Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Domain Controller on remote site or new domain interconnected to forest

Posted on 2011-03-23
6
Medium Priority
?
603 Views
Last Modified: 2012-06-27
Hi all,

We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).

Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?

Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?

Regards,

Kasper




0
Comment
Question by:xiss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:ebooyens
ID: 35198310
HI Kasper, sorry I'm not going to be helpful with the site-to-site vpn with the Cisco and Forefront (although I'm sure it's doable) but in terms of the domain, don't see any damage in joining the domain, do you have an existing domain controller on site of why would you consider just joining the forest?

It would be highly advisable having an on site DC (and DNS server) as you will feel the performance delay with having the DC off-site.  Unless of course you get a hosted terminal services server as well and keep the clients on a workgroup or whatever...
0
 
LVL 1

Author Comment

by:xiss
ID: 35199819
We'll I thought making the datacenter site domain A and the office domain B for security and make them trusted in the forest, but is this common or am I making things needlessly complicated :)
0
 
LVL 4

Accepted Solution

by:
ebooyens earned 2000 total points
ID: 35199920
Maybe someone else can argue the contrary but I don't see any real security benefits from doing that while it certainly makes things more complicated. In terms of cloud services you should worry about gateway security, so making sure you've got quality firewalls in place and locking down access, perhaps only via your site-to-site vpns or by fixed IPs. Also look at your password policies, enable complex passwords and expiration. Those are the important security aspects to consider.

So how many clients have you got and what servers will be local?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:xiss
ID: 35200931
Thanks for the response, your advice is appreciated!

We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.

Thanks for the help!
0
 
LVL 4

Expert Comment

by:ebooyens
ID: 35201183
Yep that sounds good.  Thanks for the points!!  Thought you might hang out on for a while to get some answers about setting up the VPN?  Sorry I can't help with that!
0
 
LVL 1

Author Comment

by:xiss
ID: 35201774
No problem, think i got my solution!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question