How Do I Setup My AD Sites??
So another long while has passed since I last updated my blog- well in my defence I work for a living - haha, what a thought... No seriously, I have taken on a few new responsibilities in the office and well, they seem to consume a lot more of my time.
For those interested in what I am doing now check back shortly, I will be posting some personal news in the next couple of days.
For now, I want to talk a bit about Active Directory Sites.
Now as most of us undoubtedly know by now, and some are about to find out, a huge change in Exchange 2007 is site based routing. This means no more routing groups, Routing Group Connectors etc. and centralized, single point setup of your domain topology. Obviously, this streamlines administration but can also complicate matters for your organization if your site structure is not setup correctly.
So what are AD Sites? Well they are a logical representation of your network connectivity between the physical locations which your domain stratches to. They can be setup, configured and viewed from the Active Directory Sites & Services MMC snap in.
By Default a single Defaul-First-Site-Name site is created and a Default-Site-Link with a global cost of 100 is also created. Now this assumes all domain controllers have the same high bandwidth network link (in this case, single location & all connected to LAN). This is fine for you if you only have a single site with a single domain and do not plan on growing in the future.
However, should you have multiple sites, with multiple WAN Links and Domain controllers all interconnected then you should definitely setup sites & services according so that the AD Replication, client authentication etc can be taken care of accordingly.
So how do you do this? Well its pretty simple, consider the following example:
ZimWave is a multi-national company which specializes in network consultancy. They have 5 offices split accross 5 different locations as follows:
Head Office - Harare, Zimbabwe 250 Users
Branch Office - Bulawayo, Zimbabwe 50 Users
Branch Office - London, England 300 Users
Branch Office - Holland 73 Users
Branch Office - Dubai, UAE 120 Users
All offices host at least 1 domain controller and are connected to at least 1 other site using WAN Connectivity as follows:
Harare - Bulawayo 256k Point 2 Point Leased Line
Harare - London 512k Internet VPN
Harare - Dubai 512k Internet VPN
London - Dubai 1Mb MPLS
London - Holland 1MB MPLS
Now you could draw this out on a piece of paper to help you understand the connectivity if you like. In fact I would recomend it. All you need to do is draw each location, then connect the locations with lines as detailed above, be sure to note down connection speeds too.
Ok, now we have a single domain, multiple sites and multiple links. Using the default topology that comes with runing the active directory installation wizzard all these locations are seen as a single site and all links considered equal. This means that ALL domain controllers will try to replicate with one another directly (even when no direct link exists) and clients will try to athenticate with any domain controller on the network with no logical preference considerations. More so, replications will be performed between domain controllers as if they were all residing on the same (local) network - no bandwidth optomization.
How do we cure this? Well we go into Active Directory Sites & Services and we first define all of our sites, first by renaming the Default First Site and then creating additional sites for the branch offices.
That being done, we now create new IP Site Links which represent our routing topology. We then associate a cost to each site link which reflects the speed of the connection between them.
For this scenario, it should look something like this:
Site Link Cost
HRE to BYO 600
HRE to LON 200
HRE to DXB 200
LON to DXB 100
LON to HOL 100
Link Costs are assigned according to the speed of the connection between sites, the faster the link the lower the cost of transmitting data over it.
As a best practice, all sites with the same link speed should bear the same standard cost and all slower links should bear a minimum cost which is the total of all the links of higher speed.
In this instance, the fastest links are between London, Holland & Dubai (1mbps) and therefore these links carry the lowest cost. (100)
The next fastest links are between Harare, London & Dubai (512kbps) and therefore they are assigned a minimum cost which amounts to the total of all faster links. (Lon to DXB + Lon to Hol = 200)
Finally, the slowest link exists between Harare and Bulawayo, again the same rule applies here, the mimimum cost of the link should amount to the total of all faster links on the network.
(Lon to DXB + Lon to Hol + HRE to DXB + HRE to Lon = 600)
The Default Site Link should now be deleted.
Having configured your sites & site links, at this point you are ready to begin assigning your different networks to the specific sites. This is done by adding each physical locations network address range to the subnets and assigning each subnet to its respective site.
Once all subnets have been assigned to sites, it is now time for you to move the domain controllers into their respective sites.
Allow for replication to take place.
Now that you have correctly setup the sites & services of the domain, clients will always try to login to the domain using the domain controller assigned to their site first and only after failing to contact their local DC will they try one in another location - this speeds up the login process as well as reduces WAN traffic.
Another advantage is that structured replication will now occur - for example, the London or Dubai Domain controllers will never automatically try to replicate directly with the Bulawayo Domain Controller. Same as the Harare Domain Controller will never try to directly replicate to the Holland Domain Controller. You now have a structured replication topology in which duplication of traffic is being reduced.
AD also takes into account the relative cost of replication accross site links and compensates accordingly so as not to consume too much bandwidth on any one link.
For those interested in what I am doing now check back shortly, I will be posting some personal news in the next couple of days.
For now, I want to talk a bit about Active Directory Sites.
Now as most of us undoubtedly know by now, and some are about to find out, a huge change in Exchange 2007 is site based routing. This means no more routing groups, Routing Group Connectors etc. and centralized, single point setup of your domain topology. Obviously, this streamlines administration but can also complicate matters for your organization if your site structure is not setup correctly.
So what are AD Sites? Well they are a logical representation of your network connectivity between the physical locations which your domain stratches to. They can be setup, configured and viewed from the Active Directory Sites & Services MMC snap in.
By Default a single Defaul-First-Site-Name site is created and a Default-Site-Link with a global cost of 100 is also created. Now this assumes all domain controllers have the same high bandwidth network link (in this case, single location & all connected to LAN). This is fine for you if you only have a single site with a single domain and do not plan on growing in the future.
However, should you have multiple sites, with multiple WAN Links and Domain controllers all interconnected then you should definitely setup sites & services according so that the AD Replication, client authentication etc can be taken care of accordingly.
So how do you do this? Well its pretty simple, consider the following example:
ZimWave is a multi-national company which specializes in network consultancy. They have 5 offices split accross 5 different locations as follows:
Head Office - Harare, Zimbabwe 250 Users
Branch Office - Bulawayo, Zimbabwe 50 Users
Branch Office - London, England 300 Users
Branch Office - Holland 73 Users
Branch Office - Dubai, UAE 120 Users
All offices host at least 1 domain controller and are connected to at least 1 other site using WAN Connectivity as follows:
Harare - Bulawayo 256k Point 2 Point Leased Line
Harare - London 512k Internet VPN
Harare - Dubai 512k Internet VPN
London - Dubai 1Mb MPLS
London - Holland 1MB MPLS
Now you could draw this out on a piece of paper to help you understand the connectivity if you like. In fact I would recomend it. All you need to do is draw each location, then connect the locations with lines as detailed above, be sure to note down connection speeds too.
Ok, now we have a single domain, multiple sites and multiple links. Using the default topology that comes with runing the active directory installation wizzard all these locations are seen as a single site and all links considered equal. This means that ALL domain controllers will try to replicate with one another directly (even when no direct link exists) and clients will try to athenticate with any domain controller on the network with no logical preference considerations. More so, replications will be performed between domain controllers as if they were all residing on the same (local) network - no bandwidth optomization.
How do we cure this? Well we go into Active Directory Sites & Services and we first define all of our sites, first by renaming the Default First Site and then creating additional sites for the branch offices.
That being done, we now create new IP Site Links which represent our routing topology. We then associate a cost to each site link which reflects the speed of the connection between them.
For this scenario, it should look something like this:
Site Link Cost
HRE to BYO 600
HRE to LON 200
HRE to DXB 200
LON to DXB 100
LON to HOL 100
Link Costs are assigned according to the speed of the connection between sites, the faster the link the lower the cost of transmitting data over it.
As a best practice, all sites with the same link speed should bear the same standard cost and all slower links should bear a minimum cost which is the total of all the links of higher speed.
In this instance, the fastest links are between London, Holland & Dubai (1mbps) and therefore these links carry the lowest cost. (100)
The next fastest links are between Harare, London & Dubai (512kbps) and therefore they are assigned a minimum cost which amounts to the total of all faster links. (Lon to DXB + Lon to Hol = 200)
Finally, the slowest link exists between Harare and Bulawayo, again the same rule applies here, the mimimum cost of the link should amount to the total of all faster links on the network.
(Lon to DXB + Lon to Hol + HRE to DXB + HRE to Lon = 600)
The Default Site Link should now be deleted.
Having configured your sites & site links, at this point you are ready to begin assigning your different networks to the specific sites. This is done by adding each physical locations network address range to the subnets and assigning each subnet to its respective site.
Once all subnets have been assigned to sites, it is now time for you to move the domain controllers into their respective sites.
Allow for replication to take place.
Now that you have correctly setup the sites & services of the domain, clients will always try to login to the domain using the domain controller assigned to their site first and only after failing to contact their local DC will they try one in another location - this speeds up the login process as well as reduces WAN traffic.
Another advantage is that structured replication will now occur - for example, the London or Dubai Domain controllers will never automatically try to replicate directly with the Bulawayo Domain Controller. Same as the Harare Domain Controller will never try to directly replicate to the Holland Domain Controller. You now have a structured replication topology in which duplication of traffic is being reduced.
AD also takes into account the relative cost of replication accross site links and compensates accordingly so as not to consume too much bandwidth on any one link.
Comments