Jump to content



Photo

Offsite Domain Controllers for disaster recovery


  • Please log in to reply
8 replies to this topic

#1 garethevans1986

garethevans1986

    Neowinian

  • Joined: 01-April 04
  • Location: Gogledd Cymru / North Wales

Posted 24 September 2012 - 22:18

All,

Just wondering, how many of you have (virtual or not) DC's offsite for disaster recovery purposes?

Thanks
GE


#2 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • Tech Issues Solved: 8
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 24 September 2012 - 22:20

Off-site as in, outside of the LAN totally or on the same LAN but connected at different buildings maybe via Fiber?

#3 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 21
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 24 September 2012 - 23:24

It is a good idea to have a dc at a remote location for auth purposes. You can always seize the rolls if needed. That would be good enough for dr. If it is remote enough.

#4 OP garethevans1986

garethevans1986

    Neowinian

  • Joined: 01-April 04
  • Location: Gogledd Cymru / North Wales

Posted 25 September 2012 - 09:21

Offsite could be virtual in the cloud connected using a Site to Site VPN or another building.....anything that counts as "remotely".

I'm currently looking into the virtual in the cloud options. Can anybody recommend anything?

Thanks
GE

#5 ZeroHour

ZeroHour

    Neowinian

  • Joined: 30-April 04
  • Location: Scotland

Posted 25 September 2012 - 09:27

Really it depends on the size and needs of your enterprise (small business would never need it tbh) and how fast stable your internet/vpn/site to site link it to ensure there are no issues.
I cant see a huge amount of scenarios where remote DC is needed though.

#6 mealies

mealies

    DBA

  • Joined: 06-July 04
  • Location: London

Posted 25 September 2012 - 09:53

With our setup we have servers at two locations. Each location has its own Domain Controller which can authenticate servers from both locations.

We have had one Domain Controller go tech so the remaining DC was authenticating servers at the remote site until the replacement was back up, so would recommend having spare DC's off-site.

#7 OP garethevans1986

garethevans1986

    Neowinian

  • Joined: 01-April 04
  • Location: Gogledd Cymru / North Wales

Posted 15 August 2013 - 10:15

A question for you all to do with Off site DCs and DNS.

 

Our main Office uses 10.0.0.0/16, DC/DNS are 10.0.0.20 and 10.0.0.21.

The Saltney Office uses 10.3.0.0/16, currently no DC there.

Site to Site VPN is 10.4.0.0/16 

 

I'm planning on creating a new DC in our Saltney Office. I know the servers DNS will need to be 10.0.0.20 and 10.0.0.21 so I can a) put it on the domain and b) become a DC.....but when the new DC is setup, does the DNS on the offsite DC need to change?

 

Just wondering what your setups are?

 

Thanks

Gareth



#8 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 21
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 15 August 2013 - 11:33

The ad servers need to point to themselves first then to another dc. This way if a dc goes down they can still see themselves. DNS will replicate to all so it really should always be itself in ip properties.

#9 OP garethevans1986

garethevans1986

    Neowinian

  • Joined: 01-April 04
  • Location: Gogledd Cymru / North Wales

Posted 15 August 2013 - 13:25

OK Cool. Thanks for that.

 

GE





Click here to login or here to register to remove this ad, it's free!