1. Rick Claus IT Pro Advisor Microsoft Canada rick.claus@microsoft.com Rodney Buike IT Pro Advisor Microsoft Canada rodney.buike@microsoft.com http://blogs.technet.com/canitpro Session 3: Extended Branch Services Design

2. Session Goals: Provide insight into what extended services can be implemented at Branch OfficesProvide insight into what extended services can be implemented at Branch Offices How to configure and tune Active Directory, DFS for the BranchHow to configure and tune Active Directory, DFS for the Branch Protecting mission critical components in a distributed networkProtecting mission critical components in a distributed network Best Practices, Tools and TipsBest Practices, Tools and Tips

3. Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

4. Advantages/Disadvantages Control is centralizedControl is centralized Monitoring and management processes can be standardizedMonitoring and management processes can be standardized Replication of data to branch can reduce the impact of WAN problemsReplication of data to branch can reduce the impact of WAN problems Processes support quick response to local business needsProcesses support quick response to local business needs Security risks in branch office can increase risks to corporate dataSecurity risks in branch office can increase risks to corporate data Accelerated Branch Office Infrastructure Topologies Hub Site Branch Office Directory servicesDirectory services DHCP, DNS, WINSDHCP, DNS, WINS File and PrintFile and Print Application servicesApplication services Messaging servicesMessaging services Management servicesManagement services Directory servicesDirectory services DHCP, DNS, WINSDHCP, DNS, WINS Messaging servicesMessaging services Management servicesManagement services Directory servicesDirectory services DHCP, DNS, WINSDHCP, DNS, WINS File and PrintFile and Print Application servicesApplication services Messaging servicesMessaging services Management servicesManagement services

5. 128K Connecting Branch Offices Create Domain Controller from Replica Large Site Branch Office

6. Connecting Small Offices UGMC Scenarios Scenarios:Scenarios: –Branch offices connected to a Global Catalog server with a low speed WAN link –Offices experiences slow logons due to Universal Group Membership processing Benefits:Benefits: –Faster logon without a Global Catalog server in the site

7. Connecting Branch Offices Universal Group Membership Caching 128K Univ Groups Large Office GCGC Query Branch Office DC Universal Group 1 Universal Group 2 Logon is faster because group memberships are cached locally!

8. Demo Demo Creating a Branch Office Domain Controller … …

9. Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

10. Site Functions Domain Site 1 Site 2 Site 3

11. Default-First- Site-Link Site Links TOR MTL VAN TOR-MTL TOR-VAN MTL-VAN Connection Transports RPC over IP SMTP

12. Site Link Cost TOR-MTL Available KBpsCost 9.61042 19.2798 38.4644 56586 64567 128486 256425 512378 1024340 2048309 4096283 TOR-VAN MTL-VAN KBps: 256 Cost: 425 KBps: 9.6 Cost: 1024 KBps: 256 Cost: 425 TORMTL VAN

13. Demo Demo Configuring Active Directory in the Branch Office … …

14. Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

15. Distributed File System Overview Toronto Vancouver Branch Office User Virtual Namespace

16. Data Publication Distribute Content Reliable Access DFS Deployment Scenarios Data Collection Consolidate Content Back Up Data Loose Collaboration Local Access Content Sharing

17. DFS Namespace Features Windows Server 2003 Windows Server 2003 R2 Site Proximity Sorting Multiple DFS NamespacesUNC Path SupportImproved Management ToolsLink Target PrioritizationImproved Fail-Back Control

18. DFS Replication Features Connection typeSave full 3.5MBSave with RDC 56Kbps modem10 minutes3 seconds 500Kbps DSL70 seconds<1 second Uses Remote Differential Compression Active Directory Based Configuration

19. Remote Differential Compression File.txt Updated file Sending Server Receiving Server The quick fox jumped over the lazy dog who was asleep. The quick fox jumped over the lazy dog who was asleep. The quick fox jumped over the lazy brown dog who was asleep. Request file Differential hashes Transfer changes the lazy brown dog Request changes

20. DFS Replication Requirements Not between forests Between different domains in a forest Update Active Directory schema DFS classes and attributes Windows 2000 or 2003 domain controllers Cross-file RDC Requires Enterprise or Data Center

21. Demo Demo Configuring DFSR in the Branch Office … …

22. Starting DFS DFS Namespace Primary Member 1. Domain Controller Replication 2. DFS Member Server Polls AD 3. Replication

23. Agenda Installing Branch DCInstalling Branch DC Site Design considerationsSite Design considerations Distributed File System and Remote Differential CompressionDistributed File System and Remote Differential Compression Protecting Mission Critical ServicesProtecting Mission Critical Services

24. Reference Network

25. Mission Critical Services Live Communications Server SharePoint Server Exchange Servers ISA Server Windows SMTP Server VirusesWorms IM and Documents Antigen Antigen Antigen Antigen E-mail Antigen Layered Defenses Integration with Infrastructure Protection from Latest Threats

26. Multiple Layers of Protection

27. Multiple Technologies Signature Files Heuristics SandboxingPhishing Detection

28. Scan Engine #1 Scan Engine #2 Scan Engine #3 Scan Engine #4 Antigen Multiple Engine Scanning Scan Engine #1 Scan Engine #2 Scan Engine #3 Scan Engine #4

29. Demo Demo Protecting with Antigen Security for Exchange … …

30. Session Summary Implement DCs & GCs in Branch Offices enable you to extend mission critical services out beyond HQImplement DCs & GCs in Branch Offices enable you to extend mission critical services out beyond HQ Site definitions with proper Cost values are required for proper DFS FailoverSite definitions with proper Cost values are required for proper DFS Failover Multi-layered defences for your mission critical applications are your best approach to securityMulti-layered defences for your mission critical applications are your best approach to security

31. Join us for the next session on: Session 4: Ongoing Management and Optimization