site-to-site VPN & DC at branch office

Networking/Security Forums -> Networking

Author: jai23155 PostPosted: Mon Feb 07, 2011 11:32 am    Post subject: site-to-site VPN & DC at branch office
hi all, we recently moved premises & upgraded our network at same time to client server from peer-to-peer, upgraded internet connection to Leased line 10mbps up/down. i setup a site-to-site VPN between our UK (main) and USA branch office. still the USA users are complaining that the connection is slow and they want to have a local server in which data folder is replicated to the main server in UK. could some one please suggest me is this the best way to do or is there an alternate for this ?? USA they got interent connection 2mbps up/down. particularly sales folder has to synchronise more frequently. please let me know if you need more details. thanks

Author: georgec PostPosted: Tue Feb 08, 2011 1:13 pm    Post subject:
My first reaction to your setup without giving it much thought is this: A 2mbps up/down Internet connection for syncing data and Internet browsing is not enough, actually it depends on the number of users and restrictions, if any are in place. I would suggest a cheaper Internet connection just for browsing and keep the dedicated connection for critical services such as the site to site VPN connection. Then , you would need a capable router/firewall to manage connections and route traffic!

Author: WeaverLocation: WI, USA PostPosted: Fri Feb 18, 2011 12:39 am    Post subject:
Some administrators prefer to have domain controllers at every branch. Some (seemingly crazy) have a policy of no domain controllers at branches. I choose a middle of the road methodology. If the branch is a) critical or b) anything bigger than small it gets its own domain controller. In your case I could almost add a c) on different continents gets a domain controller.

Very tiny sites/branches with only a few computers can easily get away with a site to site VPN with DNS resolution happening on DC's across the site to site VPN.

With properly configured sites, services, and subnets -- a DC at the branch will reduce certain kinds of WAN traffic -- namely authentication and DNS lookups to remote DC's. However, replication between the branch DC and other DC's exists.

This does not address your concerns about file replication. For that you should look to Distributed File System Namespaces (DFS-N) and Distributed File System Replication (DFS-R).

DFS-N (oftentimes called DFS) has been around for a long time and allows an administrator, in single hierarchical namespace, regardless of server names, server locations, etc. -- to maintain sanity in an organization's shared files structure as it grows.

DFS-R was released starting with Windows Server 2003 R2, replaces the seemingly archaic File Replication Service (FRS), which was itself a replacement for the truly archaic Lan Man Replication Service. DFS-R, using smarts like Remote Differential Compression (RDC) allows an administrator to maintain synchronization, smartly and efficiently, of files and folders. Even though DFS-R has DFS in the name, the use of DFS-N is *not* required to use DFS-R.

Technet: Overview of DFS System Solution
Technet: How DFS Works: Remote File Systems
Technet: DFS-R FAQ


Networking/Security Forums -> Networking

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group