wrinklefree
asked on
Active Directory Implementation question for growing business. HELP needed!
I'm in the planning stages for an Active Directory implementation here at our small but growing business and would like some best practice advice.
- Basically we have about 65 people and looking to expand to 100 in 7 months.
- Our production web server is hosted off-site and completely separate from our offices (no site to site VPN)
- The server room in our building is not ideal. While power is good, it's dusty and we're located in earthquake country.
I'd like to put 1 domain controller on site for performance reasons. Once the domain is up we plan on utilizing BPOS for hosted exchange.
The question is, where to put the second one? If I put it in our production facility I would need to setup a site-2-site VPN which could potentially create a backdoor to our production environment. Putting it on the same site wouldn't be fault tolerant. Is syncing with BPOS considered a domain controller in the cloud?
Also is there a downside to having AD roles + DNS + File server roles on the same hardware to cut down on costs?
Thanks in advance!
- Basically we have about 65 people and looking to expand to 100 in 7 months.
- Our production web server is hosted off-site and completely separate from our offices (no site to site VPN)
- The server room in our building is not ideal. While power is good, it's dusty and we're located in earthquake country.
I'd like to put 1 domain controller on site for performance reasons. Once the domain is up we plan on utilizing BPOS for hosted exchange.
The question is, where to put the second one? If I put it in our production facility I would need to setup a site-2-site VPN which could potentially create a backdoor to our production environment. Putting it on the same site wouldn't be fault tolerant. Is syncing with BPOS considered a domain controller in the cloud?
Also is there a downside to having AD roles + DNS + File server roles on the same hardware to cut down on costs?
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the replies.
Regarding VPN, I'm not too concerned about the tunnel being broken in the middle, but rather a PC here in our office being compromised and having connectivity to the production environment. I guess I could setup a separate network in the data center just for the DC.
You have a point about performance with a single DC. I'll probably up that to 2, but would like to put one off site just in case of disaster.
I bet the BPOS domain controller is a 1 way sync, and not exactly a disaster recovery solution. Any know?
Regarding VPN, I'm not too concerned about the tunnel being broken in the middle, but rather a PC here in our office being compromised and having connectivity to the production environment. I guess I could setup a separate network in the data center just for the DC.
You have a point about performance with a single DC. I'll probably up that to 2, but would like to put one off site just in case of disaster.
I bet the BPOS domain controller is a 1 way sync, and not exactly a disaster recovery solution. Any know?
for 100 users you don't realy need a server room.
to keep saving you can get one rack and put all in there.
you definatly want to have two domain controllers. they don't need to be expensive
you want to host DC; dns; dhcp; wins; on those servers
you DON'T want files to be on domain controllers it should be on seperate server.
if you have one office then have both DCs in your office but with redundant network connection.
if you have two offices then split them per office but in that case you need to setup Sites for DC authentication.
aaaaaaaaaaaalways avoid using Universal groups.
to keep saving you can get one rack and put all in there.
you definatly want to have two domain controllers. they don't need to be expensive
you want to host DC; dns; dhcp; wins; on those servers
you DON'T want files to be on domain controllers it should be on seperate server.
if you have one office then have both DCs in your office but with redundant network connection.
if you have two offices then split them per office but in that case you need to setup Sites for DC authentication.
aaaaaaaaaaaalways avoid using Universal groups.
File server is generally not recommended but in a case like yours I've seen it done with no issues.
I don't know the BPOS answer...haven't used it myself. (and Office365 is right around the corner)
Thanks
Mike