Citrix -----Original Message----- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2008 12:28 PM To: NT System Admin Issues Subject: Re: Remote Location AD Question
You must not have any overseas or other high-latency links to your offices. One example will demonstrate what I mean: Using Windows Explorer to browse the US file server from either our AU (40 people) or UK (20 people) offices, there are some directories - fairly large one, but under 1k files in the directory - that take as much as 30 minutes to paint the screen. Yes, we could mitigate some of that with a Riverbed or other caching appliance, but those cost money too. We've chosen to mitigate it with a Win2k TS server - we're hesitant about going to Win2k3 because of cost for the CALs. I'll probably use our new SonicWal SSL VPN appliance to mitigate some of this, by exporting shares over a web interface - that should be much quicker to browse. Requiring all browsing to go through the US office would be insane, and siting a DC/GC in each office is pretty much required, along with an Exchange and file server. Kurt On Mon, Jul 7, 2008 at 8:53 AM, David Mazzaccaro <[EMAIL PROTECTED]> wrote: > Everything goes over the wire, including internet access. There are no > servers at the remote locations. > > As for IP addresses: > Office1 = 192.168.50.0/24 > Office2 = 192.168.51.0/24 > Office3 = 192.168.53.0/24 > Etc. > > > -----Original Message----- > From: Joe Heaton [mailto:[EMAIL PROTECTED] > Sent: Monday, July 07, 2008 11:46 AM > To: NT System Admin Issues > Subject: RE: Remote Location AD Question > > What do you guys use for IP assignment? We have 3 remote offices, each > with less than 15 users, that I'd love to get to a point of not having a > DC there. Do you have member server in place for files, etc? Or do you > have everything going over the wire to your central site? > > > Joe Heaton > > -----Original Message----- > From: Steven Peck [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 02, 2008 9:32 AM > To: NT System Admin Issues > Subject: Re: Remote Location AD Question > > You definitely want those workstations joined to the domain. GPO for > management, Anti-virus updates, patch management, reporting/inventory of > the systems, remoting in for troubleshooting etc. Logon traffic for 50 > workstations across a t1 is negligible as long as latency is low. > > On Wed, Jul 2, 2008 at 9:14 AM, David Mazzaccaro > <[EMAIL PROTECTED]> wrote: >> We don't use RDP, but rather ICA (Citrix) and it works great - all >> their apps are available. >> As for locking down - we use GPOs rather than locking them down >> individually. >> >> >> ________________________________ >> From: N Parr [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, July 02, 2008 9:53 AM >> To: NT System Admin Issues >> Subject: RE: Remote Location AD Question >> >> Thanks, I guess I won't worry about it for now. It's just a shipping >> warehouse at the moment and I'll be ok as long as they don't decide to > >> put office staff at the location. >> ________________________________ >> From: David Mazzaccaro [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, July 02, 2008 8:37 AM >> To: NT System Admin Issues >> Subject: RE: Remote Location AD Question >> >> I have a remote location w/ 30 workstations and IP phones, no remote >> DC, connected over a MPLS VPN T1 circuit. >> >> Works great! Less filling! >> >> >> >> >> >> >> >> ________________________________ >> >> From: N Parr [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, July 02, 2008 9:23 AM >> To: NT System Admin Issues >> Subject: Remote Location AD Question >> >> >> >> How many member workstations would you put at a remote location >> connected with a Site to Site VPN over a T-1 without a local DC? Only > >> other traffic on the line will be an IP phone, random print jobs and >> RDP sessions from remote workstations. What I'm thinking is since >> these remote workstations will run everything over their RDP sessions >> I shouldn't even bother making them domain members. Just lock them > down and only allow them access to RDP. >> >> Thanks >> >> Niles >> >> >> >> >> >> >> >> > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
