Solved

Virtual DC over VPN for file storage - config options

Posted on 2013-12-17
7
310 Views
Last Modified: 2013-12-23
I currently have a server that needs to be replaced.  It is an old 2003 SBS server.  I have some plans but don't know the exact correct way to carry them out.

I plan on setting up a new Server 2008 R2 server on our main VMware host environment to be used for the remote location as the Primary Domain Controller and DNS server and file server mostly.  There will be no Exchange or SQL on this server.

My questions have to do with networking over the VPN.  Currently we are on a 10.0.0.0/16 network at the main network and 192.168.1.0/24 network on the remote network.  Once I setup the server on the main network, how do I associate the workstation at the remote network with the server here?  Do I need to match the IP addressing at the remote site with the server at the main site?  I know one way is to setup the default DNS server at the remote to be the server at the main office and a secondary public DNS incase the VPN goes down.  I just don't know what is the most efficient way to do this.  

Most of the traffic back and forth will be simply file storage and then possibly a software package on RemoteApp or RDP.  That should be all that is run over the VPN.

Thanks for suggestions on this networking advancement situation.
0
Comment
Question by:alatham23
  • 3
  • 3
7 Comments
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39724657
In this case, it is fairly straightforward.  This is also assuming you have not stability issues or VPN/WAN issues (slow, intermittent, everything is working fine as it is)

The router puts requests to for the other network resources.  Your description is generally what will be needed if you use any AD functions, user log in, security, etc.  You will need to resolve addresses for non-public resources.  I do recommend though having a DNS server with a separate DC/GC functions locally also, so if the WAN goes down, the local users can still log in.  This is assuming there are enough users to warrant this, it will also help keep infrastructure traffic off the VPN and keep it for day to day operations.

As for matching IPs, you do not need to, do that.  Under the DHCP settings for the remote site, you will just have to make sure the DNS server is the AD server and the suffix is the same. (otherwise you will always have to resolve using the FQDN style, servername != servername.domainname.local.)
0
 

Author Comment

by:alatham23
ID: 39724694
There are actually only 2 users onsite.  This location has grown smaller as more users are remote and do not have a need to use a server anymore.

That is why managing a server from a remote office with 2 users is tough to accommodate when it could all be done over the VPN and we could manage it all locally instead.

The remote site has a 30/10 Internet pipe and the main site has an 80/10 Internet pipe so we should be good there.

I will make sure to setup the DHCP server locally with the correct DNS server IP and DNS suffix to make things go smoothly.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39725229
If you have more remote people than actual office workers in this branch, it might also make sense to get a terminal server for them to use.  Then you would only care about printer traffic so the main campus can print to the other's printers, or you can just use the mapping of local resources for that and ditch the whole VPN thing entirely.

Everything else would be handled locally from the network perspective, since the terminal server is at the main office.  The workstations at that point will only need to have valid internet connection.  It doesn't even matter if old or new, mac or pc.  

This would cover all workers that are not at main location, and i found my break point on if it is worth it is usually around 5-8 offsite employees vs. extra admin costs for vpn management, good equipment for desktop experience, and keeping software licensed, AV, Office, etc.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:alatham23
ID: 39726492
Yes, we do actually have a Terminal Server at the main office that we use for a lot of users offsite.  We will be adding some more of these users into this server as we go forward.

We use the VPN for printing using IP addresses to network printers.  The VPN hasn't been much maintenance in the last year so it has been working well.

Thanks for the suggestions though.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39727153
Cool.  Myself, I would just train my two users at the remote site to use the terminal server, and just have the SOP for @ main office then another for everyone else.  You can keep VPN for VOIP and network printers.  Local printing can be handled by the TS in case they have a printer at their desk instead of a true network printer.  If it is a true network printer, you can add that to the TS, so they don't need to set it up themselves.

If you have the time, it would be a good time to check out the new changes in 2012 for remote desktop.  I just set one up, and will say I am impressed, using local resources like USB drives, cameras, etc are fairly easy, and mostly transparent to the end user.

But as for your original post, I think you already have a working plan that will work in a pinch too that is really just adding the primary DNS and domain suffix to the remote site DHCP.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 39730778
In the past I have used TS / RDS server for small remote sites. It is much easier to manage.

On another note if you clients are all Windows 7 & 8 and you are running Window 2008 R2 or 2012 you could setup DirectAccess???

On another note, I have never heard of the FQDN style, servername != servername.domainname.local syntax
0
 

Author Comment

by:alatham23
ID: 39731634
Thanks for the suggestions with Windows 7/8 using DirectAccess but we don't have enterprise versions of those operating systems.  We just have the Professional versions that came with the computers.

I will check into that down the road though.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now