Answer the question
In order to leave comments, you need to log in
How to organize IT structure correctly?
Hello everyone The
question is banal, but over the implementation options I broke my whole head.
There are a lot of them and every time there is some kind of flaw that forces the whole scheme to be redone.
Total:
There is a central server with all the consequences.
A branch is opened in another city
1. Branch employees must work in 1s of the Central Office (solution: we raise a VPN tunnel, set up a terminal server in the DMZ of the central office)
2. There must be full access to the branch network from Central Access (solution: we raise a VPN tunnel, configure trust relationships between domains)
3. Employees of the branch upon arrival at the central office (business trips) should work as they do in their office (solution: ..... need help with options)
4. There should be a common ball between the Central Office and the Branch (solution: we raise the VPN tunnel, there are darkness beyond the options, I will not describe everything, I think to implement connecting an external network drive via IP)
Question - are the selected options normal or is there a better one? And I need advice on point 3.
ps It was over the option to organize a Terminal Server in the Central Organ and give everyone remote access to it _))
Answer the question
In order to leave comments, you need to log in
Does a branch office need its own domain? Why not use a ReadOnly branch domain controller in the same domain as the one deployed at the head office?
Why not take an IPSec tunnel? It, having established a connection between two gateways, unites equivalent local networks), static routes are registered on the Internet gateway, and clients no longer care about the resources in which network to connect to.
The main thing is that the necessary domain zones are registered on the DNS on each side, but this is precisely what is solved by deploying a ReadOnly DC with its own DNS.
If it is a separate domain in the branch that is needed, then the client who moves from one network to another must configure the network with the Main Gateway of the network to which he arrived, and leave the DNSs from his own domain (via ipsec they will be available if gateway gives a route to them).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question