1 Server, 3 Offices, VPN ALREADY working

[kryptor]

Hello all,

I currently have a VPN hardware setup so all my satellite offices are linked to head office.

This setup is done currently with a server in each location but what I am hoping to achieve is to just have 1 server to host all users files etc from.

Each office has a DHCP server configured that are handling the IP requests and the router is setup to handle the IP address swapping through each office. IE Head office: 192.168.0.x, Office1: 192.168.1.x, Office2: 192.168.3.x

What I would like to do is to have ALL offices running on the same ip range ie, 192.168.0.x

1: is this at all possible?
2: if so is it something to do with Windows Server Subnets?
3: if i setup the equipment like this then would I need to convert the routers in the sat offices to become DHCP relay agents and relay from the main server in head office?
4: OR am i just expecting too much of the OS and hardware?

Many thanks in advance for any feedback.
Dave - Confused as ususal :S

If at 1st you don't succeed then I guess your i the right place to ask why!

 

[kmcferrin]

1. Yes, but why would you do it?

2. Not subnets, but it will screw with your AD Sites, assuming that they are properly configured in the first place. AD uses the site definitions to control replication and the flow of authentication traffic. The setup that you have now is what I would design, so it puzzles me that you would move away from it. If something happens and your WAN link goes down then the remote office is dead in the water, whereas under your current design they can still get an IP address, presumably log in, print, etc (assuming that that the local server in each site is a DC and file/print server. Not to mention you will then end up handling all AD authentication across the WAN link.

3. Yes.

4. No, but I really wouldn't do or recommend what you are suggesting. I have seen cases far too many times where someone who didn't know what they were doing set up an AD environment with remote sites and didn't define any site topology. Everything is usually broken or only half works until I come in and define the sites, the separate DHCP scopes, the separate files and print servers, etc. Then everything works well. Why anyone would go in the other direction is beyond me.



________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCTS:Hyper-V
MCTS:System Center Virtual Machine Manager
MCTS:Windows Server 2008 R2, Server Virtualization
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
Certified Quest vWorkspace Administrator

 

[58sniper]

Routers are designed to route traffic between subnets. If you put everything on one subnet, what's the router going to do?

There is no value at all in doing what you're suggestiong. I agree with kmcferrin. You'd increase authentication traffic traversing your WAN, which would increase login times. You'd run into all kinds of issues.

What I would do is configured DFS on each of the servers so that you have everyone seeing essentially the same thing. This results in resiliency of your data, and, if done correctly, means you could backup your data from one location.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[kryptor]

Thanks for the reply both. Some useful information there that makes sense.

The only problem that I have is we are opening more sat offices with only a handful of machines in and I really don't want to purchase a server to have DFS setup to handle logons for possibly a maximum of 3-4 machines as this will just boost my cost again even just by purchasing an entry server with a Server license and cals.

What I would be able to do however is to setup DFS on the servers I already have in place and maybe try to link the smaller offices via VPN.

Does that sound like a reasonable thing to do?

If at 1st you don't succeed then I guess your i the right place to ask why!

 

[58sniper]

You don't HAVE to have servers in every office. If you have offices with 3-4 machines, and they're not generating oodles of traffic & files, you could elect to not put a server there, add that site's subnet to another AD site, and the users in the small site would authenticate without issue.

You'd still have to have the user CALs for Windows - regardless of whether the users logs into a server in their own office or across the WAN.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[kmcferrin]

Agreed. I would just define their subnet in AD Sites and Services as part of the central site and let it go. Logons will probably be slower than usual, and file/print access could be an issue if you deal with large files, but you can work around that.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCTS:Hyper-V
MCTS:System Center Virtual Machine Manager
MCTS:Windows Server 2008 R2, Server Virtualization
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
Certified Quest vWorkspace Administrator