AD authentication across mpls
Scenario:
Company ABC has 9 sites connected via mpls across two states, say California and Washington. Site CA1 and WA1 are the headquarters and each have a windows server 2003 domain controller that handles authentication. If the other 7 sites are small, less than 10 employees, do I need to add a dc at each satellite office to handle authentication or will the connectivity via mpls to the hq dc's suffice?
Company ABC has 9 sites connected via mpls across two states, say California and Washington. Site CA1 and WA1 are the headquarters and each have a windows server 2003 domain controller that handles authentication. If the other 7 sites are small, less than 10 employees, do I need to add a dc at each satellite office to handle authentication or will the connectivity via mpls to the hq dc's suffice?
Comments
-
Claymoore Member Posts: 1,637It depends...
Are there any application servers at the remote sites that require a DC and/or GC, such as Exchange?
Will users need to authenticate to any local resources, such as a file server, even if the corporate link is down?
Will you be deploying software through group policy or other means that would occur during login?
Will the sites have separate internet connections besides the MPLS link? -
phoeneous Member Posts: 2,333 ■■■■■■■□□□It depends...
Are there any application servers at the remote sites that require a DC and/or GC, such as Exchange?
Will users need to authenticate to any local resources, such as a file server, even if the corporate link is down?
Will you be deploying software through group policy or other means that would occur during login?
Will the sites have separate internet connections besides the MPLS link?
1. Only resources at remote sites will be printing. Email, Apps and file shares are at headquarters.
2. No software via group policy.
3. No. Remote sites use hq internet link.
Each remote site has a 1.5Mbps t1, each hq office has 10Mbps.
EDIT:
I think I'm just going to put a server at each office and avoid any possible headaches. -
Asif Dasl Member Posts: 2,116 ■■■■■■■■□□If you are going with Server 2008, it could be a chance to deploy BranchCache and Read-Only Domain Controllers at the branch sites.
-
it_consultant Member Posts: 1,903You don't need a DC at each site. Authentication traffic is not what will fill those pipes up. It will most certainly be CIFS (same as SMB) traffic for file sharing that will be the biggest problem.
-
Claymoore Member Posts: 1,6371. Only resources at remote sites will be printing. Email, Apps and file shares are at headquarters.
2. No software via group policy.
3. No. Remote sites use hq internet link.
Each remote site has a 1.5Mbps t1, each hq office has 10Mbps.
EDIT:
I think I'm just going to put a server at each office and avoid any possible headaches.
Since you have established you don't need them, placing a DC at each would only cause headaches. Equipment, licensing, maintenance, security - all headaches you can avoid. -
phoeneous Member Posts: 2,333 ■■■■■■■□□□Since you have established you don't need them, placing a DC at each would only cause headaches. Equipment, licensing, maintenance, security - all headaches you can avoid.
Those arent really headaches, in fact, I would prefer that much responsibility.