Solved

Domain Controller on remote site or new domain interconnected to forest

Posted on 2011-03-23
6
573 Views
Last Modified: 2012-06-27
Hi all,

We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).

Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?

Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?

Regards,

Kasper




0
Comment
Question by:xiss
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:ebooyens
ID: 35198310
HI Kasper, sorry I'm not going to be helpful with the site-to-site vpn with the Cisco and Forefront (although I'm sure it's doable) but in terms of the domain, don't see any damage in joining the domain, do you have an existing domain controller on site of why would you consider just joining the forest?

It would be highly advisable having an on site DC (and DNS server) as you will feel the performance delay with having the DC off-site.  Unless of course you get a hosted terminal services server as well and keep the clients on a workgroup or whatever...
0
 
LVL 1

Author Comment

by:xiss
ID: 35199819
We'll I thought making the datacenter site domain A and the office domain B for security and make them trusted in the forest, but is this common or am I making things needlessly complicated :)
0
 
LVL 4

Accepted Solution

by:
ebooyens earned 500 total points
ID: 35199920
Maybe someone else can argue the contrary but I don't see any real security benefits from doing that while it certainly makes things more complicated. In terms of cloud services you should worry about gateway security, so making sure you've got quality firewalls in place and locking down access, perhaps only via your site-to-site vpns or by fixed IPs. Also look at your password policies, enable complex passwords and expiration. Those are the important security aspects to consider.

So how many clients have you got and what servers will be local?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Author Comment

by:xiss
ID: 35200931
Thanks for the response, your advice is appreciated!

We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.

Thanks for the help!
0
 
LVL 4

Expert Comment

by:ebooyens
ID: 35201183
Yep that sounds good.  Thanks for the points!!  Thought you might hang out on for a while to get some answers about setting up the VPN?  Sorry I can't help with that!
0
 
LVL 1

Author Comment

by:xiss
ID: 35201774
No problem, think i got my solution!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question