Declaro
asked on
Site to Site AD Connection
Hello,
I'm planning a new Active Directory install which covers two sites.
What is the best way to connect the two sites?
Is it router to router VPN or use an RRAS VM on each site to connect them?
Or is there another way?
Thanks for your advice
Dave
I'm planning a new Active Directory install which covers two sites.
What is the best way to connect the two sites?
Is it router to router VPN or use an RRAS VM on each site to connect them?
Or is there another way?
Thanks for your advice
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
John is that IPSEC Tunnel VPN or just SSL VPN ?
ASKER
Yes there's a DC at each end.
I was leaning towards a Router to router VPN using possibly Sonicwall TZ's
Wasn't sure as to set the VPN from firewall to firewall or from RRAS server to RRAS server
I was leaning towards a Router to router VPN using possibly Sonicwall TZ's
Wasn't sure as to set the VPN from firewall to firewall or from RRAS server to RRAS server
You can do either on the routers I use, but I use IPsec tunnels.
ASKER
Thanks for everyone's input, it's appreciated
Dave
Dave
> What is the best way to connect the two sites?
per your context I believe you are looking for the best TYPE of network connection between two physical sites connecting an AD, not something purely for AD Site Design.
> Is it router to router VPN or use an RRAS VM on each site to connect them?
both will be workable. the choice depends on your considerations in terms of availability, compatibility, performance and cost.
for example, router based VPN might have higher uptime as if you boot (it does happen for maintenance) the physical server hosting multiple VMs it will have no impact to the inter-site communication.
for RRAS based solution, it will provide better support for Windows based solution and easy connectivity for Windows VPN clients. it might be difficult for router based solution if the hardware at both sites are from different vendors.
> Or is there another way?
MPLS, but it will cost more but provide better bandwidth and uptime.
per your context I believe you are looking for the best TYPE of network connection between two physical sites connecting an AD, not something purely for AD Site Design.
> Is it router to router VPN or use an RRAS VM on each site to connect them?
both will be workable. the choice depends on your considerations in terms of availability, compatibility, performance and cost.
for example, router based VPN might have higher uptime as if you boot (it does happen for maintenance) the physical server hosting multiple VMs it will have no impact to the inter-site communication.
for RRAS based solution, it will provide better support for Windows based solution and easy connectivity for Windows VPN clients. it might be difficult for router based solution if the hardware at both sites are from different vendors.
> Or is there another way?
MPLS, but it will cost more but provide better bandwidth and uptime.
You are very welcome and I was happy to help.
ASKER
Bing,
Thanks for the detail, your point about uptime for the VPN reinforces the hardware solution.
Cheers
Thanks for the detail, your point about uptime for the VPN reinforces the hardware solution.
Cheers