Re: Remote Domain Controllers and replication
- From: "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname@xxxxxxxxxxx>
- Date: Tue, 2 Dec 2008 23:35:15 -0500
In news:physikal.3jtdvd@xxxxxxxxxxxxx,
physikal <physikal.3jtdvd@xxxxxxxxxxxxx> requesting assistance, typed the following:
Hello all,
I'm having a real issue deciding on what route to take for 2 remote
sites that we have. I'll layout our setup and give my thoughts and
theories on it, then if you could, give me your input and hopefully
share your better ideas!
We have 3 sites:
WHQ
Site 1
Site 2
# of users:
WHQ = 10-15
Site 1 = 10-15
Site 2 = 10-15
The goal is to keep it as cheap as possible, taking the Open Source
route wherever possible.
WHQ Setup:
1 DC being emulated with VirtualBox running DHCP/DNS. Hamachi
Installed.
1 Backup DC on a crappy old box running DNS and acts as a GCS. Hamachi
Installed.
Endian firewall on a T1.
Site 1 Setup:
1 DC and File Server running DNS. DHCP is handled by a cable/dsl
router. Hamachi installed for replication from WHQ to Site 1.
Site 2 Setup:
1 DC and File Server running DNS. DHCP is handled by a cable/dsl
router. Hamachi installed for replication from WHQ to Site 1.
In my tests using Hamachi for replication has been hit and miss. I
could just be doing something wrong, but I just don't trust its
reliability enough. I keep thinking there has to be a more reliable,
and probably more secure solution.
Any input you could provide would be great!
-Phys
I've never used Himachi. I had to look it up. I come to the conclusion I do not recommend it as a reliable connection method for AD replication. AD replication is not very tolerant.
I am not familiar with the Endian firewall product. Does it support end to end (site to site) VPNs? If so, I would suggest to use such a VPN to connect the sites. If it doesn't, I would suggest acquiring 3 PIX, Netscreens, or similar higher end reliable firewalls with site to site VPN capabilities. Ity's easier to setup with the same name brands. My preference is PIX.
What type and speed lines are the cable/dsl routers connected to? Is it cable? If so, is it business cable (something ordered separately) or residential cable? Is it DSL? If so, ADSL, or SDSL? What speed?
If cable, I would suggest to get a more reliable line in on Site 2 and 3. DSL is too slow, well, I am assuming you are using cable, because you mentioned a cable/DSL router. Or is it DSL? Sure, cable has FAST downloads, and depending on the DSL link, it maybe fast as well for downloads, but did you ever check cable's upload speeds? They don't advertise that part. It's usually 384k (not Mb). That is under the default threshold speed for certain functions in AD. DSL is slow to begin with.
Cable ISPs are known to block certain ports without letting their subscribers know, including VPN IPSEC ports that a reliable and secure VPN uses. Not sure who your cable provider is, but you may need to check with them.
--?
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
.
- References:
- Remote Domain Controllers and replication
- From: physikal
- Remote Domain Controllers and replication
- Prev by Date: Re: WDS "stuff"
- Next by Date: Re: A g;lobal catalog cannot be located to retrieve the icons from the member list
- Previous by thread: Remote Domain Controllers and replication
- Next by thread: Re: Remote Domain Controllers and replication
- Index(es):
Relevant Pages
|
