Domain Controller on remote site or new domain interconnected to forest
Hi all,
We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).
Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?
Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?
Regards,
Kasper
We have a datacenter where we host our e-mail, backups, domain controller etc. Now we want to connect our computers to the domain true a VPN (Site-to-Site).
Q1: On the datacenter site we have forefront TMG and on our office we have a cisco pix 501, can I make a permanent VPN to our Datacenter?
Q2: Is it wise to connect to the existing domain or make a new domain and joint it to the forest by trust?
Regards,
Kasper
ASKER
We'll I thought making the datacenter site domain A and the office domain B for security and make them trusted in the forest, but is this common or am I making things needlessly complicated :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the response, your advice is appreciated!
We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.
Thanks for the help!
We use Forefront TMG as our edge firewalls in our datacenter. We have 400 clients connecting true https to our webapp and we have 10 clients in the office, so I think I just put a RDC in the office and create a Site-to-Site VPN.
Thanks for the help!
Yep that sounds good. Thanks for the points!! Thought you might hang out on for a while to get some answers about setting up the VPN? Sorry I can't help with that!
ASKER
No problem, think i got my solution!
It would be highly advisable having an on site DC (and DNS server) as you will feel the performance delay with having the DC off-site. Unless of course you get a hosted terminal services server as well and keep the clients on a workgroup or whatever...