Active Directory Domain Services In Server 2008

[Yekini]

Hello Everyone,

My name is Yekini and I have been studying Active Directory 2008 for some time now and so far, everything has been going great; until I started studying and trying to master inter-site replications in Active Directory Sites & Services. Yes, we have intra-site and inter-site replications. In a nutshell, I completely I understood the whole concepts and configurations that needs to be down in Active Directory Sites & Services in order to implement inter-sites replications.

I also understand with the basic fundamental principle of TCP/IP addressing system, private ip addresses scheme are non-routable on the public network (internet) unless a default gateway is created and configured to allow private networks to route traffic to the internet.

This is my question:

Supposing I'm having a domain controller (DC1) in Japan with say 192.168.10.0 network and DC2 in New York with say 10.10.10.0 network. We know that these are all private class of ip addresses. I can create sites, subnets, site links, bridgehead servers and all that good stuff in Active Directory Sites & Services.

Now, this is the problem:

Now, after creating all that good stuff in Active Directory Sites & Services;

1. How can DC1 in Japan with a private ip address communicate and transfer data back and forth across the WAN link (T1) with DC2 in New York with also a private class of ip address?

2. Are some configurations supposed to be made on the individual networks (DC1&DC2) default gateways in order to pass this replications traffic?

3. Am I supposed to create a site to site vpn connection for the 2 locations? (Note: I just read this technology, but some administrators use it as a backup instead of the mean WAN connections).

4. In a nutshell, what do I do in order to replicate data back and forth between these DCs?

I took time to explain all this so that you can understand my problem. Please assisting me in this direction would go a long way to enhancing my understanding in Active Directory Domain Services in Windows Server 2008.

Thank you to you all in advance and I'm looking forward to hearing from you guys soon.

Regards,
Yekini

 

[mmthomas]

Hi, Yekini,

While the question you have relates to inter-site replication, it is really a routing question.

Your default gateways at all of your sites need to have a route to get to the other sites.

For example, let's say that in Japan the default gateway is 192.168.10.1. If that is your firewall, it may also have the WAN connection plugged in directly or it may be an end point for a site-to-site VPN. If you use a firewall-to-firewall VPN, you will usually configure it so that it knows what network is at the opposite end, e.g. 10.10.10.0. In that case, when a DC in Japan wants to replicate to a DC in NY, it sends the packets to the default gateway. The gateway knows that the VPN is used to get traffic to the 10.10.10.0 network, and the packet goes merrily on its way. With a WAN link, you will probably need to enter a static route in your gateway and/or firewall devices, so that they know that if they receive a packet addressed to the 10.10.10.0 network, they need to send it to the WAN interface address.

So, Active Directory doesn't care if you use a WAN connection, site-to-site VPN, dedicated dialup, etc. It is all handled in the routing of your other network devices (routers, firewalls, etc.)

I hope that makes sense.

Matt