Wireless Networks Thread, Geographically seperate LAN's? in Technical; I have to connect two LAN's so they are 'one' - trouble is that are in different geographical loactions. I ...
18th July 2009, 04:34 PM #1
- Rep Power
Geographically seperate LAN's?
I have to connect two LAN's so they are 'one' - trouble is that are in different geographical loactions. I use Terminal Server at the moment, is there a better way?
18th July 2009, 04:45 PM #2
A lot of the options depend on what speed your link is between the two sites, - if it's a slow ADSL link, then TS may be the only way you can do it.
If you're in an area which is serviced by a cable company, it may well be worth speaking to them about using their network. We've got two sites using a local cable company's ducting to provide a direct fibre link between sites, - there is an annual rental, but it's tiny compare to what BT would charge, and they get full use of an 8-core fibre for that (currently providing 3GB/s).
Last edited by SteveMC; 18th July 2009 at 04:51 PM.
Thanks to SteveMC from:
alan7736 (18th July 2009)
18th July 2009, 08:31 PM #3
What do you need to achieve? Is it just that you want to join 2 domains so they become one? If you've got domain controllers and file servers at each site and you can confine network traffic to the site then you may not need huge bandwidth (just enough for DC replication which is quite small)
Do you have line of sight between your two locations? If so, you can look at laser/microwave links. They can be quite expensive to install (c. £10,000) but there are no rental costs and you can easily get 100 Mbit links.
If you can't do that then as Stephen says you need to look at what the telecomms companies can offer. If you don't have Virgin in your area then it will have to be BT fibre but note that this is resold by other companies - eg Thus - and often for less than BT will charge (which is barking mad but that's the way it goes!)
19th July 2009, 10:15 AM #4
If you've got decent connectivity between the two set up a static VPN between them both. Really does depend on what you actually need to achieve, what does the outcome need to be i.e. what do people need to be able to do. Also, what is the connectivity between the sites, I'm assuming they both have Internet connections?
19th July 2009, 11:18 AM #5
- Rep Power
thanks for the replies thus far.
Site 1 = (local) domain with 2003 server.
Site 2 = stand-alone machines, ethernet etc but no domain.
I 'disuade' users from loggin in locally on their machines on SITE1 so they use the network. SITE2 are even more prone to need help. Ideally clients on SITE2 boot local OS then looks for the DC (via the internet remote on SITE1), gets authentification etc and then loads like it was on SITE1. Is there a way, I guess it might involve a way calling for authentication through the gateway shortly after POST / BOOT or similar. Or should I try and make SITE2 clinets as thin as possible, locally lock down their accounts and stick a run TS after general logon ...
19th July 2009, 02:06 PM #6
So users on Site2 are currently using TS?
As srochford was saying, what you really need is another Domain Controller on Site 2. You will have some sort of VPN link between the two and each site will be on a different IP subnet.
If you set up 'sites' properly, windows will know to authenticate against the DC on it's site. It will keep both Domain Controllers in sync, and you can decide when and how often the DCs sync.
You can also set up Distributed File System (DFS). This lets you create a virtual name space e.g. \\yourdomain.com\share The files can actually be stored on site1, site2, or both. Again, you can decide when they replicate.
This will be much better than trying to access the file over the internet because the computer will first of all save the file ot the server on its site. Then the DC will replicate this over to the other site.
This won't work with database apps, e.g SIMS. You'll have to continue using TS for this.
20th July 2009, 10:00 AM #7
- Rep Power
Thanks for the replies
VPN's seem a backward step, used them before TS. And, if the previous solution does not work with SQL / SIMS users will soon get fed up swithcing around. Think I will lock down SITE2 clients and use TS
20th July 2009, 10:06 AM #8
What speed net connections have you got between the 2 sites? This is the key issue here...
20th July 2009, 12:46 PM #9
IIRC, there's a way in Server 2008 of making TS work for just one application - it appears to the user that it is a normal application window even though it is actually running remotely. (I might of dreamt that though)
Originally Posted by alan7736
If you have users from site 2, accessing files from site 1 over the vpn then, yes, any interrupts in the internet is going to cause it to stall/crash as most apps can't really cope with this. If you have 'sites' and DFS set up properly then the client is saving to a local server first and then these files can be synced by the servers according to your schedule. But this could still get problematic if you have users on both sites frequently wanting to edit the same files at the same time.
What are your users actually doing? If they are doing a mix of internet graphics flash stuff then TS could be a problem. If they are mainly accessing SIMS and doing a bit of word processing then TS is probably the easiest way.
20th July 2009, 01:18 PM #10
Remote Apps, works like a charm. You could put the difficult applications on this and have them appear (to the user) to be running locally. Set up a second domain controller on Site 2 and limit replication traffic using AD Sites and Services.
Originally Posted by eean
20th July 2009, 01:28 PM #11
Read-only DC on the second site is well worth it.
How much money do you have for the project? If using metro fibre/cable isn't an option, you could look into a WAN accelerator, like a Steelhead from Riverbed (Riverbed Technology -Steelhead Appliance Models). They're not cheap though.
20th July 2009, 01:30 PM #12
Why read only?
Surely it will just sync like magic?
20th July 2009, 01:47 PM #13
Read-only's more secure, it'll mean that while someone at the second site can still reset passwords and so on they won't be able to do anything major in AD. Massively reduces support calls if people can't mess with their DC.
Originally Posted by eean
20th July 2009, 01:49 PM #14
Just not giving them the privileges does the same thing though...
Originally Posted by jamesb
20th July 2009, 02:04 PM #15
A read-only dc also cuts down on site-site traffic a bit, since it doesn't need to push changes to the other dc. Plus if the other site doesn't have a server room/cupboard, it means anything fiddling with it physically can't do much.
By RabbieBurns in forum Comments and Suggestions
Last Post: 15th August 2008, 05:10 PM
By techyphil in forum Windows
Last Post: 3rd June 2008, 11:37 AM
By thom in forum How do you do....it?
Last Post: 1st February 2007, 02:49 PM
By drjturner in forum Wireless Networks
Last Post: 28th September 2006, 07:24 AM
By woody in forum Wireless Networks
Last Post: 2nd December 2005, 10:43 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)