RODC's

[cpjitservices]

Right! A biggie this morning.

The Plan!

We are taking on board another building which is five miles away in the city, it doesnt sound alot BUT herein lies our problem!

The way the bosses want it to work is they want to be able to replicate this network at the other building IE they want to be able to take A PC and plug in and log on, problem is we will be doing a direct connection through IPSec Tunneling simply because we are going through the local ISP to get to this network in the main building (this building). So Am I right in thinking that if I put an RODC at the new building it will be a lot easier for me to setup and it will work just like being plugged in directly to the network here for logging on, all the shares will still be accessible no problem but with logging on over a 10 meg line it'll take ages having to send the traffic all the way here and back again so with having an RODC at the other end it will cache everything and speed up logins ?? and also what about my Exchange will that be ok tunneling through IPSec or would we be better off putting a second RODC running Exchange at the other building ?

Thanks everyone - I've been thinking about it all weekend and it's the only way I can think how do set it up.

[SYNACK]

RODC plus branch cache should make this work with an always on VPN/IPSec tunnel between the sites.

[cpjitservices]

Yeah we are etting up an always on tunnel between the sites - never heard of branch cache ?

[cpjitservices]

How would Exchange 2010 work ?? would it be ok to leave the server here and use over the Tunnel ?

There will be the same amount of users at the remote site as there are here, we will only have one 10 Meg line although it'll be able 6 meg.

[SYNACK]

Branch cache is a service offered in Windows 7 and 2008 R2 that sits in the middle between your hosts and a heavily contested network resource. It will cache stuff that is requested from a remote resource locally and then any time a station tries to access that file it checks to see if it has changed on the remote server and if not serves it locally. I think it also does block level changes but I can't remember.

Windows Server | BranchCache | Remote Office Performance

BranchCache

[SYNACK]

As to exchange it depends on how heavy the usage is with large files etc, I don't imagine it would be any worse than the comparitive fluffy cloud nonsence so you should be alright.

If you are also pulling internet traffic via the primary site then I'd suggest putting in another cache server in at the remote site to deal with internet traffic like ISA/TMG this will allow for easy setup of the tunnel and also further lower/optimise the traffic over the remote link. ISA/TMG will need its own server or 2008 SP2 VM though (it has issues on 2008 r2).

[cpjitservices]

Thanks Synack I just read about that and it looks good, so I'm going to look at implementing that but at the same time I have just read that Exchange doesn't support RODC or ROGC.

So it looks like the Exchange server here will have to be accessible over the Tunnel and as-long as it doesn't get hammered we should be ok, but I'm thinking it will do.

[cpjitservices]

Ahh I see, the Internet traffic will be coming into the site via a different line to the network, that way the network wont be as congested over the same line to the internet.

[cpjitservices]

We are using a pfsense box at the remote site like we do here to load balance and firewall the network, this will also be running the IPSec Tunnel.

[SYNACK]

In which case if the links are seporate and the main link back to the primary site becomes cogested you could easily make outlook + webmail connect via the internet link instead over SSL which will take some of the load off. It would just be a case of getting the settings right and possible changing DNS at the remote site.

[cpjitservices]

we do have OWA running but but the bosses wont use it!

I may have to dedicate one link just for outlook / exchange.