General discussion


Logging into domain over VPN

By smurphy@completeitsolutio ·
Hoping to get some feedback from anyone who may be doing or have tried this before. I've got a central office and 6 remote offices running cisco hardware based vpn routers. The links seam very stable. We've been running in a workgroup design up to this point. Most remote offices run a fractional T1 (256k-384k), some run DSL. Main office runs DSL at 3.0M down / 512K up. We want to move to a domain model (we currently only run a domain within the main office). Is it possible to authenticate over such a link? I'm not even going to try and store user documents on the server as I'm sure the links will be to slow. But if we could authenticate to the domain I could run several services I can't run now. One example amoung many is that I could run backups from their local machines to a NAS device then to tape. Any thoughts on performance, or is this a theoretical pipe dream?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Logging into domain over ...

this should work fine. same as when you were a workgroup. vpn is supposed to be tranparent to the dc, it's like a user just on the lan logging on to the domain. my worry would be making sure all my remote clients were latest windows service packs and cisco vpn client version and firmware in the routers. what os on the domain controller? cisco surely could help you with this...

Collapse -

by CG IT In reply to Logging into domain over ...

yeah 128k and below is a slow link so if your above that, and utilization on the line isn't 50% or greater including overhead, and the remote sites have no servers and a very small # of users, using the main office DC for log in shouldn't bottle up that 512k up line.

If worse comes to worse, you can get a server into the remote sites [not some big ole expensive dual processor, SCSI, hefty one, just something to run Windows server and GC role]. Make it a Global Catalog and local file storage. You can do DC replication at night when no one is using the network.

Collapse -

by CG IT In reply to

backups I dunno. Backups to a NAS over a DSL line will chew up bandwidth big time. Lot of data to send.

Collapse -

Thanks for the comments. The DC is a win2k server box. 95% of the clients are win2k pro machines, with a 95/98 straggler out there every now and then. No big problem, might finally force an upgrade! We'll have to see about the backups. I was thinking of running one building per night, from say 7pm to 7am. As long as the data gets through, I'll be ok. We've only got 5-8 machines per building, and if I'm selective about the backup (say, my docs, mail folders, etc) we probably don't have but 100 - 200 megs per machine on a complete backup. Incrementals would be even smaller. I'd say if I could push a max of 1GB (might only be half that, not sure) in a 12 hour time frame, we're looking at a max of around 80 megs an hour in a worst case scenario. I ran a quick and dirty test between two of the vpn sites using a ftp and got about 99 MB/hour. We'll see if it holds up or not. Thanks again!

Related Discussions

Related Forums