remote offices over ADSL

[John Smith]

Can anyone tell me a good way to have just one domain with the following
set up?


One home office: 20 desktops, 2Mbps ADSL

Remote office A: 5 desktops, 512Kbps ADSL

Remote office B: 5 desktops, 512Kbps ADSL


Is it feasible to create a vpn from remote offices to home office and
have users access all domain services via vpn?

Or do we need a local win server in each remote office but the domain
controller in the home office?

Has any one any experience with this kind of setup or can point me to a
good resource?

Thanks

John

 

[Kurt]

It really depends on what they're doing. As far as just logons and such,
512K should work just fine for 5 workstations. But if they're accessing
files or even have to fetch lots of records from a database, there are other
alternatives. I have one client with a remote office that uses RDP to a
Windows 2000 terminal server to run their primary applications because the
database server is at the head office. I also have a VPN from the terminal
server back to the router at the remote office that is used for printing
because their application cannot be configured to print to the dynamic rdp
session printers (printeres must be hard-coded because of high security
requirements). The whole thing works really well. RDP consumes very little
bandwidth, but is a little sluggish for things like CAD or graphics. And if
you need all those pretty colors, you'll need to run terminal services on
Server 2003 (W2K only supports 256 colors). If bandwidth for applications
isn't an issue, a VPN should do just fine.

....kurt

 

[John Smith]

Thanks Kurt,

What we have at the moment are instances of Small Business Server at
each location, each being a separate domain.

(a historical inheritance)

Because client wants all staff to have same email suffix, all remote
staff have an account on home office server, with a related contact to
point to their "real" email address.

As you can see this is unsatisfactory.

At remote offices, the typical tasks are email, word processing and
printing of letters, and web access.

Do you think we could do away with the remote office SBS2000 servers and
just set up a vpn via the router, and have all rdp and printing go over
that?

Then the remote office staff would be part of the same domain, only one
account to administer for each staff member.

Thanks,

John

 

[Kurt]

At remote offices, the typical tasks are email, word processing and
printing of letters, and web access.

Word processing and printing are generally local stuff that doesn't require
any bandwidth to speak of and email and web don't need much either in most
offices (other than maybe sending and receiving attachments). More
importantly would be where the documents are stored and how large they are.
Transferring a 10 MB document across a 512K circuit (figuring overhead for
TCP/IP, SMB and the time for authentication, etc) might take a couple
minutes or more. If this is only a few documents a day, that might be
acceptable. But if users are constantly loading and saving files from the
server at the other end of the VPN, you'll be paying a lot of salary for
them to wait for files to open and close. Or even if they need information
"at their fingertips", having to wait that long will definitely NOT be
acceptable. Since you have SBS, you're really stuck as far as what you can
do. You can't create a trust to the other end (which might well be the
easiest thing to do), and you can't demote SBS to a member server and join
it to the other domain. The good news is, if you want a local file server at
the remote site, you can just put a new hard drive in the server (keeping
your current SBS installation fully intact) and install XP Pro. It'll make a
dandy server for just 5 users and you can join it to the domain at the other
end. That might be the best solution for you (I'm not recommending anything,
the decision is all yours). The files used by the remote office would stay
there on the new XP Pro server so they wouldn't have to traverse the slow
WAN link. And users would all be members of the same domain so you could
consolidate their email. The only real traffic would be logons and other
authentication plus email.

A few pointers if you decide to go that way. Use the "File and Settings
Transfer Wizard" (FASTWIZ) on any XP Pro CD to make backups of users
profiles to a files sever BEFORE YOU DISCONNECT THE OLD DOMAIN. If it were
me, once that was done I'd take down the old Server (just take the hard
drive(s) out) and bring up my new box (of course everything is already
backed up that you'll need to put back on the new XP "server"). Then remove
the computers from the old domain (they'll complain because they can't find
the DC, but they will unjoin), join them to the new domain (along with the
new XP Server) and log the users into their accounts (which are already
created according to your previous post). Then run the FASTWIZ to get all
their settings back. With a little luck, They'll hardly know anything has
changed. If it all blows up, just put the old hard drives back in, and
rejoin the computers to the old domain and everything is as it was.

....kurt