none
2nd location - advise sought

    General discussion

  • Currently there is a single Server which is Physical Windows 2012 Server + Exchange 2013 running as VM

    with around 25 users at this site

    There are 7-8 mobile works who work at different client site. These connect via PC based client Windows VPN.

    Recently setup a new Office where 4-5 users are currently located. These connect via PC based client Windows VPN.

    Both sites have a about 15Mbps Internet connection  (15mbps both ways)
    Currently using a Draytek 2860n Router at both site

    More Users will be working from the new office and the plan is to install a local Server (this will be a secondary domain controller)

    If I setup the Drayek Router to site to site VPN

    Once the Site-Site VPN connection is made am I right in thinking I can connect the new Server and set it to be domain controller across the VPN link?  

    Both Servers will be on the same subnet?

    Question: Would All internet traffic have to go via the VPN connection to the Primary site?

    Not done this before so any suggestions would be welcome and much appreciated.

    Thursday, March 13, 2014 9:45 PM

All replies

  • Hiya,

    Your right in your assumptions :) The only blanks to fill in are as follows:

    1: When you setup your site2site VPN, you define which networks are routed through the VPN and which are routed to the internet. Meaning your local networks will be routed through the VPN and internet traffic will be routed to the internet. So no, all internet traffic does not necessarily have to go through the primary site.

    2: Yes you can setup the secondary DC to be on the same network, as long as there is a route between the two networks, it will work as everything is LAN.

    3: You just have to think IP numbers, gateways and routes, after that you can begin considering subnets, however it's not really a concern for you :)

    Friday, March 14, 2014 9:37 AM
  • Thanks

    I setup the VPN

    Site A - Main Site with DC on IP Range 192.168.2.0

    Site B - New Site on IP range 192.168.1.0 - currently the Server at the new site is Domain Joined (not DC yet)
    I've set the server to static IP 192.168.1.2 and set the DNS to 192.168.2.1 (the DC's IP)
    Router is currently providing the DHCP

    I can setup a new PC on the domain by setting the DNS manually to 192.168.2.1
    I can access the server and map network drives just fine.

    Things seem to work OK but would like to improve this setup.

    Next step... I guess is to promote this New server to a domain controller

    Questions: { this is my 1st TWO site setup with Windows Server and not sure about many things}  

    (1) Should I set this server as a Read-Only domain controller
    (2) DNS - I'm not sure - do I need to add DNS.... and how do I make the primary DNS 192.168.2.1 ?
    (3) DHCP - should I have DHCP - I assume this will be on the 192.168.1.x range

    Appreciate any input.

    Sunday, March 16, 2014 11:01 PM
  • Hiya,

    1:Read-only domain controllers are used when physical security is inadequate. It's used to reduce the risk of having a DC located at a secondary site, which might have lower physical security.That should be your only reason for deploying a Read-only DC.

    2: If you add DNS, you clients will have faster DNS queries to those located on the same site. Depending on line speed, it might be marginal. If your not deploying a DNS, you clients will query over the network on each non-cached name request. I would recommend deploying DNS also on your 2'nd site.

    3: DHCP is nice and very nice in the newer versions of windows server. DHCP makes it a lot easier to manage your clients and their settings. I would recommend deploying DHCP on your 2'nd site.

    Monday, March 17, 2014 7:41 AM