Solved

Domain Controller on remote site or new domain interconnected to forest

Posted on 2011-03-23
6
598 Views
Last Modified: 2012-06-27
Hi all,

We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).

Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?

Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?

Regards,

Kasper




0
Comment
Question by:xiss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:ebooyens
ID: 35198310
HI Kasper, sorry I'm not going to be helpful with the site-to-site vpn with the Cisco and Forefront (although I'm sure it's doable) but in terms of the domain, don't see any damage in joining the domain, do you have an existing domain controller on site of why would you consider just joining the forest?

It would be highly advisable having an on site DC (and DNS server) as you will feel the performance delay with having the DC off-site.  Unless of course you get a hosted terminal services server as well and keep the clients on a workgroup or whatever...
0
 
LVL 1

Author Comment

by:xiss
ID: 35199819
We'll I thought making the datacenter site domain A and the office domain B for security and make them trusted in the forest, but is this common or am I making things needlessly complicated :)
0
 
LVL 4

Accepted Solution

by:
ebooyens earned 500 total points
ID: 35199920
Maybe someone else can argue the contrary but I don't see any real security benefits from doing that while it certainly makes things more complicated. In terms of cloud services you should worry about gateway security, so making sure you've got quality firewalls in place and locking down access, perhaps only via your site-to-site vpns or by fixed IPs. Also look at your password policies, enable complex passwords and expiration. Those are the important security aspects to consider.

So how many clients have you got and what servers will be local?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:xiss
ID: 35200931
Thanks for the response, your advice is appreciated!

We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.

Thanks for the help!
0
 
LVL 4

Expert Comment

by:ebooyens
ID: 35201183
Yep that sounds good.  Thanks for the points!!  Thought you might hang out on for a while to get some answers about setting up the VPN?  Sorry I can't help with that!
0
 
LVL 1

Author Comment

by:xiss
ID: 35201774
No problem, think i got my solution!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question