Interflex
Guest
|
 Posted:
Tue Jan 25, 2005 5:31 am Post subject:
Setting up New Branch Office (VPN Exchange ISA) Suggestions |
|
|
I currently have one office with about 30 users and we will be opening an
office soon with another 30 users in another physical location. I currently
have one domain, use ISA server, and use Exchange 2000 for email.
Does anyone have recommendations how I can connect the new office to the
current office? Do I require a trusted domain, child domain, or are they on
the same domain? Any advice would be appreciated. Would the remote office
have DNS, DHCP, etc....
From what I have researched I should be able to setup another ISA server at
the remote location and connect both ISA servers over the WAN using VPN. I
would then make the new file server at the remote location a site of the
current domain. So basically at the remote location I would require two
servers to start off with, one ISA and one for the file server.
If anyone has other suggestions it would be muchly appreciated or point me
to where Microsoft has a best practices for this type of configuration.
My equipment:
Main office
a) (one server) Windows 2000 Server - ISA Server 2000
b) (one server) Windows 2000 Server - File, Print, DHCP, DNS, RASS
c) (one server) Windows 2000 Server - Exchange 2000
My solution so far:
a) Connect both sites using ISA at each location using a site-to-site L2TP
over IPsec VPN.
b) Place a new Windows 2000 Server at the branch office and install AD, DNS
and DHCP.
c) Make the remote office server a Global server to.
Excerpt from reply port:
If the VPN link goes down users can still authenticate and function until
the VPN is restored. Although it’s not ideal everything can be installed on
the file server. Install and configure the new server at your current site
including Active Directory. Make sure everything is running smoothly with the
new server before you move it to the new site, by this I mean checking the
event logs for any warnings or errors. If you’re not already doing it, I
would recommend using AD integrated DNS. Enable Global catalog on the new
DC’s. There should be a GC at each site. Install DHCP on the new server but
do not authorize and enable it until you have it at the new location. The
remote site should use a different subnet than your current site. The new
server will handle DHCP for the new site and your current DHCP server will
handle your existing office. DNS should be AD integrated so you won’t have to
worry about that. You also need to create a new Site in Active Directory
Sites & Services to represent the new office location. After the server is
physically moved to the new office use AD Sites and Services to move the
server object into the AD Site and make sure replication is properly
configured between the DC’s. There is obviously a lot more detail to all of
this than I’m explaining here but this should get you started down the right
path.
My outstanding questions:
a) Do i need to upgrade to Windows 2003 or ISA 2004? (THERE IS A LOT OF
DOCUMENTATION OUT THER ABOUT CONNECTING SITES USING ISA SERVERS BUT THEY ALL
REFER TO WINDOWS 2004 OS)
b) Do I need to, or when would I need to install Exchange 2000 at the Branch
office location?
c) If I do need to install Exchange at the Branch office what is the
procedure for this?
I just want to make sure that I am doing things in the best manner possible.
Thanks for your help and suggestions.
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in