Domain Controllers Placement
Hi,
we have single domain with 5 sites connected through VSAT link.
Our Headoffice is having 2 domain controllers and 1 DC in each Site.
We just want to remove all Servers from site and consolidate in Headoffice.
Can any one here share the drawback of moving out DCs from site, appreciate if any link / document could be shared.
we have single domain with 5 sites connected through VSAT link.
Our Headoffice is having 2 domain controllers and 1 DC in each Site.
We just want to remove all Servers from site and consolidate in Headoffice.
Can any one here share the drawback of moving out DCs from site, appreciate if any link / document could be shared.
jmcg
Satellite DCs like these provide a number of services to their local client population, including authentication, DNS, DHCP. Technically, the clients could obtain these services over the long-distance links, but -- since these links are more expensive and lower performance (in terms of bandwidth, latency, and reliability) than LAN connections -- it's pretty common to deploy a DC at those sites that hold a sufficient number of clients to make it worthwhile.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You haven't really explained what the servers are used for beyond DCs. If nothing, fine, but remote satellite offices usually use a DC as a file and print server as well, often one and the same. You also haven't explained the connections between the sites or what resources the sites need.
In most scenarios I would setup a DC at a site, I would also have more reasons to have it than simply DNS, DHCP, and authentication. Can you elaborate more on the DCs usage.
In most scenarios I would setup a DC at a site, I would also have more reasons to have it than simply DNS, DHCP, and authentication. Can you elaborate more on the DCs usage.
ASKER
Well DCs in Sites are also using as DHCP and DNS, We need to move out all servers from Sites and consolidate all services from HeadOffice.
For DHCP, we will configure the Switches.
For DNS yes they will use from HeadOffice
Please comment, appreciate for any link / documents ....
For DHCP, we will configure the Switches.
For DNS yes they will use from HeadOffice
Please comment, appreciate for any link / documents ....
If all the servers are used for are DHCP, DNS, and Authentication, reconfigure DNS and DHCP and Turn off the DCs now. This simulates removing them and allows you to restore services nearly immediately in the event you have issues.
I assume you have very good, reliable links to your remote HQ. Without a DNS server on site, if your HQ goes out, users can still logon, but they CANNOT access the internet because all your DNS servers are in a single site that is now down.
I assume your HQ site is on backup generators and in an area with solid power. Of course, I live in NYC which generally has VERY solid power... but... You may remember the blackout that hit the ENTIRE northeast back in 2003 or so? For a day, EVERYONE was done. If your locations are all centrally located in the same city or region, then all the sites would be down in a similar blackout. But if they are spread out across the country or, for example, over 1000 miles/1500 KM range, then when HQ goes down, you're shutting down ALL your remote sites since they no longer have DNS access.
Even if all your offices are fairly close together, if the right kind of disaster hit the HQ - fire, flood, tornado, etc, you could shutdown your entire business by removing the DCs from all other sites.
In my opinion, the wise thing to do, if you really MUST cut back on server resources, would be to leave at least ONE DC in your most remote site and create a mesh VPN between all sites. If the HQ ever goes down, your other site's DC can handle DNS and authentication for everyone. And if the HQ has a true disaster, you could preserve AT LEAST your AD.
You could also look into using DFSR or other file replication technologies to ensure you have redundant copies of critical data in two locations.
At the end of the day, unless you want to FULLY DETAIL what your business does, all the applications it uses, and what kind of resources you have and are able/willing to maintain (And your few sentences don't come close), then your best option is to hire a professional consultant who can sign an NDA for you (since I assume you're concerned about revealing details about your company in a public forum) and subsequently and APPROPRIATELY help analyze what you have, what you need, and what you can do.
I assume you have very good, reliable links to your remote HQ. Without a DNS server on site, if your HQ goes out, users can still logon, but they CANNOT access the internet because all your DNS servers are in a single site that is now down.
I assume your HQ site is on backup generators and in an area with solid power. Of course, I live in NYC which generally has VERY solid power... but... You may remember the blackout that hit the ENTIRE northeast back in 2003 or so? For a day, EVERYONE was done. If your locations are all centrally located in the same city or region, then all the sites would be down in a similar blackout. But if they are spread out across the country or, for example, over 1000 miles/1500 KM range, then when HQ goes down, you're shutting down ALL your remote sites since they no longer have DNS access.
Even if all your offices are fairly close together, if the right kind of disaster hit the HQ - fire, flood, tornado, etc, you could shutdown your entire business by removing the DCs from all other sites.
In my opinion, the wise thing to do, if you really MUST cut back on server resources, would be to leave at least ONE DC in your most remote site and create a mesh VPN between all sites. If the HQ ever goes down, your other site's DC can handle DNS and authentication for everyone. And if the HQ has a true disaster, you could preserve AT LEAST your AD.
You could also look into using DFSR or other file replication technologies to ensure you have redundant copies of critical data in two locations.
At the end of the day, unless you want to FULLY DETAIL what your business does, all the applications it uses, and what kind of resources you have and are able/willing to maintain (And your few sentences don't come close), then your best option is to hire a professional consultant who can sign an NDA for you (since I assume you're concerned about revealing details about your company in a public forum) and subsequently and APPROPRIATELY help analyze what you have, what you need, and what you can do.
At the of the day, mesh VPN might require more work and still not have full redundancy. It might be worth it to keep DC, DNS, DHCP and file & print local at each site.
ASKER
thanks