Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

Virtual DC over VPN for file storage - config options

I currently have a server that needs to be replaced.  It is an old 2003 SBS server.  I have some plans but don't know the exact correct way to carry them out.

I plan on setting up a new Server 2008 R2 server on our main VMware host environment to be used for the remote location as the Primary Domain Controller and DNS server and file server mostly.  There will be no Exchange or SQL on this server.

My questions have to do with networking over the VPN.  Currently we are on a 10.0.0.0/16 network at the main network and 192.168.1.0/24 network on the remote network.  Once I setup the server on the main network, how do I associate the workstation at the remote network with the server here?  Do I need to match the IP addressing at the remote site with the server at the main site?  I know one way is to setup the default DNS server at the remote to be the server at the main office and a secondary public DNS incase the VPN goes down.  I just don't know what is the most efficient way to do this.  

Most of the traffic back and forth will be simply file storage and then possibly a software package on RemoteApp or RDP.  That should be all that is run over the VPN.

Thanks for suggestions on this networking advancement situation.
0
alatham23
Asked:
alatham23
  • 3
  • 3
1 Solution
 
tsaicoCommented:
In this case, it is fairly straightforward.  This is also assuming you have not stability issues or VPN/WAN issues (slow, intermittent, everything is working fine as it is)

The router puts requests to for the other network resources.  Your description is generally what will be needed if you use any AD functions, user log in, security, etc.  You will need to resolve addresses for non-public resources.  I do recommend though having a DNS server with a separate DC/GC functions locally also, so if the WAN goes down, the local users can still log in.  This is assuming there are enough users to warrant this, it will also help keep infrastructure traffic off the VPN and keep it for day to day operations.

As for matching IPs, you do not need to, do that.  Under the DHCP settings for the remote site, you will just have to make sure the DNS server is the AD server and the suffix is the same. (otherwise you will always have to resolve using the FQDN style, servername != servername.domainname.local.)
0
 
alatham23Author Commented:
There are actually only 2 users onsite.  This location has grown smaller as more users are remote and do not have a need to use a server anymore.

That is why managing a server from a remote office with 2 users is tough to accommodate when it could all be done over the VPN and we could manage it all locally instead.

The remote site has a 30/10 Internet pipe and the main site has an 80/10 Internet pipe so we should be good there.

I will make sure to setup the DHCP server locally with the correct DNS server IP and DNS suffix to make things go smoothly.
0
 
tsaicoCommented:
If you have more remote people than actual office workers in this branch, it might also make sense to get a terminal server for them to use.  Then you would only care about printer traffic so the main campus can print to the other's printers, or you can just use the mapping of local resources for that and ditch the whole VPN thing entirely.

Everything else would be handled locally from the network perspective, since the terminal server is at the main office.  The workstations at that point will only need to have valid internet connection.  It doesn't even matter if old or new, mac or pc.  

This would cover all workers that are not at main location, and i found my break point on if it is worth it is usually around 5-8 offsite employees vs. extra admin costs for vpn management, good equipment for desktop experience, and keeping software licensed, AV, Office, etc.
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
alatham23Author Commented:
Yes, we do actually have a Terminal Server at the main office that we use for a lot of users offsite.  We will be adding some more of these users into this server as we go forward.

We use the VPN for printing using IP addresses to network printers.  The VPN hasn't been much maintenance in the last year so it has been working well.

Thanks for the suggestions though.
0
 
tsaicoCommented:
Cool.  Myself, I would just train my two users at the remote site to use the terminal server, and just have the SOP for @ main office then another for everyone else.  You can keep VPN for VOIP and network printers.  Local printing can be handled by the TS in case they have a printer at their desk instead of a true network printer.  If it is a true network printer, you can add that to the TS, so they don't need to set it up themselves.

If you have the time, it would be a good time to check out the new changes in 2012 for remote desktop.  I just set one up, and will say I am impressed, using local resources like USB drives, cameras, etc are fairly easy, and mostly transparent to the end user.

But as for your original post, I think you already have a working plan that will work in a pinch too that is really just adding the primary DNS and domain suffix to the remote site DHCP.
0
 
compdigit44Commented:
In the past I have used TS / RDS server for small remote sites. It is much easier to manage.

On another note if you clients are all Windows 7 & 8 and you are running Window 2008 R2 or 2012 you could setup DirectAccess???

On another note, I have never heard of the FQDN style, servername != servername.domainname.local syntax
0
 
alatham23Author Commented:
Thanks for the suggestions with Windows 7/8 using DirectAccess but we don't have enterprise versions of those operating systems.  We just have the Professional versions that came with the computers.

I will check into that down the road though.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now