Solved

Virtual DC over VPN for file storage - config options

Posted on 2013-12-17
7
307 Views
Last Modified: 2013-12-23
I currently have a server that needs to be replaced.  It is an old 2003 SBS server.  I have some plans but don't know the exact correct way to carry them out.

I plan on setting up a new Server 2008 R2 server on our main VMware host environment to be used for the remote location as the Primary Domain Controller and DNS server and file server mostly.  There will be no Exchange or SQL on this server.

My questions have to do with networking over the VPN.  Currently we are on a 10.0.0.0/16 network at the main network and 192.168.1.0/24 network on the remote network.  Once I setup the server on the main network, how do I associate the workstation at the remote network with the server here?  Do I need to match the IP addressing at the remote site with the server at the main site?  I know one way is to setup the default DNS server at the remote to be the server at the main office and a secondary public DNS incase the VPN goes down.  I just don't know what is the most efficient way to do this.  

Most of the traffic back and forth will be simply file storage and then possibly a software package on RemoteApp or RDP.  That should be all that is run over the VPN.

Thanks for suggestions on this networking advancement situation.
0
Comment
Question by:alatham23
  • 3
  • 3
7 Comments
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39724657
In this case, it is fairly straightforward.  This is also assuming you have not stability issues or VPN/WAN issues (slow, intermittent, everything is working fine as it is)

The router puts requests to for the other network resources.  Your description is generally what will be needed if you use any AD functions, user log in, security, etc.  You will need to resolve addresses for non-public resources.  I do recommend though having a DNS server with a separate DC/GC functions locally also, so if the WAN goes down, the local users can still log in.  This is assuming there are enough users to warrant this, it will also help keep infrastructure traffic off the VPN and keep it for day to day operations.

As for matching IPs, you do not need to, do that.  Under the DHCP settings for the remote site, you will just have to make sure the DNS server is the AD server and the suffix is the same. (otherwise you will always have to resolve using the FQDN style, servername != servername.domainname.local.)
0
 

Author Comment

by:alatham23
ID: 39724694
There are actually only 2 users onsite.  This location has grown smaller as more users are remote and do not have a need to use a server anymore.

That is why managing a server from a remote office with 2 users is tough to accommodate when it could all be done over the VPN and we could manage it all locally instead.

The remote site has a 30/10 Internet pipe and the main site has an 80/10 Internet pipe so we should be good there.

I will make sure to setup the DHCP server locally with the correct DNS server IP and DNS suffix to make things go smoothly.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39725229
If you have more remote people than actual office workers in this branch, it might also make sense to get a terminal server for them to use.  Then you would only care about printer traffic so the main campus can print to the other's printers, or you can just use the mapping of local resources for that and ditch the whole VPN thing entirely.

Everything else would be handled locally from the network perspective, since the terminal server is at the main office.  The workstations at that point will only need to have valid internet connection.  It doesn't even matter if old or new, mac or pc.  

This would cover all workers that are not at main location, and i found my break point on if it is worth it is usually around 5-8 offsite employees vs. extra admin costs for vpn management, good equipment for desktop experience, and keeping software licensed, AV, Office, etc.
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 

Author Comment

by:alatham23
ID: 39726492
Yes, we do actually have a Terminal Server at the main office that we use for a lot of users offsite.  We will be adding some more of these users into this server as we go forward.

We use the VPN for printing using IP addresses to network printers.  The VPN hasn't been much maintenance in the last year so it has been working well.

Thanks for the suggestions though.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39727153
Cool.  Myself, I would just train my two users at the remote site to use the terminal server, and just have the SOP for @ main office then another for everyone else.  You can keep VPN for VOIP and network printers.  Local printing can be handled by the TS in case they have a printer at their desk instead of a true network printer.  If it is a true network printer, you can add that to the TS, so they don't need to set it up themselves.

If you have the time, it would be a good time to check out the new changes in 2012 for remote desktop.  I just set one up, and will say I am impressed, using local resources like USB drives, cameras, etc are fairly easy, and mostly transparent to the end user.

But as for your original post, I think you already have a working plan that will work in a pinch too that is really just adding the primary DNS and domain suffix to the remote site DHCP.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39730778
In the past I have used TS / RDS server for small remote sites. It is much easier to manage.

On another note if you clients are all Windows 7 & 8 and you are running Window 2008 R2 or 2012 you could setup DirectAccess???

On another note, I have never heard of the FQDN style, servername != servername.domainname.local syntax
0
 

Author Comment

by:alatham23
ID: 39731634
Thanks for the suggestions with Windows 7/8 using DirectAccess but we don't have enterprise versions of those operating systems.  We just have the Professional versions that came with the computers.

I will check into that down the road though.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now