Sign in with
Sign up | Sign in
Your question

Joining multiple branch offices

Tags:
  • Windows Server 2008
  • Domain
  • Business Computing
Last response: in Business Computing
Share
September 3, 2013 4:09:11 AM

I was recently asked to help setup 3 or 4 branch offices to the same domain all sites will be using windows server, 2008 will be the main OS.
Other than using windows, because im not aware what routers they are using. What is the best method to do this? Setup a DC at each site? Take into account that bandwidth might be a limiting factor. Maybe uploads at each site at 4mb sec.
What is the best way to put each site on the same domain? Can this be done in AD only? Just give me some tips as to how i would accomplish this in windows server. Thanks ahead of time!

More about : joining multiple branch offices

September 3, 2013 7:07:51 AM

I've had a similar situation for a small business office with several branch offices that I have been researching and working on. Many times the recommendation has been to set up a single domain controller at the main office and connect the branch offices through VPN. However, most of the time people also have 50+ Mbps internet connections to work with, while out here the fastest connection available is less than 10 Mbps. So, that makes centralizing a domain controller for branch offices very impractical.

Here's what we have been testing and planning. First, you will need to set up site-to-site VPN tunnels between the branch offices and the main office. While it's possible to do software-based VPN systems to do this for you, I don't have any personal experience with them to give you a recommendation. Instead I have utilized Sonicwall TZ series firewalls, which are incredibly easy to get set up with VPN tunnels compared to anything else I have looked at. With all the branch offices connected back to the central office, you will want to set up individual domain controllers at each branch office. These will act as the branch office user account access and control server, the local DNS server, and storage server as well, so each server only has to handle the demands of their local office. However, at the main office you will also be running a forest domain controller that all other domain controllers are under. This means that instead of having a single domain, you have multiple, but all are connected or controlled by the root domain controller, making a Domain Forest. But you will have to have the VPN in place first to be able to have all the domain controllers communicate on the same network system back to the main office.

There are many other ways of achieving this, though. I would be glad to hear any other input or ideas on this situation as well.
September 3, 2013 7:43:27 AM

This is what i was thinking. (((choucove)))
I know you can setup a VPN connection Via the Main DC having remote access server role installed. Should only each DC at each branch be connected to the VPN, saving the time and trouble of setting up each individual user to a vpn. If this is the case, in which way should each branch AD/DC computer connect to the main DC, just like you would at home? Create new VPN connection? Then would all the user computers use each site server as DNS so user traffic also gets routed to other sites as well as local? I also think each office has to be on different subnets for communication to take place.

This is what i wonder.
Related resources
September 3, 2013 8:32:48 AM

My niche is, i can setup the first domain, i can create VPN access, either through remote access server or VPN capabilites within a router. I just dont know the best method to connect the sites i guess is what i am saying like should branch sites just be setup as Read Only Domain Controllers? Pretty much what my question is. Or should they be setup like this

Main Office main.oursite.com
Branch office 1 branch1.oursite.com
Branch Office 2 branch2.oursite.com

idk :p  im lost sometimes
September 3, 2013 5:18:56 PM

It's hard to say really. Either of the scenarios that you described should work, so it comes down to your personal preference and possibly some other inputs here can help with determining which is your best fit. The way I envisioned the network we are working with is how you were describing for the second option, main.oursite.com, branch1.oursite.com, etc.

Within Windows you can create a VPN connection for many different connection types, and that would allow you to bridge only the domain controllers through the VPN which can have the added benefit of better security and decreased bandwidth. However, I've not personally done this yet to test it myself, so I can't really give you much advice there. The configurations I have done was complete network access VPN. In the case of what you are suggesting, only connecting the DC to the VPN, then yes you can set up an additional network connection with the Network Connection and Sharing Center. If you have a hardware device for VPN, you can often times limit connectivity to a single or set of IP addresses within your network or even specific ports.
!