locked
Branch Office with no DC , authentication RRS feed

  • Question

  • Hi,

     

       I´ve looked for any similar thread but I didn´t find it. I´m sure there must be any similar question though. (Sorry for my English, I am from Spain).

     

      I think it is the typical question:

     

      I have both a headquarter with two Domain Controlers and a branch office with several Windows 7.

      We don´t want and can´t afford to buy a Windows Server , so, I was wondering how clients will authenticate in the domain? As far as I know they will go throught the VPN Site-to-Site to reach the Domain Controler and then they will successfully authenticate, but... Do they have to authenticate all the time in the same way?. Is there no caché in Windows 7?.

      Is this scenario reliable?, I mean: A branchoffice with no Domain Controler? . I will have to deploy more of this scenario becaue many of the branchoffices have only 4 or 5 pc´s, so, it´s not worth a server, (and we can´t afford that expense).

     

    Thanks a lot in advance!

     


    Luis Olías Técnico/Admon Sistemas Sevilla (España)
    Tuesday, January 31, 2012 9:39 AM

Answers

  • Hi there -

    You're correct that branch office clients will be authenticated through the VPN connection. Each time the client needs to be authenticated, such as when accessing an intranet Web page or file share, the process will be the same.

    The reliability and security of the communications depend on how you deploy VPN and how much bandwidth you require. For the best security, you can deploy L2TP/IPsec VPN.

    If bandwidth is an issue, you might also consider deploying BranchCache in distributed cache mode, which enables Windows 7 Enterprise and Ultimate edition clients to cache content in the branch office and then share it with other computers in the branch that request the content. If you're interested, you can find out more about BranchCache here: http://technet.microsoft.com/en-us/library/dd996634(WS.10).aspx . To use BranchCache, your main office content servers (Web, file, etc) must be running Windows Server 2008 R2.

    Thanks -

     


    James McIllece
    • Marked as answer by Bruce-Liu Monday, February 6, 2012 5:13 AM
    Tuesday, January 31, 2012 10:18 PM

All replies

  • Hi there -

    You're correct that branch office clients will be authenticated through the VPN connection. Each time the client needs to be authenticated, such as when accessing an intranet Web page or file share, the process will be the same.

    The reliability and security of the communications depend on how you deploy VPN and how much bandwidth you require. For the best security, you can deploy L2TP/IPsec VPN.

    If bandwidth is an issue, you might also consider deploying BranchCache in distributed cache mode, which enables Windows 7 Enterprise and Ultimate edition clients to cache content in the branch office and then share it with other computers in the branch that request the content. If you're interested, you can find out more about BranchCache here: http://technet.microsoft.com/en-us/library/dd996634(WS.10).aspx . To use BranchCache, your main office content servers (Web, file, etc) must be running Windows Server 2008 R2.

    Thanks -

     


    James McIllece
    • Marked as answer by Bruce-Liu Monday, February 6, 2012 5:13 AM
    Tuesday, January 31, 2012 10:18 PM
  • Hi James,

     

       Thanks a lot for your reply. Thanks too for the advice about L2TP/IPSec VPN, I´ve always done it that way, it is the most secure one as far as I know, at least, stronger than PPTP.

       I read something about "distributed cache mode" before posting my question, but I thought it was another different thing.

       I´ll study that solution you suggest me.

     

    Thanks again!

     

     


    Luis Olías Técnico/Admon Sistemas Sevilla (España)
    Wednesday, February 1, 2012 7:47 AM