WAN Recommendations for Windows 2000

[Interflex]

I currently have one office with about 30 users and we will be opening
an office soon with another 30 users in another physical location. I
currently have one domain, use ISA server, and use Exchange 2000 for
email.

Does anyone have recommendations how I can connect the new office to
the current office? Do I require a trusted domain, child domain, or
are they on the same domain? Any advice would be appreciated.

Thanks,

Jane

 

[Steve Riley [MSFT]]

Do you want to have distributed control of the IT assets at each location,
or centralize all control in the first office?

Centralized is probably easier for you. Put another ISA Server in the second
office and create a site-to-site VPN between the two ISA Servers. Have all
the users and computers in the second office join the existing domain you
have now. They'll also be using the Exchange server in that first office.

This does, however, mean that for the people in the second office to be productive,
connectivity must remain up between the two offices. If this is a problem
for you, you can use different designs but it will make your work more complex.
You could keep with one domain and have a domain controller (or two) in the
second office; the DCs in both offices will replicate with each other over
the VPN. Make all DCs global catalogs and users could log in at the second
location even if connectivity to the first is down -- but they won't have
email. If you need email, then you'd also build an Exchange server for that
office and configure the mailboxes for all those users to be in that office's
Exchange server. Like the DCs, the Exchange servers will communicate with
each other over the VPN.

If you want even more isolation you could build a separate domain in the
forest, or even a separate forest, but given the size of your offices I don't
think you need to do that.

Steve Riley
(e-mail address removed)

 

[Leythos]

I currently have one office with about 30 users and we will be opening
an office soon with another 30 users in another physical location. I
currently have one domain, use ISA server, and use Exchange 2000 for
email.

Does anyone have recommendations how I can connect the new office to
the current office? Do I require a trusted domain, child domain, or
are they on the same domain? Any advice would be appreciated.

Even if you setup the remote office so that it's not part of the 2000
network, you should still setup a simple IPSec tunnel between your
network and the remote network.

Doing the tunnel will allow you to provide remote support, allow them to
access your Exchange server via the tunnel (so everything is encrypted
while moving between locations) and also allow you to share files with
them.

I never use ISA, but there should be a way to build a simple IPSec
tunnel between your office and theirs.

 

[Herb Martin]

I currently have one office with about 30 users and we will be opening
an office soon with another 30 users in another physical location. I
currently have one domain, use ISA server, and use Exchange 2000 for
email.

Does anyone have recommendations how I can connect the new office to
the current office? Do I require a trusted domain, child domain, or
are they on the same domain? Any advice would be appreciated.

You WAN connectivity is somewhat unrelated to
your need for a child or trusted domain.

Microsoft invented SITES in Win2000 (AD) to
eliminated most of the need for separate domans
JUST because of WAN issues.

How about keeping it simple, connect them both
to the Internet and use a VPN?

Or arrange a dial-up using phone or ISDN for
a direct RRAS connection.

In both cases you can use the built-in Win2000
server RRAS or even the workstation dial-up/VPN
on the client side if you have no server at the remote
site.