Announcement

Collapse
No announcement yet.

Setting up branch office

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up branch office

    We have a windows 2000 network here at the main office, active directory, exchange. We are now opening a branch ofice. can i set up a site to site vpn and have the branch office be on this domain and use exchange server. we will have a T1 coming into the branch office.
    Vlan would work but not sure if they will buy two layer 3 switchs.

    any suggestion
    Thanks

  • #2
    Re: Setting up branch office

    Yes, assuming both offices at some point need to share resources and they prefer not do do that entirely through internet email, that would be the ideal method.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment


    • #3
      Re: Setting up branch office

      Yes they will need access to the file server and other resources. we have an access database that they will use over there from main office.
      can you provide any configuring info that I should do when setting this up
      Thank you

      Comment


      • #4
        Re: Setting up branch office

        Originally posted by jeffaz View Post
        Yes they will need access to the file server and other resources. we have an access database that they will use over there from main office.
        can you provide any configuring info that I should do when setting this up
        Thank you
        Well, your first question was a general theory question.

        Now with your second question, we get into network design as well as Active Directory Sites and Services design, domain controller placement, etc.

        Let's start off with how you're going to connect these two offices. How far apart are they? What sort of network bandwidth will they have between them? Microsoft VPN or 3rd party VPN? How many users at each site? What services and servers will users at each site need to access? What services and servers currently exist already at each site? What will be the support model for each site - centralized or decentralized? Will any administration be delegated?

        I like AD design, unfortunately some of the people I design for take the Sanford & Son budget approach and aren't interested in the money it costs to implement AD properly. What's your budget? I'm afraid out of the gate here when the company won't purchase a layer 3 switch.
        Lot's of stuff to go through here.
        Last edited by jasonboche; 13th April 2007, 20:15.
        VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
        boche.net - VMware Virtualization Evangelist
        My advice has no warranties. Follow at your own risk.

        Comment


        • #5
          Re: Setting up branch office

          We will be getting a cisco ASA 5505 firewall for the remote site we have a Watchguard firebox 700 here ( would like to replace watchguard since my experience is with cisco & sonicwall ) I will set up a site to site vpn between the two ofices. We have 50 computers at main office and 10 at remote office. at main office we have server 2000 ( AD ) exchange 2000, terminal server on server 2003, file server and a server with access database. at main office computers use windows 2000/XP pro. I would like to have it so they are on this domain and have access to all resouces at main office just like they were here.
          Do I need a domain controller at the remote site? There is a budget here but they also need a very secure way to design this they follow HIPPA.

          Thank for your help

          Comment


          • #6
            Re: Setting up branch office

            Originally posted by jeffaz View Post
            We will be getting a cisco ASA 5505 firewall for the remote site we have a Watchguard firebox 700 here ( would like to replace watchguard since my experience is with cisco & sonicwall ) I will set up a site to site vpn between the two ofices. We have 50 computers at main office and 10 at remote office. at main office we have server 2000 ( AD ) exchange 2000, terminal server on server 2003, file server and a server with access database. at main office computers use windows 2000/XP pro. I would like to have it so they are on this domain and have access to all resouces at main office just like they were here.
            Do I need a domain controller at the remote site? There is a budget here but they also need a very secure way to design this they follow HIPPA.

            Thank for your help
            I still didn't get the size of you VPN link bandwidth between the two sites. I'll assume a full time (always up) fractional T or broadband but nothing close to 10Mbps. I'll also assume your 10 remote client computers are 2k or XP.

            The VPN between the two offices will allow the ability of both sites to share common resources. It will also allow you to configure a centralized security model for both sites (Active Directory).

            Server placement
            Although you could place a domain controller at your smaller site, it doesn't buy you much in terms of accessing shared resources quicker. It would allow DNS resolution traffic to stay local within the sites but again that isn't buying your clients much. For DR purposes it provides a safe copy of the AD infrastructure in case the main office burns to the ground. You have only one domain controller at the main office which I would advise against. You need at least one more domain controller for redundancy as well as for DR purposes. From the DR perspective, it makes total sense to put that DC at the small site.

            Your small office users are going to discover that although they can access file resources (including that database) through the VPN, it's not going to be remotely as fast as the access the main office users have to the data. One thing you could do to mitigate this latency perception your remote users will surely establish is to publish applications (or maybe even desktops) on that main office Terminal Server and allow your small office users to access the applications that way. The application response times will be at LAN speeds and only screen refresh/keyboard/mouse movements will traverse the VPN between sites, as well as some authentication and name resolution traffic in the background.

            Your small office users will also be able to use an MS Office Outlook client to connect to the Exchange server in the main office. Due to the VPN latency, I'd run the remote outlook clients in cached exchange mode or their outlook client may "freeze" frequently while it has a heart attack trying to contact the MAPI server.

            If you do choose to place a domain controller in the small office, you're going to need to set up two AD sites along with an intersite replication schedule. At that point it will also be time to look at FSMO role placement.

            Last but not least, consider upgrading those 2k servers to 2k3. 2k servers are running out of support fast. In addition, think about upgrading Exchange to 2003, or 2007 if you've got 64 bit hardware.
            Last edited by jasonboche; 13th April 2007, 21:55.
            VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
            boche.net - VMware Virtualization Evangelist
            My advice has no warranties. Follow at your own risk.

            Comment


            • #7
              Re: Setting up branch office

              At the remote site the new computers will be windows XP pro. It will be a always up fractional T1 for the site to site vpn. We will also be upgrading to server 2003 and exchange 2003 during this process...good point. so putting a server 2003 domain controller over their and having them use the excahnge server from the main site and run the outlook clients in cache mode will work best in this situation?
              could you provide info into this:
              If you do choose to place a domain controller in the small office, you're going to need to set up two AD sites along with an intersite replication schedule. At that point it will also be time to look at FSMO role placement. or provide links
              http://www.microsoft.com/technet/pro...tep/adsrv.mspx

              Thanks for all of your help.

              Comment

              Working...
              X