locked
Multiple branches and DMZ RRS feed

  • Question

  • Hi everyone,

    we're trying to design what would be the ideal architecture for a multiple branches solution. Those branches have dedicated and independant DMZs.

    What would be the solution in terms of Edge Pool? Standalone for each DMZ?

    2 Front-End pools for 2 Edge Server pools? one for each DMZ?

    Many thanks

    M



    • Edited by MillieBr Thursday, April 14, 2016 2:52 PM
    Thursday, April 14, 2016 9:27 AM

Answers

  • Ah ok apologies. In that case, yes you can have separate edge pools associated to their respective front ends. You can DNS or HW load balance across the two, but note that one will be designated as the federated route. To answer your query; full supported and valid

    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems.

    • Marked as answer by MillieBr Monday, April 18, 2016 4:38 PM
    Friday, April 15, 2016 9:54 AM

All replies

  • Hi,

    You can deploy branch sites according to the size of it.

    You can deploy SBA, SBS, SFB Standard Edition or Enterprise Edition:

    https://technet.microsoft.com/en-us/library/gg398095.aspx?f=255&MSPPError=-2147217396

    If you need to deploy Standard or Enterprise Edition of SFB Server, then it is the same with central site. Edge Server must be hosted at DMZ zone. FE Server hosted at internal network.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Friday, April 15, 2016 6:22 AM
  • Hi Eason,

    thank you for your feedback.

    I'm actually confused with the DMZs. If we have DMZ1 and DMZ2, isolated, can we set EdgePool1 in DMZ1 and EdgePool2 in DMZ2 both pointing to same FE?

    Thanks

    Friday, April 15, 2016 8:11 AM
  • Edge server placement is dependent on how critical you deem those services to be for any given site, in combination with WAN and performance considerations.

    An ideal architecture is a multi-server edge pool in every single site. Is this always cost effective, feasible, and justified? Almost never - so there's no real world ideal topology.

    Do you have just the two sites? how well populated are they? what's the speed, type, and reliability of the link between the two? How critical is external access to users across the organisation?

    You might choose to have a single Edge server in just one site, or you might have one in each, you might opt to scale these to multi-server - but you need to have that conversation first - no one can answer that for you on a forum :)

    Hope that helps.

    Kind regards
    Ben


    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems.

    Friday, April 15, 2016 8:15 AM
  • You're absolutely right. I agree totally.

    My question was about that configuration being supported by Microsoft and FE.

    I was not sure that having two different Edge Pool pointing to two different external interfaces was okay for FE.

    For the rest, again, I fully agree with you.

    Thanks

    Friday, April 15, 2016 8:23 AM
  • Ah ok apologies. In that case, yes you can have separate edge pools associated to their respective front ends. You can DNS or HW load balance across the two, but note that one will be designated as the federated route. To answer your query; full supported and valid

    Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems.

    • Marked as answer by MillieBr Monday, April 18, 2016 4:38 PM
    Friday, April 15, 2016 9:54 AM
  • No need to apologize

    So Edge Pool1 in DMZ1 associated to FE1 and Edge Pool2 in DMZ2 associated to FE2 is acceptable

    Thanks!
    Friday, April 15, 2016 1:10 PM