1 / 28

Session 2: Core Services Design With R2

Session 2: Core Services Design With R2. Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com. Rodney Buike IT Pro Advisor Microsoft Canada rodney.buike@microsoft.com. http://blogs.technet.com/canitpro. Session Goals:. Identify core services design for Branch Offices

janine
Download Presentation

Session 2: Core Services Design With R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 2:Core Services Design With R2 Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com Rodney Buike IT Pro Advisor Microsoft Canada rodney.buike@microsoft.com http://blogs.technet.com/canitpro

  2. Session Goals: • Identify core services design for Branch Offices • Investigate the core components for branch office connectivity • Demonstrate how to implement your Branch Office foundation • Best Practices, Tools and Tips

  3. Agenda • Branch Office logical design • ISA Server 2006 • Active Directory Services Refresher • Branch Office DC prep

  4. Branch Office Logical Design • What type of branch office should you create? • Satellite • Accelerated • Autonomous • What services should be present in the office? • Domain Controller • Infrastructure Services (DHCP, DNS, WINS) • Extended Services (Application Servers, Exchange)

  5. Site Site Site Site Site Hub Site Site Site Site Ring Topology Hub and Spoke Topology Site Hub Hub Site Site Complex Topology Typical Network Topologies

  6. Typical Branch Office Scenario Branch 1 Headquarters Branch 2 Leased lines Branch 3

  7. ISA Server 2006 for Branch Offices Branch 1 • Integrated security Application filtering, BITS caching • Fast, secure access HTTP compression, traffic prioritization • Efficient management Easy deployment, fast propagation of policies Headquarters Branch 2 Site-to-site VPN Branch 3

  8. Agenda • Branch Office logical design • ISA Server 2006 • Active Directory Services Refresher • Branch Office DC prep

  9. Firewall Access Controls Firewall Application Filtering Worm and Flood Protection Intrusion Detection and Prevention Web Proxy Access Controls Web Proxy Application Filtering Logging and Reporting Real-Time Alerts Branch Office Security Solutions

  10. User User Branch Office GatewayThe Problem Pain Points Needs Easy Deployment No IT support at branch office Deploying to 100s of branch offices difficult Better Protection Software update transfers from HQ to branch slow Better Management Policy updates from HQ to branch slow requiring CSS at branch Lower Connectivity Costs Lack of compression support for traffic Bandwidth Optimization No support for traffic prioritization mechanisms Intranet Web Server Exchange External Web Server ISA 2006 Appliance Array BRANCH OFFICE DMZ CSS Internal Network Internet S2S VPN SharePoint Active Directory HEAD QUARTERS CSS Administrator

  11. Intranet Web Server Exchange External Web Server ISA 2006 Appliance Array User BRANCH OFFICE DMZ CSS Internal Network Internet S2S VPN SharePoint Active Directory HEAD QUARTERS User Administrator Branch Office GatewayThe Solution New ISA Server 2006 Features Needs Easy Deployment Unattended Installation Answer Files Branch Office Connectivity Wizard Better Protection Software update caching using BITS Better Management Faster policy propagation needing only central CSS at HQ Lower Connectivity Costs HTTP Compression and range compression and caching Bandwidth Optimization Support for DiffServ

  12. Branch Office GatewayKey Differentiating Points Easy Integration with Existing Branch Office Infrastructure Integrated Application-Layer Firewall Provides Added Protection Integrated Cache Functionality Increases Speed Integrated S2S VPN Functionality Lowers TCO Centralized Management from HQ

  13. Demo Connecting the Branch Office with ISA 2006 …

  14. Site to Site VPN Technologies • Point to Point Tunnelling Protocol (PPTP) • Layer 2 Tunnelling Protocol (L2TP) • Layer 2 Tunnelling Protocol over IPSec • Pre-shared Keys • Certificates

  15. Branch Office Connectivity Wizard

  16. Demo Creating a Site-to-Site VPN Answer File …

  17. Agenda • Branch Office logical design • ISA Server 2006 • Active Directory Services Refresher • Branch Office DC prep

  18. No No Yes It Depends! Do not place DC Yes Yes Yes Logon good? WAN link stable? Are DCs physically secure? Admin for DCs? No No No 24x7 required? Yes Place DC DC Placement

  19. DC-1 DC-2 DC-3 Intrasite replication connection over LAN DC-4 DC-5 Intersite replication connection over WAN Active Directory Replication Toronto Site Churchill Site

  20. No Do not place GC No No No Place DC and enable UGMC Roaming users? App that requires a GC? > 100 Users? Yes Yes Yes Yes Place GC Global Catalog Placement WAN link to GC

  21. Site Functions Domain Site 1 Site 3 Site 2

  22. Include subnet of location in the closest site No No Yes Yes Is DC at location? Site required by apps? Create site for location Creating Sites

  23. Agenda • Branch Office logical design • ISA Server 2006 • Active Directory Services Refresher • Branch Office DC prep

  24. Connecting Branch OfficesDC from Media Scenarios • Scenarios: • DC needed at remote office • Useful for low bandwidth sites • Benefits: • Allows Active Directory data to be restored rather than replicated across network

  25. Large Site Branch Office 128K Connecting Branch OfficesCreate Domain Controller from Replica • Back up system state on DC and copy to CD • Restore data on system that will become new DC • Run “DCPromo /adv” • Decreases initial replication of domain data

  26. Demo Preparing the Branch Office for Active Directory …

  27. Summary • Going beyond simple connectivity helps enable a secure and optimized branch office • You can achieve Authentication, authorization and reliability through proper directory services design • With proper planning, minimal steps are required to get core services and infrastructure deployed in the branch

  28. Join us for the next session on: Session 3:Extended Branch Services Design

More Related