AD replication over WAN
From: Valentine M. Smith (vmsmith@grokking.org)
Date: 01/09/03
- Previous message: David Perske: "FW: Tools for changing WMI namespace ACL's"
- Next in thread: Brian W. Spolarich: "RE: AD replication over WAN"
- Maybe reply: Brian W. Spolarich: "RE: AD replication over WAN"
- Maybe reply: Jim Harrison (SPG): "RE: AD replication over WAN"
- Maybe reply: Deus, Attonbitus: "RE: AD replication over WAN"
- Maybe reply: Jim Harrison (SPG): "RE: AD replication over WAN"
- Maybe reply: Keith Smith: "FW: AD replication over WAN"
- Reply: Chris Weiscopf: "RE: AD replication over WAN"
- Maybe reply: Tom Sutherland: "RE: AD replication over WAN"
- Maybe reply: Jim Harrison (ISA): "RE: AD replication over WAN"
- Maybe reply: Kim, Anthony: "RE: AD replication over WAN"
- Maybe reply: Kim, Anthony: "RE: AD replication over WAN"
- Maybe reply: Pidgorny, Slav: "RE: AD replication over WAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Valentine M. Smith" <vmsmith@grokking.org> To: focus-ms@securityfocus.com Date: Thu, 9 Jan 2003 09:21:15 -0500
Hi,
I'm looking for some feedback from the community regarding the transfer of AD
traffic over a public WAN.
The basic plan is this:
Single Win 2000 domain spread over two sites in different cities. Each site
has perimeter NAT device and are obscuring internal subnets with IP addresses
provided by a single ISP. No internetwork VPN planned. DNS is AD-integrated
at both sites. Both DCs are patched to SP3.
The MS documentation I've consulted indicates that AD replication, and by
extension, DNS zone information that is AD-integrated is automatically
encrypted.
My question: if the data is already encrypted and is passing only across a
single ISP's network, should one be bothering with a router-router VPN tunnel
for this traffic? IOW, would setting up such a tunnel for this data be
redundant/unnecessary or am I missing something important here? Would anyone
care to comment on the relative safety of AD encryption out-of-the-box?
Thanks in advance for any feedback,
VS
- Next message: Brian W. Spolarich: "RE: AD replication over WAN"
- Previous message: David Perske: "FW: Tools for changing WMI namespace ACL's"
- Next in thread: Brian W. Spolarich: "RE: AD replication over WAN"
- Maybe reply: Brian W. Spolarich: "RE: AD replication over WAN"
- Maybe reply: Jim Harrison (SPG): "RE: AD replication over WAN"
- Maybe reply: Deus, Attonbitus: "RE: AD replication over WAN"
- Maybe reply: Jim Harrison (SPG): "RE: AD replication over WAN"
- Maybe reply: Keith Smith: "FW: AD replication over WAN"
- Reply: Chris Weiscopf: "RE: AD replication over WAN"
- Maybe reply: Tom Sutherland: "RE: AD replication over WAN"
- Maybe reply: Jim Harrison (ISA): "RE: AD replication over WAN"
- Maybe reply: Kim, Anthony: "RE: AD replication over WAN"
- Maybe reply: Kim, Anthony: "RE: AD replication over WAN"
- Maybe reply: Pidgorny, Slav: "RE: AD replication over WAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
