Solved

Domain Controller on remote site or new domain interconnected to forest

Posted on 2011-03-23
6
560 Views
Last Modified: 2012-06-27
Hi all,

We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).

Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?

Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?

Regards,

Kasper




0
Comment
Question by:xiss
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:ebooyens
ID: 35198310
HI Kasper, sorry I'm not going to be helpful with the site-to-site vpn with the Cisco and Forefront (although I'm sure it's doable) but in terms of the domain, don't see any damage in joining the domain, do you have an existing domain controller on site of why would you consider just joining the forest?

It would be highly advisable having an on site DC (and DNS server) as you will feel the performance delay with having the DC off-site.  Unless of course you get a hosted terminal services server as well and keep the clients on a workgroup or whatever...
0
 
LVL 1

Author Comment

by:xiss
ID: 35199819
We'll I thought making the datacenter site domain A and the office domain B for security and make them trusted in the forest, but is this common or am I making things needlessly complicated :)
0
 
LVL 4

Accepted Solution

by:
ebooyens earned 500 total points
ID: 35199920
Maybe someone else can argue the contrary but I don't see any real security benefits from doing that while it certainly makes things more complicated. In terms of cloud services you should worry about gateway security, so making sure you've got quality firewalls in place and locking down access, perhaps only via your site-to-site vpns or by fixed IPs. Also look at your password policies, enable complex passwords and expiration. Those are the important security aspects to consider.

So how many clients have you got and what servers will be local?
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 1

Author Comment

by:xiss
ID: 35200931
Thanks for the response, your advice is appreciated!

We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.

Thanks for the help!
0
 
LVL 4

Expert Comment

by:ebooyens
ID: 35201183
Yep that sounds good.  Thanks for the points!!  Thought you might hang out on for a while to get some answers about setting up the VPN?  Sorry I can't help with that!
0
 
LVL 1

Author Comment

by:xiss
ID: 35201774
No problem, think i got my solution!
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configure TMG 2010 as a transparent Proxy 9 831
Issues with domain account lockouts 2 758
Restrict External Access to OWA 12 98
Itunes Thru ISA 2000 Server 2 122
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question