Announcement

Collapse
No announcement yet.

Synch servers, one domain, across states

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Synch servers, one domain, across states

    How to synch AD across states - one domain
    ok, I hope I am explaining this correctly.

    1) I have a server in Dallas that is the AD server, host-01
    2) I have another server in Seattle that is host-02
    3) Would like to setup a server with AD local cache in CA.

    How can I have the (Dallas)AD server synch with the (Seattle)host-02 server? so in case the host-01 server goes down, we can use host-02 as the backup.

    Also, what would I need to do to build another computer with AD in the CA office? how would I set that to a local cache so users in CA do not have to authenticate with the Dallas AD server? or the Seattle servers in emergencys? I guess I would like all servers to replicate, so if the network did go down...we in CA can use the local DNS cache? without any WAN traffic....is that correct? this would be all AD servers replicating? so if anything goes down, we still have the AD in California set to log in the AD...


    Thanks,

  • #2
    Re: Synch servers, one domain, across states

    Firstly. Don't double post. The forum rules are quite clear on that.

    To build another domain controller you just need to ensure connectivity between it and an existing DC and then run DCPromo. The replication etc should all happen automatically. After the reboot install DNS locally on it and point all the local clients to it.

    You can then use Sites/Services to allocate the correct subnets to the correct site. When a PC boots its DC is determined based on the site its IP address is in (after it has spoken with the primary DNS server in its local bindings).

    You will have WAN traffic between the DCs but you can restrict this as long as you understand the repercussions.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Synch servers, one domain, across states

      Originally posted by AndyJG247 View Post
      Firstly. Don't double post. The forum rules are quite clear on that.

      To build another domain controller you just need to ensure connectivity between it and an existing DC and then run DCPromo. The replication etc should all happen automatically. After the reboot install DNS locally on it and point all the local clients to it.

      You can then use Sites/Services to allocate the correct subnets to the correct site. When a PC boots its DC is determined based on the site its IP address is in (after it has spoken with the primary DNS server in its local bindings).

      You will have WAN traffic between the DCs but you can restrict this as long as you understand the repercussions.
      ok, so dcpromo on the exisiting CA server, add it to domain as another controller. Install DNS and point all the local PC's in the CA office to that server? that will allow for faster user authentication since it's local? Replication should all happen automatically with the 2 servers in Dallas and Seattle and now CA office? if the Dallas and Seattle servers go down, we will stay be able to log in to network because of the new server we setup in CA right?....plus it will be faster logins?

      Regarding DNS, how do I set the DNS in the CA office? what addresses? the DNS service IP addresses we pay for?...so all servers should have the same DNS addresses to get to the outside right?..

      Do you have any links or instructions on how to use sites/services for the situation I am in?.. I am not too sure what you mean in that step with DNS server and its local binding.

      Also, we will have WAN traffic between the DCs. What do you mean you can restrict?...can you set it to synch every few hrs so it doesnt distrupt business? is that smart to do? what will the repercussions be?

      Sorry for all these questions, but I am sort of new to this networking stuff and would like to learn more, but these situations are difficult when you don't have experience. Hopefully, this will be a piece of cake in a few years like you guys.

      Thanks for your help and will be waiting for the reply.

      Comment


      • #4
        Re: Synch servers, one domain, across states

        You don't say it, but I presume you have site-to-site VPNs in place already?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Synch servers, one domain, across states

          Originally posted by Ossian View Post
          You don't say it, but I presume you have site-to-site VPNs in place already?
          We do have VPN in the CA office.

          Comment


          • #6
            Re: Synch servers, one domain, across states

            Originally posted by wsantos_2008 View Post
            We do have VPN in the CA office.
            Where does it go to?

            Normally, with multiple sites, you will have VPNs between them to securely transfer data
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Synch servers, one domain, across states

              Originally posted by Ossian View Post
              Where does it go to?

              Normally, with multiple sites, you will have VPNs between them to securely transfer data

              I am not sure what you mean by this, sorry. We have VPN to remotely log into the CA offices, hope that is what you're asking. I need help in how to setup the install from my first question. I am curious, what does VPN have to do with setting up the computers to all synch?...

              Comment


              • #8
                Re: Synch servers, one domain, across states

                Well VPN has to quite a lot...
                Because it's about the same idea how you connect to a server without a network cable plugged in

                The basics for a site-to-site (or lan-to-lan) is rather simple:
                A secure permanent tunnel through the internet to connect different network to each other.

                Client VPN is something you need to start manually on your XP/Vista Box.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Synch servers, one domain, across states

                  Originally posted by Dumber View Post
                  Well VPN has to quite a lot...
                  Because it's about the same idea how you connect to a server without a network cable plugged in

                  The basics for a site-to-site (or lan-to-lan) is rather simple:
                  A secure permanent tunnel through the internet to connect different network to each other.

                  Client VPN is something you need to start manually on your XP/Vista Box.

                  dude, can you explain it a little better? remember, I am no expert and not sure what you mean about setting up VPN in all the offices. I have servers wtih DNS, etc......I am confused about VPN. We setup a VPN box so we could remotely do work, but how would it interact in this setup? host-01 in Texas, host-02 in Seattle, and hostC in CA. So install VPN on which? how will it synch the AD?

                  Comment


                  • #10
                    Re: Synch servers, one domain, across states

                    You would normally set up two or three permanent VPNs between your routers (not PCs):
                    TX--WA
                    TX--CA
                    You could also "complete the triangle" by setting up CA--WA

                    This means every computer can see computers at other sites as if they were on the same LAN (obviously slower, though)

                    What are the makes/models of the internet facing routers at each site?
                    Last edited by Ossian; 29th October 2008, 08:54.
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Synch servers, one domain, across states

                      Originally posted by wsantos_2008 View Post
                      dude, can you explain it a little better? remember, I am no expert and not sure what you mean about setting up VPN in all the offices. I have servers wtih DNS, etc......I am confused about VPN. We setup a VPN box so we could remotely do work, but how would it interact in this setup? host-01 in Texas, host-02 in Seattle, and hostC in CA. So install VPN on which? how will it synch the AD?
                      Yes I could (I really should start blogging or something like that )
                      But have a read on this:
                      http://computer.howstuffworks.com/vpn1.htm

                      And to write some text from my own as an addition:

                      The most common VPN's are Remote Access VPN and Site-to-Site VPN (also called LAN-to-LAN).

                      What's the difference?

                      First of all let's have a look at Remote Access VPN.
                      Remote access VPN make it possible to setup a tunnel between a client computer and a companies network. So for example, a user who want to work from home boots up his computer and because he has in Internet feed he can connect securely to the company
                      See this drawing:

                      Like you can see quite clearly their is only one user connected through that tunnel. Every user who want to connect to the office should establish his own VPN tunnel. And if a user decide to stop working then he shutdowns his computer and the tunnel he previously has established will be disconnected.
                      For teleworkers this is super but......

                      What if you want to connect a whole office to an other office?
                      Well, then you can setup a Site-to-Site VPN.

                      Site-to-Site VPN
                      Like the name is actually already telling you you can connect a whole site (office) to another one. This tunnel is also connected permanently. So if a user goes home and he shutdowns his computer, the networks still remain connected.

                      See this drawing as an example:


                      Here you can see that the office is connected by a router. This can be done for example by a router, a firewall (Cisco, Juniper, Microsoft, Check Point and so on) and a RRAS server.
                      The main advantage of this is that you have a permanent tunnel. When a user arrive the next day on the office, he can boots up his computer and start working. It doesn't matter if he is the Headquarters or on a Branch office.

                      Also you setup your own servers behind the VPN tunnel. Maybe you want that they have their own DC for that subnet, or their own file/print services or maybe their own database services.

                      I hope this was more informative for you
                      Images used from; http://www.bioenable.co.in/technical...technology.htm

                      Edit: ok this was hurting my fingers from a lot of typing.
                      Last edited by Dumber; 29th October 2008, 10:35.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Synch servers, one domain, across states

                        Originally posted by Dumber View Post
                        Yes I could (I really should start blogging or something like that )
                        But have a read on this:
                        http://computer.howstuffworks.com/vpn1.htm

                        And to write some text from my own as an addition:

                        The most common VPN's are Remote Access VPN and Site-to-Site VPN (also called LAN-to-LAN).

                        What's the difference?

                        First of all let's have a look at Remote Access VPN.
                        Remote access VPN make it possible to setup a tunnel between a client computer and a companies network. So for example, a user who want to work from home boots up his computer and because he has in Internet feed he can connect securely to the company
                        See this drawing:

                        Like you can see quite clearly their is only one user connected through that tunnel. Every user who want to connect to the office should establish his own VPN tunnel. And if a user decide to stop working then he shutdowns his computer and the tunnel he previously has established will be disconnected.
                        For teleworkers this is super but......

                        What if you want to connect a whole office to an other office?
                        Well, then you can setup a Site-to-Site VPN.

                        Site-to-Site VPN
                        Like the name is actually already telling you you can connect a whole site (office) to another one. This tunnel is also connected permanently. So if a user goes home and he shutdowns his computer, the networks still remain connected.

                        See this drawing as an example:


                        Here you can see that the office is connected by a router. This can be done for example by a router, a firewall (Cisco, Juniper, Microsoft, Check Point and so on) and a RRAS server.
                        The main advantage of this is that you have a permanent tunnel. When a user arrive the next day on the office, he can boots up his computer and start working. It doesn't matter if he is the Headquarters or on a Branch office.

                        Also you setup your own servers behind the VPN tunnel. Maybe you want that they have their own DC for that subnet, or their own file/print services or maybe their own database services.

                        I hope this was more informative for you
                        Images used from; http://www.bioenable.co.in/technical...technology.htm

                        Edit: ok this was hurting my fingers from a lot of typing.



                        ok, I guess I will try this for now, but isn't there somethign easier? I already have the servers in all 3-4 places. Can't I just install DNS in the CA office and let them synch?...wouldn't that be the same as the VPN model you say to do?...I just want to make it as easy as possible w/o doing a new procedure. I will try the VPN, but just want to know if I could do what I mentioned here?..

                        Comment


                        • #13
                          Re: Synch servers, one domain, across states

                          I really really think you start with the basics.
                          First of all there should be network connectivity in place.
                          If you don't understand how the network connectivity is in place I really recommend you to hire a specialist.

                          After the connectivity then you will start thinking about how to connect those offices as sites.
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment

                          Working...
                          X