Re: Another additional DC question

Hollywood0728 wrote:
Good Morning -

I wanted to kind of bounce a concern off anyone who may be able to help. My company has acquired an additional building and is looking to put some employees over at this new building for space reasons. Hes the situation:

Site A = Main site where all servers are held now Site B = Branch site where clients use MS VPN client to remote to Site A

Both Sites have a T1 for internet and a Point to Point T1 to connect the buildings together for our new phone system. Since we have the Point to Point in place with Layer 3 switches on each end, I figured rather than having Clients use VPN, why not have them log on to the domain that Site A hosts. My question is this, what is the advantage of having a DC/global catalog Server at the branch office? As long as my users are administrators on their local machines, they are able to log on to the domain profile even if a DC is not accessible (I know this cause I bring my laptop home all the time and never have problems) Now if the Point to Point goes down thay won't be able to access network resources at site A from Site B, but same is true even I have a DC at Site B.....So is there something I may not be thinking of? Is it safe to say that i can have the clients come over the Point to Point to site A from site B to logon to the domain?
If all the remote users are doing is authenticating to the DC at the main office they could share the T1 with the phones - it'll consume very little bandwidth. If the phones are VoIP, as long as you have QoS (which I'm sure you do if you have Layer-3 switches at both ends), you can still share the T1 with the phones. The MS PPTP VPN sucks grapes at best for performance, and a LAN-to-LAN IPSec VPN would be a better way to connect via the dedicated Internet T1, and cost is minimal. Cisco (Linksys), Netgear, Secure Computing all make very decent VPN routers for under $200. If you really wanted to make it redundant, you could have routes across both T1s with costs favoring your preferred path, then it would just fail-over to the other T1 if you dropped the first one.

Kurt
.

Relevant Pages

  • RE: SBS VPN connects but no shares..
    ... VPN clients can no longer access internal resources after you install ... Windows Server 2003 Service Pack 1 on a computer that is running ISA Server ... How to configure a VPN connection to your corporate network in Windows XP ...
    (microsoft.public.windows.server.sbs)
  • Re: Consider offline files and VPN domain joined clients.
    ... Everything seems to be going well after a few quirks with adding the vpn connected client computers to the domain. ... The server and server clients is connected to teh internets through a gigabit network, the vpn clients connects to the server from an 8 Mbit connection. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to access hosts by name across a PPTP VPN connection
    ... How many remote clients ... Home) will only accept one incoming VPN connection at a time using the ... network and as new machines are used as VPN clients. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SBS VPN Strengthening
    ... to my other clients, so a software only configuation would be preferred. ... Have SBS 2003 along with Server 2003 at various sites, ... each location and they would establish the VPN between those offices. ... connect to remote offices you could use a hub and spoke method VPN or use ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 VPN issue through ISA
    ... The XP clients and the TS are in the same network and same domain. ... connections are established from the clients themselves using Cisco VPN ... appears ISA is somehow dropping the connection according to the logs. ...
    (microsoft.public.windows.server.sbs)
Loading