Planning Active Directory for Low Bandwidth Sites

Discussion in 'Active Directory' started by Ricky Chong, Jun 27, 2007.

  1. Ricky Chong

    Ricky Chong Guest

    Hi all,

    Firstly, Can AD Replication between DCs successfully replicate when the link
    is only 9.6kbps?

    The scenario is actually like this. We are a very large organization which
    has recently deployed Windows 2003 Active Directory within HQ. Current forest
    exist with a root and child domain. Previously we had approximately 200+
    Windows NT 4.0 domains within our network which we now would like to
    consolidate into a single forest if it is possible.

    We have approximately 10 regional sites which connects back to HQ on a
    128kbps connection. From the regional sites we have a total of 200 branch
    sites which are connected to the closest regional site on a 9.6kbps
    connection. The connection between branch to regional site is totally
    unreliable but because of the nature of our business, there is no
    justification to a high bandwidth link to our branches.

    Because our Point of Sale (POS) system is being upgraded, there is a
    requirement to change our structure to a single forest scenario as the
    application utilizes AD to authenticate.

    From such a scenario, what would be the best recommended deployment of
    Active Directory possible down to the branch level? As the POS application
    will be pushed down to the branches, would it be feasible to deploy DCs at
    each site bearing in mind the average users within branch level sites are
    only between 1-4 users?

    Clients utilized at branch level are only Windows NT4.0 workstations but
    there is a current process to actually upgrade them to XP or Vista.

    Any feedback concerning any experience for deploying within such scenarios
    will be much appreciated. In fact, any insight to a workable solution will be
    much appreciated.

    Many Thanks,

    regards,

    Ricky Chong
     
    Ricky Chong, Jun 27, 2007
    #1
    1. Advertisements

  2. Hi Ricky, it sounds like you have a lot of research to do. I'd start with
    the AD branch office guide which will give you recommendations on how
    replication should be setup with that many tail sites and the like.

    http://www.microsoft.com/downloads/...F6-A8A8-40BB-9FA7-3A95C9540112&displaylang=en

    If there is only 1-4 users in the furthest tails I personally dont think
    that warrants a DC.

    The slowest link we had here was to Madagascar which was 28.8 and although
    very slow to connect to troubleshoot, replication seemed to work without
    issue. I hope the doc above helps.
     
    Brad Rutkowski, Jun 27, 2007
    #2
    1. Advertisements

  3. Ricky Chong

    Jorge Silva Guest

    Hi
    9.6kbps?
    I don't see paths to runaway from the problem
    - If you decide not to have DCs at remote locations and because the App
    needs AD (as clients also need and maybe other apps) doesn't sound that the
    App will run very well under that slow and unreliable link.
    - If you decide to have DCs at remote locations then youmat endup with
    replication problems. Assuming that you're in a very large org, that
    "generally" means that you'll have a very busy AD and lots of replication
    traffic each day.
    *
    Suggestion, upgrade the links.... You can justify that by saying that
    instead of having new servers for these reomte locations (plus money spent
    in maintenance, etc) you take that money and upgrade the links.

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 27, 2007
    #3
  4. Ricky Chong

    Ricky Chong Guest

    Hey Jorge,

    Thanks for the reply. Upgrading of the links is pretty impossible actually.
    Because the sites are Nation wide, it is normally included in some of the
    most remote areas within Malaysia. Sad to say the infrastructure for Malaysia
    is not the best and it is really expensive to get lines to the areas.

    Furthermore, because of the low profits which is obtained from having
    branches in such remote sites, it is also not justifiable on the books to get
    a higher bandwidth. The concept of not placing the DC at the branch level and
    to utilize a network authentication from the PCs to the Regional site has
    also been considered.

    However, because of the requirement for the authentication for the POS
    application, this means that we require an offline mode for the application
    as well since the line gets disconnected and can be down for the whole day
    and the POS application still need to function in an offline mode. Without
    authentication, the POS system wouldn't work in an offline scenario.

    In terms of tackling with the large AD, I've been considering having a
    multiple domain scenario whereby I make the regional sites a separate child
    domains by itself within the forest. For the branches, I make them sub child
    domains of the regional site domains. I will also separate the HQ domain
    which has the most objects including Exchange servers in another branch so
    replication will be kept to a minimal.

    Understandably, the management of such a large forest is going to be a
    hellish task to manage but without resorting to such a design, I do not
    foresee how this can be accomplish. So, I was wondering if I can get advise
    from you guys to see what you think of the idea?

    Many Thanks for replying.

    regards,

    Ricky Chong
     
    Ricky Chong, Jun 28, 2007
    #4
  5. Ricky Chong

    Jorge Silva Guest

    Do you have Internet connections at these remote offies?
    You may want to get the advantage of VPN.

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 28, 2007
    #5
  6. Ricky Chong

    Ricky Chong Guest

    Unfortunately no. Company policy do not allow branches to have internet
    access. Users in branches are specifically only tellers and their computers
    are effectively nothing more than a high spec cashier machine.
     
    Ricky Chong, Jun 29, 2007
    #6
  7. Ricky Chong

    Anthony Guest

    AD seems a big overhead to run a till in a small remote and poorly connected
    branch. It sounds like the wrong kind of POS system for you,
    Anthony
    http://www.airdesk.co.uk
     
    Anthony, Jun 29, 2007
    #7
  8. Ricky Chong

    Jorge Silva Guest

    I would agree with Anthony, your POS solution doesn't fit in you current
    scenario...

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jul 4, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.