Site
topology in Windows Server 2008 R2’s AD DS has been engineered in a way
to be adaptable to network environments of all shapes and sizes.
Because so many WAN topologies exist, a subsequently large number of
site topologies can be designed to match the WAN environment. Despite
the variations, several common site topologies are implemented, roughly
following the two design models detailed in the following sections. These real-world models detail how the Windows Server 2008 R2 AD site topology can be used effectively.
Viewing a Hub-and-Spoke Replication Design
CompanyA is a glass
manufacturer with a central factory and headquarters located in Leuven,
Belgium. Four smaller manufacturing facilities are located in Marseille,
Brussels, Amsterdam, and Krakow. WAN traffic follows a typical
hub-and-spoke pattern, as diagrammed in Figure 1.
CompanyA decided to
deploy Windows Server 2008 R2 to all its branch locations and allocated
several domain controllers for each location. Sites in AD DS were
designated for each major location within the company and given names to
match their physical location. Site links were created to correspond
with the WAN link locations, and their replication schedules were
closely tied with WAN utilization levels on the links themselves. The
result was a Windows Server 2008 R2 AD DS site diagram that looks
similar to Figure 2.
Both
domain controllers in each site were designated as a preferred
bridgehead server to lessen the replication load on the global catalog
servers in the remote sites. However, the PDC emulator in the main site
was left off the list of preferred bridgehead servers to lessen the load
on that server. Site link bridging was kept activated because there was
no specific need to turn off this functionality.
This design left CompanyA
with a relatively simple but robust replication model that it can easily
modify at a future time as WAN infrastructure changes.
Outlining Decentralized Replication Design
CompanyB is a
mining and mineral extraction corporation that has central locations in
Duluth, Charleston, and Cheyenne. Several branch locations are
distributed across the continental United States. Its WAN diagram
utilizes multiple WAN links, with various connection speeds, as
diagrammed in Figure 3.
CompanyB recently
implemented Windows Server 2008 R2 AD DS across its infrastructure. The
three main locations consist of five AD DS domain controllers and two
global catalog servers. The smaller sites utilize one or two domain
controllers for each site, depending on the size. Each server setup in
the remote sites was installed using the Install from Media option
because the WAN links were not robust enough to handle the site traffic
that a full dcpromo operation would involve.
A site link design scheme, like the one shown in Figure 4,
was chosen to take into account the multiple routes that the WAN
topology provides. This design scheme provides for a degree of
redundancy as well, because replication traffic could continue to
succeed even if one of the major WAN links was down.
Each smaller site was
designated to cache universal group membership because bandwidth was at a
minimum and CompanyB wanted to reduce replication traffic to the lowest
levels possible, while keeping user logons and directory access prompt.
In addition, traffic on the site links to the smaller sites was
scheduled to occur only at hour intervals in the evening so that it did
not interfere with regular WAN traffic during business hours.
Each domain controller in the
smaller sites was designated as a preferred bridgehead server. In the
larger sites, three domain controllers with extra processor capacity
were designated as the preferred bridgehead servers for their respective
sites to off-load the extra processing load from the other domain
controllers in those sites.
This
design left CompanyB with a robust method of throttling replication
traffic to its slower WAN links, but at the same time maintaining a
distributed directory service environment that AD provides.
