• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

WIndows 2003 Questions

C

coold8

Limp Gawd
Joined
Feb 25, 2006
Messages
160
Hi,

Couple of questions involving win2k3,
Small company 100 CALs
Want to centralize domain and file server to high bandwidth data center.
I want the Domain and File Server to be on one machine.

What is the best way to do it?
1.
Create a VPN to the main server in each office, using a VPN router, in a point to point configuration? There are a total of 7 offices. If so can you recommend a good PPTP point to point router (preferably no ipcop or clarkconnect as that requires a whole other machine in the office)?

2.
Is there a way to link the remote domain server directly to each machine in the office, while keeping file-sharing to the domain server without using a VPN, aka, when a user logs in to the domain, they log in like usual, and it connects to the remote domain controller.

We have 7 servers in each office, that are low bandwidth (no more than 5gb a day of transfer, 10% CPU usage, on a older Dell server), each with an individual domain. Many of our users move from office to office, and they have a seperate user account at each location.

Thanks any tips on this are greatly appreciated.
 
Fortinet make a very good VPN device, and it has a very nice web type interface for clients connecting from home/off site.

It can handle multiple sites with ease...
 
I'd say just have a PDC and have it replicate data out to local DC's at each location. I guess I should ask first, how many locations?
 
May have some better responses if this was posted in the Networking and security forum.

Still unclear of your goals....you talk about 7 servers at each office....each is its own domain.

7x office

And you want to put all of this load....49 servers worth...on 1 server?

How many users total? And at each office..is it evenly distrubuted?

If you have routers doing VPN tunnels to wherever your server will be from each satellite office, and they hand out the servers IP as the DNS server....end users can log in normally like they were on the local network, a standard domain login. No software VPN clients.

What sort of apps are run? File sharing? e-mail involved?
Considered a honkin terminal server instead of doing VPNs?
 
7 servers in each office, each server on it's own domain? times 7?

consolidate everything into 1 domain.

Setup the Primary DC at the "central" location.

setup a Backup DC at each "remote office"

let the Backup DC's replicate to/from the PDC.

The Backup DC's can also do file sharing.

or join the other servers to the domain for file-sharing duties.
 
No there is a total of 7 servers. Each server has between 9-20 users. We have a total of 200gb of files across the 10 offices, most are archived and rarely accessed. We are trying not to have a domain controller in every office to consolidate costs (between electricity and maintenance). Essentially we are doing 500gb a month worth of data, and just want to have one huge network across all offices. Also, many of our users move around from office to office, so having a username that can access files at all offices is definitely a plus. What I need to do is take a W2k3 VPN server, and connected via. point to point by some sort of VPN router at each location. With each office so small, and each server so under utilized it would be crazy not to put it into one. The only "apps" are domain controller, file server, and some of the printers go through the Win 2k3 server. Most is low bandwidth (they are just word documents, powerpoints, excel), which is why consolidation is a good idea at this point.

Thanks and let me know what router you recommend to connect with Win 2k3.

-Dave
 
There's still a lot to consider, do design something that will run smoothly.

So based on the above, are we going to say each of the 7 branch offices has 9-20 people? Say you have a 3,000/384 internet connection at each office. Scrub some of that bandwidth off due to internet use, leaving some for the VPN tunnel...yeah one or two users can "browse" a share in network places fairly painlessly. But getting 9-20 users trying to browse network shares through that skinny VPN tunnel...and open/edit/save large office documents...ugh...it would be a slow as trying to paint the golden gate bridge with a toothbrush.

This is why I'm thinking "Terminal Server" at the data center host paired with the DC. I nice little 1U server for your DC, and a fatter dual proc 4U server with lotsa disk space running terminal server...for all the users, MS Office installed. Or could mix them a bit..have the DC also doing the file storage, and the TS box just doing TS. And while we're adding boxes and cost to your project...you want a nice battery UPS to power them (not all data center co-lo's provide this for you)...and you want to backup all of this data.

Lets separate "VPN" from "Server". Yes a server can be your VPN server also, if you configure it with RRAS. But you do not want to do software VPN on your server, especially a DC. You want to do hardware VPN tunnels, a big fat honkin router that does VPN at your data center host, hiding your server(s) behind NAT. And a smaller router that does VPN at each branch office. So when users plug in their PCs at the branch offices..they are automatically connected to the data center through the VPN tunnel.

For the VPN appliances, it doesn't matter if you're running NT 4 server or 2000 server or 2k3 server or 2k8 server...TCP is TCP and the VPN tunnels will work. So you don't have to worry about "What VPN will work with 2K3 Server VPN". Scratch that whole question.

As for "how to connect" them all...that comes down to your budget. 1x large higher horsepower VPN router at the data center, plus 7x smaller units for each branch office. On the higher end, Cisco and Juniper (I love Juniper products...top notch, rock solid, and great support located right in the central US). Mid-range....Watchguard, Sonicwall, etc. And on the lower end, common brands you recognize from home products, like Netgear, DLink, Linksys/Cisco.

The differences in them? Immediate differences....speed of the VPN tunnel. Not all VPN appliances perform the same, the better ones will be able to hammer out faster VPN tunnels. And "uptime"...if you setup VPN tunnels with top notch brands, they'll usually keep that VPN tunnel up 24x7x365. If you go with lower budget hardware, you will find the VPN tunnels are slower, and you may have to reboot devices once a month or so to bring the VPN tunnels back up. Not to mention support. Price ranges from top to bottom? On the higher end, I can see you spending at least 3 grand for a decent VPN router at the data center, and about 600 bucks for little units at each branch office. On the lower end, say a Linksys RV016 at the data center ringing in at 430 bucks, and 150 bucks for a little RV042 at each branch office.
 
Thank you ye old stone cat,

Here is the system I believe will work:

VPN tunnel, Cisco ASA at Data Center.
Linksys RV082 at each office (budget just doesn't permit more, trust me I would go with the Cisco solution, but just not enough budget)

Each office is having it's internet upgraded:

Minimum (4 computer office) Comcast 30/5
Maximum (12 Computer Office) Comcast 50/10
Should be enough..... they are just moving around word documents and pdfs.

Domain Controller at Data Center (The Planet)
4000gb bandwidth (double bw promo) (with budget for upgrade if necessary)

Since extreme reliability is important, however not essential to our business (meaning if the server drops for 10-15 mins, most people wouldn't even know it)

Thanks for all your help here!
 
You must log in or register to reply here.
Back
Top