Site to Site VPN tunnel (Different domain)
Server: Microsoft Small Business Server 2011
Firewall (VPN): Check Point UTM-1 132 Appliance
Ok this is the situation. I have two individual sites with their own Domain Controller and Exchange at each site (Microsoft Small Business Server).
The two sites wish to share files and documents. I figured we could do this using VPN.
1) Since the two sites are on the their own separate domain, how do we achieve this with regards to authentication etc? Is this configured on the appliance that is configuring the VPN (Check Point for example)
2) What needs to be configured on the server side to ensure users can share documents on between servers successfully?
Thank you
ASKER
Thanks for the advise Cliff
I have just been advised that one of the sites is actually running Server Enterprise (based in Singapore). The other NEW site (based in Sydney, is not live yet) we were intending to have a Microsoft Small Business Server 2011 installed due to the fact that they wanted to host their own Exchange server onsite.
Without over complicating matters and since they only want to share files and documents between sites. In your personal opinion, what do you recommend if you were put in this situation? Bearing in mind that the potential Small Business Server has not even been purchased yet.
I have just been advised that one of the sites is actually running Server Enterprise (based in Singapore). The other NEW site (based in Sydney, is not live yet) we were intending to have a Microsoft Small Business Server 2011 installed due to the fact that they wanted to host their own Exchange server onsite.
Without over complicating matters and since they only want to share files and documents between sites. In your personal opinion, what do you recommend if you were put in this situation? Bearing in mind that the potential Small Business Server has not even been purchased yet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) If these two sites are both part of the same legal entity (company, non-profit, etc) then legally you can only have one SBS server. The proper way to resolve this is to migrate one site to a windows standard server and join it to the SBS domain. Then authentication will work as expected. There will be migration work to be done to merge the two AD and Exchange infrastructures, and planning should be done to decide if you want an RODC and other items at the site being migrated. Also, if merging the two sites puts you above the 75 CAL limit of SBS, then both sites will need to be migrated to standard servers to remain legal.
2) If these are two separate legal entities that are collaborating on a project then for many reasons revolving around CAL assignment and security, you don't want to have users having direct access to each other's servers. It'll be unnecessarily insecure and *expensive* considering you'd have duplicate CALs for every user. You'd be better served setting up a collaboration product (SharePoint, for example) with external connector licenses or a cloud based solution already licensed for such collaboration. This avoids the CAL issue, the VPN, and allows for a better managed experience on both parties.
Either way, doing what you want to do at a high level is ill advised at best (and potentially illegal), and the details of what you want to do (having the VPN handle the authentication) is not even possible.
-Cliff