Re: Active Directory Desgin Advice

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Cary,

Thanks for your reply. I have a few (more) questions :

Ok if I setup a network with Sonicwall site-to-site VPNs like this :
internal main site : 172.22.0.x
internal branch : 172.24.0.x

the branch dc will be dc promo'd once branch firewall is installed and
configured to tunnel / route traffic destined for 172.24 over a
"Sonicwall site to site vpn" via public internet. Therefore whenever
either network needs to get to each other it will go via a virtual
interface over the sonicwall site to site vpn and hence AD sites will
be configured as their (real) 172.2x.x.x ip and hence can take
advantage of the AD sites and services and also therefore not require
multiple AD domains, correct ?


Re point 2) I had envisioned there being a DC (configured as a Global
CAtalog) at each site. I read that you need to put the rpc proxy server
in order to use http over rpc ?

See http://support.microsoft.com/default.aspx?scid=kb;en-us;833401

(article suggests that this is true for a single server setup, but does
not say whether it pertains to single exchange server or a single
server network or single dc ?)

The satellite offices have between 4 - 6 users. 20 users total.

I need to weigh up the pros and cons of having a local server vs
running all apps on terminal server. The first major obstacle is that I
do not think that all apps will run on terminal server nicely.

Ideal situation is that all apps run on a TS, although it then gets
more complicated as if a someone needs to work in a non ts environment
they will have to pull data off from over the sonicwall site-to-site
vpn. Management of the workstation then becomes tricky as WSUS updates
then need to be pushed over the site-to-site vpn. If the TS fails then
everyone stops (having 10 lawyers twiddling their thumbs is a bad
thing).

All of these limit the efficacy of having a ts only environment as
having a branch server is a small price to pay for increased flexiblity
?

Maybe a Citrix Cluster would be the thing to go with if TS is a go ?

.

Relevant Pages

  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • Re: Sometimes it works sometimes it doesnt (VPN data issues)
    ... NIC1 "Internet" is set to ... (the IP of the external firewall) and the DNS is set to ... A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx ...
    (microsoft.public.windows.server.networking)
  • RE: VPN Error code 800 HELP!
    ... Can you visit Internet and OWA on SBS server? ... Just one PC get error code 800 connecting VPN connecting to SBS? ...
    (microsoft.public.windows.server.sbs)
  • RE: Sharing VPN client connection
    ... as a VPN server, configure the internal clients to connect the remote ... office by VPN connection and then access to the Internet from the Remote ... Enable internal clients to access the Internet. ... On the server, go to My Network Places, click New Connection Wizard. ...
    (microsoft.public.windows.server.sbs)
  • Re: The OTHER problem with Netgear WGT624 (and probably others)
    ... |>|>Isolated network zone, enforced by router and firewall rules. ... My preferred solution is to put the server behind ... |>| authenticated VPN and blocks all outbound connections. ... |>How does VPN help an office connect to the internet? ...
    (alt.internet.wireless)