Announcement

Collapse
No announcement yet.

PLEASE HELP - Setup Branch Office

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PLEASE HELP - Setup Branch Office

    I've been asked to setup a 2nd site to our office, I've never done this before, only done internal servers, so could really use some help.

    There will be a firewall device at each end that will establish a site to site VPN for connectivity between the 2 sites.

    How should I configure each site?

    I know this will vary from site to site, I know this, I'm just wanting to learn the min requirements to make it all work, I can look at customising for our needs later. I'm after quite ganular information, ie, the order to set up each component & how to do it, click by click.
    ____________________________________________

    Let's call them
    SITE1:
    - DNS: site1.company.local
    - Server Name: SVR1
    -
    Server IP: 192.168.4.2
    - 2003 domain with 2 DCs in 2003 mode
    - 192.168.4.0/24
    - VPN/Router/Firewall/Gateway IP: 192.168.4.1
    SITE2
    - DNS: site2.company.local
    -
    Server Name: SVR2
    - Server IP: 192.168.5.2
    - 192.168.5.0/24
    - VPN/Router/Firewall/Gateway IP: 192.168.5.1
    ____________________________________________
    I've included as much info as I can think of, let me knwo if you need any other details (or feel free to make up details for the scenario).

    Components that come to mind are:
    * Domain Controller setup
    * Forest/domain setup
    * DNS
    * AD Domains & Trusts
    * AD Sites & Services

    Thanks very much for any help, I'm in a really tight bind here!
    I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
    Go Here for their free 5GB: http://www.idrive.com/p=gavamm
    I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

  • #2
    Re: PLEASE HELP - Setup Branch Office

    hi,

    a little clarification,

    are both sites being setup from scratch
    or site 1 is up n running
    and site2 is in deployment phase.

    Comment


    • #3
      Re: PLEASE HELP - Setup Branch Office

      You will need to tell us the make and model of your firewall devices, and I don't think anyone will give you "click by click" instructions

      Have you thought of bringing in a consultant?
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: PLEASE HELP - Setup Branch Office

        site 1 is up n running and site2 is in deployment phase The firewall devices are being setup by a consultant, it's just the windows configuration that I need to do.
        I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
        Go Here for their free 5GB: http://www.idrive.com/p=gavamm
        I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

        Comment


        • #5
          Re: PLEASE HELP - Setup Branch Office

          OK --sorry
          How comfortable are you setting up an additional Domain Controller in an existing site?
          There really are few differences except you will set up a second DHCP server for 192.168.5.x at the second site
          The only other thing is to allow plenty of time for replication -- dont be impatient!
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: PLEASE HELP - Setup Branch Office

            I've setup multiple DCs internally before, that's no problem as most of that is automated, but for a branch site I'm not sure how to configure DNS, forwarding, sites & services, domains & trusts, subnets, etc? I've only ever setup multi DCs in the same domain.
            I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
            Go Here for their free 5GB: http://www.idrive.com/p=gavamm
            I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

            Comment


            • #7
              Re: PLEASE HELP - Setup Branch Office

              OK, rough summary, and will help you elaborate
              On your main site DC
              go to ADSS and make sure main and branch site are created, with correct subnets assigned to them
              go to DNS and create reverse lookup zones (AD integrated) for each subnet
              If you can, build the branch office DC and join to domain as member server but (IMHO) do not DCPromo yet

              At the branch office:
              Switch on new DC (still a member server) adn configure IP address to new site
              Make sure new DC has main site DC as its primary DNS server
              Check VPN is established and that you can ping main site DC by both names (server and server.domain.local)
              DCPromo (will be slower than in one site)
              In ADSS, check it is in the correct site, make it a GC and check that site links have been created from old to new and new to old (manually create them on both DCs if needed)
              Create test objects in AD at both ends and wait until they have replicated to the other server - be patient
              Install DNS but dont do any configuration except root hints and checking it is AD integrated
              Wait, wait, wait for DNS replication to occur -- leave it 24 hours if needed
              Change networking on new DC to point to itself for first DNS server and main site DC as second

              Thats basically it -- someone will fill in the gaps for you
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: PLEASE HELP - Setup Branch Office

                Thanks for that overview.
                I'm in the process of setting up a Windows Virtual Server to run a test setup (just having some difficulty getting the virtual server networked with the host..).

                Below is what I originally noted down as my plan of attack, I will compare it with what you mentioned & post any questions, but from a quick read it looks similar, I was just adding more detail when I put it together.

                Feel free to do the same by posting comments, corrections, or reordering.
                Thanks for your assistance.
                _____________________

                * Install Windows Server (2003 std)
                * Establish the VPN connection
                * Ping SITE1
                * Promote the server to DC with DNS AD integration
                * Set the DNS as an AD Interated secondary server
                * Configure DNS conditional forwarding for site1.company.local and company.local to go to SITE1 DNS server to resolve. (Clients would only need to be configured to point to the local DNS).
                * ADDT (at both sites) - RC domain name - Properties - Trusts - New Trust - "site1.company.local" - Next - Trust with a windows domain - "site1.company.local" - finish
                * ADSS ?? I'm sure we'd have to setup something here?!
                * Rename "Default-First-Site-Name" to "SITE2-company-local"
                * RC Sites - New Site - name "SITE1-Company-local" - select "DefaultIPSiteLink" - OK
                * Under the new site RC Servers - New-Server - "SVR1.SITE1.company.local" - OK
                * RC Subnets - New Subnet - 192.168.4.0/24 - Select "SITE1-Company-local" - OK
                * RC Subnets - New Subnet - 192.168.5.0/24 - Select "SITE2-Company-local" - OK
                * I'm not sure what to do with "SITE2-Company-local" - Servers - RC SVR2 - Properties - Transports?
                * "SITE2-Company-local" - Servers - SVR2 -RC NTDS Settings - New AD Domain Services Connection - Select SVR1 - OK
                I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
                Go Here for their free 5GB: http://www.idrive.com/p=gavamm
                I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

                Comment


                • #9
                  Re: PLEASE HELP - Setup Branch Office

                  Most of what you are doing looks similar except
                  ADDT (at both sites) - RC domain name - Properties - Trusts - New Trust - "site1.company.local" - Next - Trust with a windows domain - "site1.company.local" - finish
                  Are you wanting 2 domains (company.local at main site and site1.company.local at remote site)?
                  If so, WHY? -- you do not need a new domain for an additional site
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: PLEASE HELP - Setup Branch Office

                    Yeah, fair enough.
                    I was planning on setting up a 2nd domain as the rate of growth is quite large. I guess I could look at setting up a 2nd domain later if the rate of growth continues. They are in different states too.
                    I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
                    Go Here for their free 5GB: http://www.idrive.com/p=gavamm
                    I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

                    Comment


                    • #11
                      Re: PLEASE HELP - Setup Branch Office

                      The only reason for a second domain in Server 2003 is if you have different security requirements (e.g. password complexity or lockouts. Having one domain only will make your life SO much simpler!
                      Or if you expect to have more than a billion SIDS http://technet.microsoft.com/en-us/l...01(WS.10).aspx
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: PLEASE HELP - Setup Branch Office

                        Ok, I see what you're saying. So best would be to setup a single domain, then just use AD OU's to manage the geographic areas.
                        I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
                        Go Here for their free 5GB: http://www.idrive.com/p=gavamm
                        I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

                        Comment


                        • #13
                          Re: PLEASE HELP - Setup Branch Office

                          Absolutely!
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: PLEASE HELP - Setup Branch Office

                            Thanks so much for your assistance so far

                            I've read/thought through all your steps, just got 3 questions:

                            1. I know I was asking for a general step through, which you answered well, so this is a more specific deviation question now.. Given that they won't be running Exchange or other server level programs do we need to make the branch site server a GC? Or will that just increase replication traffic with no real pay off? It's pretty much going to be a file server apart from domain level activities.

                            2. By site links, I'm assuming you're referring to each "site" (the 1st of which defaults initially to "Default-First-Site-Name")?

                            3. What would I need to change in Root Hints?
                              I was just going to leave this as-is to resolve internet name requests..
                            I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
                            Go Here for their free 5GB: http://www.idrive.com/p=gavamm
                            I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

                            Comment


                            • #15
                              Re: PLEASE HELP - Setup Branch Office

                              OK, since I seem to be the only one replying to this thread:
                              1) See this on GC placement: http://support.microsoft.com/default.aspx/kb/241789 (basically, there are options)
                              2) yes -- you can rename "default-first-site-name" if you want
                              3) What I meant was in the DNS install wizard -- it gives you 3 choices, the third one is "root hints only". You dont do anything yourself to configure them, just dont select either of the first two options
                              Tom Jones
                              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                              PhD, MSc, FIAP, MIITT
                              IT Trainer / Consultant
                              Ossian Ltd
                              Scotland

                              ** Remember to give credit where credit is due and leave reputation points where appropriate **

                              Comment

                              Working...
                              X