One domain/server for multiple locations?

[Tgsoldier]

Good day

I am the sole it person of this company and would like some ideas n going forward with a project.

there are three locations throughout the country, but my country is very very very small.

what I want to do is have one domain for the different offices. How would I go about doing this? Do I place the DC in head office and maybe a aite to site VPN?Or is it better to get a direct line from my ISP in each location, having all locations on the same network?



Will I need a server in each location?

Will I need a DC in each location? The organization is small, with not more than 50 PC users.



Thank. You for your timely response.

 

[Biznatch]

For me, i would have 2 DCs even if it was just 1 location. With 3, i would have 1 at each location for sure. If the site to site vn goes down, none of the users will be able to work as they have no DC to authenticate against. Compare how much money they would lose in lost productivity to the cost of adding 2 very low powered servers and the choice is easy. We have a DC setup on an atom e350 that has been running perfect at our branch office with ~40 people.

 

[/usr/home]

A direct link is prefered but could be costly. You could use IPSEC as well between sites. As for a DC at each location if you have the budget then do it. We have one at each main location and then nothing at our rural sites. They very rarely go down. Once a year is a lot. We have direct connections between our main locvations theough our ISP and also to our rural sites.

 

[Tgsoldier]

Thanks for the advice guys.

So I was able to get some more detail (not in terms of budget), but with regards to what they want.

We have locations regionally and they want all locations linked as well.

So I'm starting with my country as this is the base.

I propose two scenarios with a forest.

A man domain : companyname.local" with a sub domain for each country.

eg. companyname-countryname.local.

Starting with my company. There are four locations (just found out about the 4th). Two main locations and two small ones. (There is a big and small on either side of the country)

For scenario one I was thinking a DC in the main locations and rodc in the remote locations.

Each location with a DC would have a file server and these two files servers would backup to one NAS periodically.

Scenario two would be the same, 2 main DC's and 2 RODCS BUT with a NAS in each main location.

Each NAS would backup to their own tape drive at their location.

What do you guys think about these scenarios?

Given the employee base is not much right now, I am thinking scalability

I am awaiting the cost from our ISP on the metro-e-link.

However, browsing the internet, I came across kerio control. I never used nor know anyone locally who uses this device, but it seems very interesting.

It has a built in firewall, endpoint antivirus, can do a site to site vpn as well as clientless vpn and the features go on.

http://www.kerio.com/control/utm

Does anyone here use Kerio? Or maybe have some sort of experience with it?

Thank you for your timely response.

 

[Mackintire]

I would buy:

(2) Zyxel USG 300's and (2) USG 100's

IPsec mesh the network together and use the Vantage CNM to control all the routers.

Only consider using the IDP or AV unless you pay close attention to the UTM throughput listed on this document: http://us.zyxel.com/PDF/ZyWALL_Competitive_Model_Matrix_v3.pdf

Rock solid reliable and they will help you set it up. Just make sure you call them, don't bother e-mailing support. E-mail support is a bit slow.

Either a couple of Dell PowerEdge T110 II or PowerEdge R210 II Rack Servers to start.