Re: Another additional DC question
- From: "LRM" <Fskspam@xxxxxxxxxxxxx>
- Date: Fri, 5 Sep 2008 09:23:58 -0500
"Hollywood0728" <stevenjwilliams83@xxxxxxxxx> wrote in message
news:E97EED04-A899-4587-9E6C-10451BA07FAE@xxxxxxxxxxxxxxxx
Good Morning -
I wanted to kind of bounce a concern off anyone who may be able to help.
My
company has acquired an additional building and is looking to put some
employees over at this new building for space reasons. Hes the situation:
Site A = Main site where all servers are held now
Site B = Branch site where clients use MS VPN client to remote to Site A
Both Sites have a T1 for internet and a Point to Point T1 to connect the
buildings together for our new phone system. Since we have the Point to
Point
in place with Layer 3 switches on each end, I figured rather than having
Clients use VPN, why not have them log on to the domain that Site A hosts.
My
question is this, what is the advantage of having a DC/global catalog
Server
at the branch office? As long as my users are administrators on their
local
machines, they are able to log on to the domain profile even if a DC is
not
accessible (I know this cause I bring my laptop home all the time and
never
have problems) Now if the Point to Point goes down thay won't be able to
access network resources at site A from Site B, but same is true even I
have
a DC at Site B.....So is there something I may not be thinking of? Is it
safe
to say that i can have the clients come over the Point to Point to site A
from site B to logon to the domain?
As others have pointed out it is safe, but it can be extremely sloooooow and
the users will complain constantly about this and try to use their local
admin rights to download spyware, and adware to speed up their machines. I
too have to give my users local admin rights and I don't like it but it is
the reality.
I recommend that if you authenticate over the WAN that you increase the size
of your data center pipe and the size of the pipe at the site b. It isn't a
panacea, but it will help. You therefore do not save money because even
though you don't have to install a dc at site b, you have to pay for the
bandwidth to prevent the aforementioned irritants. However, if you decide to
install a server at the remote site for authentication (I do this all the
time) you should create a DC that is a GC. This can be done on a fairly
small box and which you can acquire for under a grand. That server should be
configured for its own subnet. You will need to ensure your routers and
firewalls understand all of this. Hopefully you are running a decent
firewall like and ASA5505 or ASA5510 at the remote site.
Please look up how to configure a new subnet in Sites and Services on the MS
site.
Try to move away from VPN's unless you can manage them completey with layer
3 hardware. Also if you are using voip, have you looked into mpls?--you may
benefit from that.
Good luck
.
- Follow-Ups:
- Re: Another additional DC question
- From: Hollywood0728
- Re: Another additional DC question
- References:
- Another additional DC question
- From: Hollywood0728
- Another additional DC question
- Prev by Date: Re: Another additional DC question
- Next by Date: Re: Additional DC
- Previous by thread: Re: Another additional DC question
- Next by thread: Re: Another additional DC question
- Index(es):
Relevant Pages
|
