[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to configure 2 sites connected with VPN

Posted on 2015-02-15
10
Medium Priority
?
129 Views
Last Modified: 2015-02-20
I have 2 sites I want to connect with a VPN.
Site A has 30 users, Site B has 15 users.
Site B has a 10/1MB internet connection which can’t be upgraded for a year or so as there are currently no faster services available in that area.
Site A has a Small Business Server 2011 with 20 CALS.
Site B has a basic NAS.
I want each site to be able to access data at the other site. This will happen infrequently and speed of the data transfer is not an issue.

How should I set this up?

SBS 2011 at Site A as Domain controller for both sites? I would need to purchase more CALs.
SBS 2011 at Site A and another Domain Controller at Site B. I’m not sure if I can do this with SBS.
New Server at Site A and new Server at Site B on the same domain.
New Server at Site A and new Server at Site B on different domains.
Any other recommended configurations?

If I have two Windows Servers on the same domain and 50 users, how many CALs do I need?

Should I configure both sites with the same subnet or different subnets?
0
Comment
Question by:akb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 22

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 400 total points
ID: 40611390
I would install a RDS (Remote Desktop Services) server in the same office as the SBS.  No data leaves the main office, users have a secure and safe place to work, and you have your choice of VPN or RWA.  Of the two, I recommend RWA.  Could even be RWA over VPN, but not necessary.

As for Servers and CALs.. you need a CAL for each user for the first server and any additional ones that are newer.  So if you started with SBS (or any) 2008 server you need CALs for every user that addresses it.  If you later add a 2012 Server you need CALs for every user that addresses it.  If you add a second of same generation or older you do not need additional CALs.
0
 
LVL 13

Author Comment

by:akb
ID: 40611408
There is no "main office". Just two different sized offices.
RDS won't work for us. A lot of users run Abode Suite and other CPU/graphics intensive applications. Printing large documents with many photographs to a local printer from a remote RDS sessions is incredibly slow. Internet connection is slow and unreliable - if internet breaks I don't want the office to stop working.
0
 
LVL 4

Assisted Solution

by:Praveen Kumar Bonala
Praveen Kumar Bonala earned 200 total points
ID: 40611446
My suggestion is Go with single domain and deploy separate domain controllers at each site.
You can use separate subnets at each site. So traffic will be redirected to respective domain controller.
Kindly establish connection between two sites using P2P leased line, so no need of VPN and you can establish connection between sites like LAN.
You need to purchase CAL's depending upon total number of users. No need purchase separate CAL's for individual server.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 11

Accepted Solution

by:
hecgomrec earned 1400 total points
ID: 40612948
If I understood correctly both sites are working fine. You just need access to each site data.

If this is correct you should establish the VPN via the existing Internet using each site router if they support it.

If the routers doesn't allow you to see the other IP range on your network, you can always add in each router to the DNS table. So when you are looking for a computer on the other side it will find it (FULL UNC most be used)

To be able to access the other site share just use full UNC to the share (\\servername.domain.local\share\). Of course a valid username and password should be provided.

Once the tunnel is established router settings should look like:

Site A:

Public IP:  70.215.12.59
Subnet:   255.255.255.249
Gateway:  70.215.12.58
DNS1:  70.215.10.50

DHCP: 192.168.1.61-254
Subnet:255.255.255.0
Gateway: 192.168.1.30  (Router's internal IP)
DNS1:192.168.2.30  (Site B Router's internal IP)
DNS2:192.168.1.3  (Site A Internal DNS)


Site B:

Public IP:  216.52.50.55
Subnet:   255.255.255.249
Gateway:  216.52.50.54
DNS1:  216.52.55.55

DHCP: 192.168.2.61-254
Subnet:255.255.255.0
Gateway: 192.168.2.30  (Router's internal IP)
DNS1:192.168.1.3  (Site A Internal DNS)
0
 
LVL 13

Author Comment

by:akb
ID: 40612995
Thanks hecgomrec.
Site A has a domain.
Site B is a workgroup.
I need domain authentication at both sites.

Could I just put Site B on Site A's domain without a Domain Controller at site B?
If the connection is broken, won't Site B use cached authentication details and keep operating locally?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 40613011
Yes!, you can do that.

As long as you are aware of the implications of having the communication down.

Remember all PCs on site B will have to be introduced to the Domain and both sites should have same IP subnet but range should be controlled or have only 1 DHCP.
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40613406
If you are doing so, network traffic will be high and your bandwidth will be down.
0
 
LVL 13

Author Comment

by:akb
ID: 40613435
Praveen Kumar Bonala, why would the network traffic be high?
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40613491
You don't want to host domain controller on Site B,

Every time Site B want to go to Site A dc to Validate authentication. Ultimately it leads to network traffic.
0
 
LVL 13

Author Closing Comment

by:akb
ID: 40622091
Thanks for the input
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question