Rick Claus IT Pro Advisor Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada Session 3: Extended Branch Services Design

Session Goals: Provide insight into what extended services can be implemented at Branch OfficesProvide insight into what extended services can be implemented at Branch Offices How to configure and tune Active Directory, DFS for the BranchHow to configure and tune Active Directory, DFS for the Branch Protecting mission critical components in a distributed networkProtecting mission critical components in a distributed network Best Practices, Tools and TipsBest Practices, Tools and Tips

Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

Advantages/Disadvantages Control is centralizedControl is centralized Monitoring and management processes can be standardizedMonitoring and management processes can be standardized Replication of data to branch can reduce the impact of WAN problemsReplication of data to branch can reduce the impact of WAN problems Processes support quick response to local business needsProcesses support quick response to local business needs Security risks in branch office can increase risks to corporate dataSecurity risks in branch office can increase risks to corporate data Accelerated Branch Office Infrastructure Topologies Hub Site Branch Office Directory servicesDirectory services DHCP, DNS, WINSDHCP, DNS, WINS File and PrintFile and Print Application servicesApplication services Messaging servicesMessaging services Management servicesManagement services Directory servicesDirectory services DHCP, DNS, WINSDHCP, DNS, WINS Messaging servicesMessaging services Management servicesManagement services Directory servicesDirectory services DHCP, DNS, WINSDHCP, DNS, WINS File and PrintFile and Print Application servicesApplication services Messaging servicesMessaging services Management servicesManagement services

128K Connecting Branch Offices Create Domain Controller from Replica Large Site Branch Office

Connecting Small Offices UGMC Scenarios Scenarios:Scenarios: –Branch offices connected to a Global Catalog server with a low speed WAN link –Offices experiences slow logons due to Universal Group Membership processing Benefits:Benefits: –Faster logon without a Global Catalog server in the site

Connecting Branch Offices Universal Group Membership Caching 128K Univ Groups Large Office GCGC Query Branch Office DC Universal Group 1 Universal Group 2 Logon is faster because group memberships are cached locally!

Demo Demo Creating a Branch Office Domain Controller … …

Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

Site Functions Domain Site 1 Site 2 Site 3

Default-First- Site-Link Site Links TOR MTL VAN TOR-MTL TOR-VAN MTL-VAN Connection Transports RPC over IP SMTP

Site Link Cost TOR-MTL Available KBpsCost TOR-VAN MTL-VAN KBps: 256 Cost: 425 KBps: 9.6 Cost: 1024 KBps: 256 Cost: 425 TORMTL VAN

Demo Demo Configuring Active Directory in the Branch Office … …

Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

Distributed File System Overview Toronto Vancouver Branch Office User Virtual Namespace

Data Publication Distribute Content Reliable Access DFS Deployment Scenarios Data Collection Consolidate Content Back Up Data Loose Collaboration Local Access Content Sharing

DFS Namespace Features Windows Server 2003 Windows Server 2003 R2 Site Proximity Sorting Multiple DFS NamespacesUNC Path SupportImproved Management ToolsLink Target PrioritizationImproved Fail-Back Control

DFS Replication Features Connection typeSave full 3.5MBSave with RDC 56Kbps modem10 minutes3 seconds 500Kbps DSL70 seconds<1 second Uses Remote Differential Compression Active Directory Based Configuration

Remote Differential Compression File.txt Updated file Sending Server Receiving Server The quick fox jumped over the lazy dog who was asleep. The quick fox jumped over the lazy dog who was asleep. The quick fox jumped over the lazy brown dog who was asleep. Request file Differential hashes Transfer changes the lazy brown dog Request changes

DFS Replication Requirements Not between forests Between different domains in a forest Update Active Directory schema DFS classes and attributes Windows 2000 or 2003 domain controllers Cross-file RDC Requires Enterprise or Data Center

Demo Demo Configuring DFSR in the Branch Office … …

Starting DFS DFS Namespace Primary Member 1. Domain Controller Replication 2. DFS Member Server Polls AD 3. Replication

Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

Reference Network

Mission Critical Services Live Communications Server SharePoint Server Exchange Servers ISA Server Windows SMTP Server VirusesWorms IM and Documents Antigen Antigen Antigen Antigen Antigen Layered Defenses Integration with Infrastructure Protection from Latest Threats

Multiple Layers of Protection

Multiple Technologies Signature Files Heuristics SandboxingPhishing Detection

Scan Engine #1 Scan Engine #2 Scan Engine #3 Scan Engine #4 Antigen Multiple Engine Scanning Scan Engine #1 Scan Engine #2 Scan Engine #3 Scan Engine #4

Demo Demo Protecting with Antigen Security for Exchange … …

Session Summary Implement DCs & GCs in Branch Offices enable you to extend mission critical services out beyond HQImplement DCs & GCs in Branch Offices enable you to extend mission critical services out beyond HQ Site definitions with proper Cost values are required for proper DFS FailoverSite definitions with proper Cost values are required for proper DFS Failover Multi-layered defences for your mission critical applications are your best approach to securityMulti-layered defences for your mission critical applications are your best approach to security

Join us for the next session on: Session 4: Ongoing Management and Optimization