Branch Office setup

Hi

I am in quite a nice position of being able to start from a relatively blank
canvas, but need some advice on how to proceed.
(All servers Windows 2003 R2 with XP clients unless stated.)
I have a main office network (IP range 10.1.1.0/24) already in place with a
domain of domain.org.uk and an ISA server 2006 (domain member) connected to
a leased line as an edge firewall. I have field workers connecting to the
network using VPN through the ISA Server.

I also have a remote office that has a Linux gateway that connects to the
main office using OpenVPN. The DNS zone for the remote office is
remote.local. IP range 192.168.24.0/24 - which cannot be changed.

I want to transfer this functionality to a Windows/ISA Server configuration,
but am unsure as to the best practice of how to setup the branch office.

1) Would I need a separate DC and what would be the best domain name
(domain.org.uk, site.domain.org.uk or something else)
2) Would the remote site need it's own DNS/DHCP?
3) If DC and DNS, would the DNS server need to be AD integrated into the
main office?

Before I put this into action I want to test it using Virtual PC, so I am
sure that I will have many more questions, but thanks in advance for any and
all help.

Cheers
Tony

Hello TJ,

See inline.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi
>
> I am in quite a nice position of being able to start from a relatively
> blank
> canvas, but need some advice on how to proceed.
> (All servers Windows 2003 R2 with XP clients unless stated.)
> I have a main office network (IP range 10.1.1.0/24) already in place
> with a
> domain of domain.org.uk and an ISA server 2006 (domain member)
> connected to
> a leased line as an edge firewall. I have field workers connecting to
> the
> network using VPN through the ISA Server.
> I also have a remote office that has a Linux gateway that connects to
> the main office using OpenVPN. The DNS zone for the remote office is
> remote.local. IP range 192.168.24.0/24 - which cannot be changed.
>
> I want to transfer this functionality to a Windows/ISA Server
> configuration, but am unsure as to the best practice of how to setup
> the branch office.
>
> 1) Would I need a separate DC and what would be the best domain name
> (domain.org.uk, site.domain.org.uk or something else)

I would add it to the same domain and configure AD Sites and services for
the new location.

> 2) Would the remote site need it's own DNS/DHCP?

I would suggest it to set a DC/DNS/GC/DHCP in the site, so the users can
logon and work, even if the main site is not reachable.

> 3) If DC and DNS, would the DNS server need to be AD integrated into
> the
> main office?

I suggest to use AD integrated zones, so you have DNS replicated between
both sites with AD replication. Additional it has the advantage that you
can add records, if you would use only a secondary DNS server, this stores
a Read-only copy of the zones.

> Before I put this into action I want to test it using Virtual PC, so I
> am sure that I will have many more questions, but thanks in advance
> for any and all help.
>
> Cheers
> Ton

Tony,
You would probably want to put a DC/DHCP/DNS server at the remote site. But
you would have it in the same domain as your existing one. With an
AD-integrated DNS zone for the domain your DNS would automatically replicate
to the other DC/DNS server.
Anthony,
http://www.airdesk.com




"TJ" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi
>
> I am in quite a nice position of being able to start from a relatively
> blank canvas, but need some advice on how to proceed.
> (All servers Windows 2003 R2 with XP clients unless stated.)
> I have a main office network (IP range 10.1.1.0/24) already in place with
> a domain of domain.org.uk and an ISA server 2006 (domain member) connected
> to a leased line as an edge firewall. I have field workers connecting to
> the network using VPN through the ISA Server.
>
> I also have a remote office that has a Linux gateway that connects to the
> main office using OpenVPN. The DNS zone for the remote office is
> remote.local. IP range 192.168.24.0/24 - which cannot be changed.
>
> I want to transfer this functionality to a Windows/ISA Server
> configuration, but am unsure as to the best practice of how to setup the
> branch office.
>
> 1) Would I need a separate DC and what would be the best domain name
> (domain.org.uk, site.domain.org.uk or something else)
> 2) Would the remote site need it's own DNS/DHCP?
> 3) If DC and DNS, would the DNS server need to be AD integrated into the
> main office?
>
> Before I put this into action I want to test it using Virtual PC, so I am
> sure that I will have many more questions, but thanks in advance for any
> and all help.
>
> Cheers
> Tony
>

Thanks Meinolf
Would it be best to configure the Branch office DC at the main site on the
10.1.1.0 range and then change the IP to 192.168.24.x before shipping to the
remote site? And how would I configure AD Sites and Services - this is not
something I've needed to use in the past

>> 1) Would I need a separate DC and what would be the best domain name
>> (domain.org.uk, site.domain.org.uk or something else)
>
> I would add it to the same domain and configure AD Sites and services for
> the new location.



>> 2) Would the remote site need it's own DNS/DHCP?
>
> I would suggest it to set a DC/DNS/GC/DHCP in the site, so the users can
> logon and work, even if the main site is not reachable.
>
>> 3) If DC and DNS, would the DNS server need to be AD integrated into
>> the
>> main office?
>
> I suggest to use AD integrated zones, so you have DNS replicated between
> both sites with AD replication. Additional it has the advantage that you
> can add records, if you would use only a secondary DNS server, this stores
> a Read-only copy of the zones.
>
>> Before I put this into action I want to test it using Virtual PC, so I
>> am sure that I will have many more questions, but thanks in advance
>> for any and all help.
>>
>> Cheers
>> Tony
>
>

Cheers Meinolf - you're a star


"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:(E-Mail Removed) .com...
> Hello TJ,
>
> See inline.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Thanks Meinolf
>> Would it be best to configure the Branch office DC at the main site on
>> the
>> 10.1.1.0 range and then change the IP to 192.168.24.x before shipping
>> to the
>> remote site?
>
> Will be easier, i would do it this way. Also see here to prepare for a
> shipping:
> http://technet2.microsoft.com/window...3.mspx?pf=true
>
> And how would I configure AD Sites and Services - this
>> is not
>> something I've needed to use in the past
>
> See here for the Site configuration, expand in the left pand the "+":
> http://technet2.microsoft.com/window....mspx?mfr=true
>
> http://technet2.microsoft.com/window....mspx?mfr=true
>
>>>> 1) Would I need a separate DC and what would be the best domain name
>>>> (domain.org.uk, site.domain.org.uk or something else)
>>>>
>>> I would add it to the same domain and configure AD Sites and services
>>> for the new location.
>>>
>>>> 2) Would the remote site need it's own DNS/DHCP?
>>>>
>>> I would suggest it to set a DC/DNS/GC/DHCP in the site, so the users
>>> can logon and work, even if the main site is not reachable.
>>>
>>>> 3) If DC and DNS, would the DNS server need to be AD integrated into
>>>> the
>>>> main office?
>>> I suggest to use AD integrated zones, so you have DNS replicated
>>> between both sites with AD replication. Additional it has the
>>> advantage that you can add records, if you would use only a secondary
>>> DNS server, this stores a Read-only copy of the zones.
>>>
>>>> Before I put this into action I want to test it using Virtual PC, so
>>>> I am sure that I will have many more questions, but thanks in
>>>> advance for any and all help.
>>>>
>>>> Cheers
>>>> Tony
>
>

Hello TJ,

See inline.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Thanks Meinolf
> Would it be best to configure the Branch office DC at the main site on
> the
> 10.1.1.0 range and then change the IP to 192.168.24.x before shipping
> to the
> remote site?

Will be easier, i would do it this way. Also see here to prepare for a shipping:
http://technet2.microsoft.com/window...3.mspx?pf=true

And how would I configure AD Sites and Services - this
> is not
> something I've needed to use in the past

See here for the Site configuration, expand in the left pand the "+":
http://technet2.microsoft.com/window....mspx?mfr=true

http://technet2.microsoft.com/window....mspx?mfr=true

>>> 1) Would I need a separate DC and what would be the best domain name
>>> (domain.org.uk, site.domain.org.uk or something else)
>>>
>> I would add it to the same domain and configure AD Sites and services
>> for the new location.
>>
>>> 2) Would the remote site need it's own DNS/DHCP?
>>>
>> I would suggest it to set a DC/DNS/GC/DHCP in the site, so the users
>> can logon and work, even if the main site is not reachable.
>>
>>> 3) If DC and DNS, would the DNS server need to be AD integrated into
>>> the
>>> main office?
>> I suggest to use AD integrated zones, so you have DNS replicated
>> between both sites with AD replication. Additional it has the
>> advantage that you can add records, if you would use only a secondary
>> DNS server, this stores a Read-only copy of the zones.
>>
>>> Before I put this into action I want to test it using Virtual PC, so
>>> I am sure that I will have many more questions, but thanks in
>>> advance for any and all help.
>>>
>>> Cheers
>>> Tony