?
Solved

site setting

Posted on 2012-03-27
10
Medium Priority
?
141 Views
Last Modified: 2013-10-21
My headquarter is running an AD and a developer software is running on ServerA. Now we are going to setup a site office consist of ServerB with 4 workstation. What is the best network design I need to provide in order to let the site office people to use the developer program which share the same database. this means when a salesman make a booking of a condo unit at site, then the headquarter will able to see it, headquarter people can't make an order on that particular unit anymore. The sales people might also want to make a booking at anytime and any where, not necessarily he is at site only.
1)Do I need to set up a DMZ to duplicate the database?
2)Do I need to create a VPN tunnel ?
3)How the AD is going to control those computers/server at site? Need to create the forest?
4)Subscription of leased line is must in order to get the online data at both side?
0
Comment
Question by:swpui
  • 6
  • 4
10 Comments
 
LVL 15

Expert Comment

by:Robert Sutton Jr
ID: 37772275
How much bandwidth do you expect to use? I don't think you'll need a "Leased" line. You should be able to get DSL or Cable with a high class of service (Higher speeds) and I would advise on getting static Ip addresses on both ends. A small SOHO router on both ends should suffice. You will need to create a site to site VPN tunnel to allow the remote site secure access back to your HQ office. This will allow you to setup who has access to what at HQ from your remote site. Hope this helps.
0
 

Author Comment

by:swpui
ID: 37774705
What about those salesman that not inside headquarter or site office, they are at some where might want to access to see which unit of condo had been occupied........do I need to created another domain at site?
0
 
LVL 15

Assisted Solution

by:Robert Sutton Jr
Robert Sutton Jr earned 1500 total points
ID: 37774794
Simple, install a VPN client software on those PC's that would need it and point them back to your HQ office static Ip address. This will allow them the access to resources at your HQ site. They would obviously need Internet access no matter where they are in the world. Hope this helps. No other domain is necessary.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:swpui
ID: 37774866
Is that secured enough? How to limit the users to only access to a specific programs using VPN client software?
I do not need create a forest at site office? How am i going to control the users using my AD policy?
0
 
LVL 15

Assisted Solution

by:Robert Sutton Jr
Robert Sutton Jr earned 1500 total points
ID: 37774939
Yes, it is secure using VPN for remote access. To control users can be done via the server login credentials or via TS login script if you just want to specify a certain application. There are several ways to do it which would be completely up to you. But, remotely this would be a feasible solution with low cost.
0
 

Author Comment

by:swpui
ID: 37775551
Will Terminal Service better than VPN?
0
 
LVL 15

Accepted Solution

by:
Robert Sutton Jr earned 1500 total points
ID: 37776218
No. TS is just an option along with many others to restrict user access to certain resources. Again, there are several ways to do this and achieve the same affect. The VPN tunnel will allow remote users a "secure" way to communicate with the local resources at the HQ site. Once you are connected via the VPN, the information sent over the tunnel will be secure. Furthermore, once connected via the VPN back to HQ, it is assumed that you would be sitting on the "trusted" side of your HQ network. Therefore, any requests for info would be coming from a trusted user/source since it already has accessed the trusted network.
0
 

Author Comment

by:swpui
ID: 37850493
What about RODC?
0
 

Author Comment

by:swpui
ID: 37959610
whatif I set the pc and join domain at my HQ then later bring the pc to site, then the pc will inherit with the existing domain policy, the I send the pc to the site for the user to use.
The problem is if I have any changes in policy at HQ, how am I going to gpupdate the pc? Any idea? By connecting to the vpn, will I manage to update?
0
 

Author Closing Comment

by:swpui
ID: 39587099
Thanks for the recommendation
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up SSH Cisco We are all told that you should not use Telent for connecting to devices because it is unsecure and all clear text. Much better is to use SSH, but it can seem a bit of a challenge setting it all up and especially in a small n…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question