Solved

Where should DHCP and DNS be hosted in a Site to Site VPN environment?

Posted on 2014-10-07
3
160 Views
Last Modified: 2014-10-16
I'm currently trying to plan my IP environment for a soon to be added site to site VPN connection that will have between 2 out of state locations.  I need some expert guidance and opinions on this as this side of technology is still new to me so here goes:

Currently, I have a site called "East" that is comprised of 95% MAC and 5% PC.  Recently, we ended up upgrading our connectivity with a 100 MB point to point fiber connection between "East" and a "Downtown" Hosted Server Hoteling company.  

We are using a layer 3 switch to do all of the connectivity and routing between "East" and "Downtown" so that  our end-users at the "East" location can have the fastest path available to them when accessing a Windows Server and NetApp storage allocated for them.

Locally as well at the "East" location, we have a Juniper firewall/router that is providing DHCP Services to all computers locally connected at the "East" location.  As well, it provides a conduit for our VPN users in the "East
 region to access for remote access.

My question is...  We just bought another company located now in another state called "West".  With our servers and infrastructure moving more towards a centric "Downtown" location, I'm wondering if DNS and DHCP should be hosted at one location like "Downtown" or do we just leave things as-is?  

The "West" location is similarly setup like the "East" location where there is about 95% MAC and 5% PC with a Fortigate router handling all of their DHCP and DNS instead of a SonicWall.

My goal is to connect the "West" to the "Downtown" location with a 100 MB site to site VPN connection end to end just like we did with the "East" to easily snap the "West" users into our Corporate environment.

Since the SonicWall at the "East" location is handling DHCP and DNS and we're just using a Layer 3 switch to push traffic directly to our "Downtown" location to access our Windows Server and NetApp storage which by the way is only setup as a workgroup right now and no Active Directory install.ed

I need an expert opinion on how I should architect this network so that I can scale and make the right decisions that doesn't hamper performance when we finally add "West" to the mix.  Can anyone please help or advise?  Thanks in advance!
0
Comment
Question by:lustrja
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40367271
It is always best to leave DHCP and DNS local as DHCP outage will result in users not being able to obtain and IP (during your "WAN" outage).  It is recommended to put your DHCP and DNS on a DC at local sites.  WAN failures will not result in users accessing local resources or Internet resources.  You could create a script to dump the config to your central location and in an event of local DHCP (or DC) failure, you could activate the scope on a different server and just add ip-helper address to your router.
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40383055
well - i'll agree partially
I would leave the DHCP at each and every site that I could
whether the Juniper device performs it, a windows box or even the ISP

now the DNS - I might leave the primary @ one location and the secondary at the other location and just initiate a replication
overnight
easy with some devices - not so easy on all
then again it is not a difficult task

but that being said a simple solution is standalone at each location..you can start simply and
eventually you may want to replicate the DNS
you can have a simple windows box internally even
in the meanwhile the ISP DNS will handle all your public DNS needs
0
 

Author Closing Comment

by:lustrja
ID: 40385194
Excellent.  Exactly what I was looking for.  Thanks for the info.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reseller Hosting 2 147
unable to set full duplex 100 on WAN interface 11 82
Deploying the application ec2 5 85
chef or Puppet - Devops career 8 44
Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question