivity between the two sites, there is a chance of conflicts, because the server names would be the same, make sure you don't allow any ports on either firewalls for the traffic to pass through but even then I would hesitate.
What you can do is, just create a virtual network which is Private, make sure your converted or restored vms from real site are using that virtual network, switch on that VM and you will be good to go as they won't be able to communicate apart from each other.
Once you real site is down, you would have to change your Virtual Network Settings and Settings in each vm to use the right one.
---
Also, I have faced activation issues when doing what you have done, some servers won't past the login screen and would give me activation problems.
let me know if you have any further question on this
Hope this Helps
I have backed up using BESR 2010 Recovery and converted them or restored them into VMs
---
If there is VPN Connectivity between the two sites, there is a chance of conflicts, because the server names would be the same, make sure you don't allow any ports on either firewalls for the traffic to pass through but even then I would hesitate.
What you can do is, just create a virtual network which is Private, make sure your converted or restored vms from real site are using that virtual network, switch on that VM and you will be good to go as they won't be able to communicate apart from each other.
Once you real site is down, you would have to change your Virtual Network Settings and Settings in each vm to use the right one.
---
Also, I have faced activation issues when doing what you have done, some servers won't past the login screen and would give me activation problems.
let me know if you have any further question on this
Hope this Helps
ASKER
Thanks. I have tested it in the private network. That works fine, but in the event I need to use this virtual domain, it will be necessary to have it talk to the outside world. I just want to test it live to make sure the firewall settings are set to allow connections and that everything does work from the outside world before I need it.. I don't currently have control over the firewall at the remote site so i need to make sure everything is set and read to go with a proven success before we need it.
I have had problems with activation as well but I believe I have that issue resolved.
I have had problems with activation as well but I believe I have that issue resolved.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What did you did in Activation problems ?
You can create a Windows Server install, make sure it is connected via vpn and the remote server can access servers on your side (Firewall ports open etc)
Then do a dcpromo on the remote site and let it replicate over VPN as another dc for the same domain.
This way you would have a domain controller sitting in a remote site
You can use AD > Sites and Services to specify these settings
You should also make sure that the Global catalog is local to your clients
http://www.petri.co.il/configure_a_new_global_catalog.htm
The above scenario is a backup domain as well with all your AD replicating over the VPN
AD Replication over firewalls :
http://technet.microsoft.com/en-gb/library/bb727063.aspx
---
As you want constant replication of settings / AD , then a good idea will be to make sure that the other environment has a dc (via dcpromo).
--
What servers do you have ?
How have you created the domain ? is it via Physical to virtual conversion ? or setting up a new environment and syncing with your existing ones ?
Do you have Exchange, SQL etc ?