Remote site w/o VPN?

  • Thread starter Thread starter Fritz
  • Start date Start date
F

Fritz

I'm considering creating a remote site without VPN. The site will have a
DCs that will need to talk to the main site's DCs - that's the only traffic
that will have to get across the internet from site A to site B (for the
purpose of this conversation). Do I need VPN between sites or do domain
controllers encrypt connections by default?

Thanks in advance!
 
Fritz said:
I'm considering creating a remote site without VPN. The site will have a
DCs that will need to talk to the main site's DCs - that's the only
traffic that will have to get across the internet from site A to site B
(for the purpose of this conversation). Do I need VPN between sites or do
domain controllers encrypt connections by default?
Click to expand...

DCs sort of encrypt traffic but a VPN would be better if you must cross
the Internet.
 
Herb,
Thanks for the response. Would you mind explaining or pointing me to an
article that explains how DCs "sort of" encrypt traffic?

Thank you!
 
Fritz said:
Herb,
Thanks for the response. Would you mind explaining or pointing me to an
article that explains how DCs "sort of" encrypt traffic?
Click to expand...

I don't know that there is one that goes beyond the following:

DCs setup a (supposedly) secure channel for doing replication.
The replication traffic is usally also compress between sites (but
no guarantee on the compression part since it kicks in at a minimum
size of transfer.)

In a private discussion with one of the AD developers at a TechEd,
he warned me that the traffic was merely "obfuscated" but not
technically encrypted in such a way as to make it fully secure.
 
Please don't do this. You're going to cause yourself more trouble than its
worth. Why can't you just build a simple encrypted tunnel between the sites.

--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com
 
Back
Top