Remote site w/o VPN?

[Fritz]

I'm considering creating a remote site without VPN. The site will have a
DCs that will need to talk to the main site's DCs - that's the only traffic
that will have to get across the internet from site A to site B (for the
purpose of this conversation). Do I need VPN between sites or do domain
controllers encrypt connections by default?

Thanks in advance!

 

[Herb Martin]

I'm considering creating a remote site without VPN. The site will have a
DCs that will need to talk to the main site's DCs - that's the only
traffic that will have to get across the internet from site A to site B
(for the purpose of this conversation). Do I need VPN between sites or do
domain controllers encrypt connections by default?

DCs sort of encrypt traffic but a VPN would be better if you must cross
the Internet.

 

[Fritz]

Herb,
Thanks for the response. Would you mind explaining or pointing me to an
article that explains how DCs "sort of" encrypt traffic?

Thank you!

 

[Herb Martin]

Herb,
Thanks for the response. Would you mind explaining or pointing me to an
article that explains how DCs "sort of" encrypt traffic?

I don't know that there is one that goes beyond the following:

DCs setup a (supposedly) secure channel for doing replication.
The replication traffic is usally also compress between sites (but
no guarantee on the compression part since it kicks in at a minimum
size of transfer.)

In a private discussion with one of the AD developers at a TechEd,
he warned me that the traffic was merely "obfuscated" but not
technically encrypted in such a way as to make it fully secure.

 

[Brian Desmond [MVP]]

Please don't do this. You're going to cause yourself more trouble than its
worth. Why can't you just build a simple encrypted tunnel between the sites.

--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com