Link to home
Start Free TrialLog in
Avatar of Declaro
Declaro

asked on

Site to Site AD Connection

Hello,

I'm planning a new Active Directory install which covers two sites.

What is the best way to connect the two sites?

Is it router to router VPN or use an RRAS VM on each site to connect them?

Or is there another way?

Thanks for your advice

Dave
ASKER CERTIFIED SOLUTION
Avatar of Vince Glisson
Vince Glisson
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Albert Widjaja
Albert Widjaja
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
John is that IPSEC Tunnel VPN or just SSL VPN ?
Avatar of Declaro
Declaro

ASKER

Yes there's a DC at each end.

I was leaning towards a Router to router VPN using possibly Sonicwall TZ's

Wasn't sure as to set the VPN from firewall to firewall or from RRAS server to RRAS server
You can do either on the routers I use, but I use IPsec tunnels.
Avatar of Declaro

ASKER

Thanks for everyone's input, it's appreciated

Dave
> What is the best way to connect the two sites?

per your context I believe you are looking for the best TYPE of network connection between two physical  sites connecting an AD, not something purely for AD Site Design.

> Is it router to router VPN or use an RRAS VM on each site to connect them?

both will be workable. the choice depends on your considerations in terms of availability, compatibility, performance and cost.

for example, router based VPN might have higher uptime as if you boot (it does happen for maintenance) the physical server hosting multiple VMs it will have no impact to the inter-site communication.

for RRAS based solution, it will provide better support for Windows based solution and easy connectivity for Windows VPN clients. it might be difficult for router based solution if the hardware at both sites are from different vendors.  

> Or is there another way?

MPLS, but it will cost more but provide better bandwidth and uptime.
You are very welcome and I was happy to help.
Avatar of Declaro

ASKER

Bing,

Thanks for the detail, your point about uptime for the VPN reinforces the hardware solution.

Cheers