Remote Offices

zetec452 · 2 Mar 2010 at 00:51

Hey,

I've been tasked with planning two new offices in Hong Kong and China and to integrate them into our network. 90% of our staff will reside in Canada along with our data so I'm thinking Terminal Services and VPN's.

However, I would like some advice on the kit and whether or not I need a server? The offices will have 5-15 people initially so I'm thinking of popping a small server in for local auth and DNS, maybe a small DFS share to sync local files. What do you think? I think this will work under one AD domain, we have very little change to AD.

Cheers,

Jon

Yamahahahahaha · 2 Mar 2010 at 12:14

I would agree that you need a server for AD, local auth, patching and file management.

DFSr is very useful, though it depends on how documents are worked on. If it's just to centralise the storage of the files worked on in China + Hong Kong back to the Canadian offices out of hours, then that sounds good!
You really don't want work lost because it gets overwritten by someone who edited it before DFS replicated the changes across. It's not a real time solution.

If you have Cisco routers at the Canadian sites, their VPN tunnels are good enough for joining up the offices. As the Asian sites grow, you can look at more proper VPN solutions.

DiscoDave · 2 Mar 2010 at 12:20

Local AD server would be useful, and a Read Only Domain Controller (RODC) will be ideal in this environment for security issues (with password replication settings in place). I would also look into creating a separate site in your AD schema and assign relevant subnets to it to ensure that your users will always be logging on their local AD server and not from your main office.

How likely is it that these sites will grow? if its unlikely then its probably not an issue keeping to a single AD domain. If there may be future plans to expand you may want to implement putting a child domain in each (china.companyname.local/hongkong.companyname.local)

A firewall and a site to site VPN would be the best way to go. if you can implement them without any additional hardware depends on what you already have in place, as Yama has already suggested.

zetec452 · 2 Mar 2010 at 13:31

Cheers chaps. I had forgotten about the RODC, it will most definitely use that. Probably won't be using sub domains in AD just yet as tbh it'll be more of a headache than anything. Decent OU's and group policies should keep me in check.

I have a sonicwall here and will use a restricted site to site vpn with another sonicwall at the other end with a bit of web content filtering and IDS etc. Its a decent small business product.

DFS would be used for the remote office sales papers and such I guess, just so they have something locally, everything else will be at HQ. The DFS for now is a floating idea. It may or may not be implemented.