Posted: Mon Feb 07, 2011 11:32 am Post subject: site-to-site VPN & DC at branch office
hi all, we recently moved premises & upgraded our network at same time to client server from peer-to-peer, upgraded internet connection to Leased line 10mbps up/down. i setup a site-to-site VPN between our UK (main) and USA branch office. still the USA users are complaining that the connection is slow and they want to have a local server in which data folder is replicated to the main server in UK. could some one please suggest me is this the best way to do or is there an alternate for this ?? USA they got interent connection 2mbps up/down. particularly sales folder has to synchronise more frequently. please let me know if you need more details. thanks
My first reaction to your setup without giving it much thought is this: A 2mbps up/down Internet connection for syncing data and Internet browsing is not enough, actually it depends on the number of users and restrictions, if any are in place. I would suggest a cheaper Internet connection just for browsing and keep the dedicated connection for critical services such as the site to site VPN connection. Then , you would need a capable router/firewall to manage connections and route traffic!
Some administrators prefer to have domain controllers at every branch. Some (seemingly crazy) have a policy of no domain controllers at branches. I choose a middle of the road methodology. If the branch is a) critical or b) anything bigger than small it gets its own domain controller. In your case I could almost add a c) on different continents gets a domain controller.
Very tiny sites/branches with only a few computers can easily get away with a site to site VPN with DNS resolution happening on DC's across the site to site VPN.
With properly configured sites, services, and subnets -- a DC at the branch will reduce certain kinds of WAN traffic -- namely authentication and DNS lookups to remote DC's. However, replication between the branch DC and other DC's exists.
This does not address your concerns about file replication. For that you should look to Distributed File System Namespaces (DFS-N) and Distributed File System Replication (DFS-R).
DFS-N (oftentimes called DFS) has been around for a long time and allows an administrator, in single hierarchical namespace, regardless of server names, server locations, etc. -- to maintain sanity in an organization's shared files structure as it grows.
DFS-R was released starting with Windows Server 2003 R2, replaces the seemingly archaic File Replication Service (FRS), which was itself a replacement for the truly archaic Lan Man Replication Service. DFS-R, using smarts like Remote Differential Compression (RDC) allows an administrator to maintain synchronization, smartly and efficiently, of files and folders. Even though DFS-R has DFS in the name, the use of DFS-N is *not* required to use DFS-R.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!