Active Directory - Disaster Recovery Planning

[darren97]

Hi

We are setting up a DR site for our existing head office infrastructure and will be using Neverfail for exchange rep and SQL server rep etc. I would like suggestions from an AD point of view. The connection between HO and the DR site will be over a 10Mb leased line and the idea is that if HO becomes unavailable, users will be able to connect to the 'mirrored site' from an alternative loaction. We are probably going to go for a small Citrix solution for connecting to the DR site. I plan to have a DC at HO and a DC at the DR site. If HO becomes unavailable and holds the FSMO roles, when users try to log in at the DR site, they will face problems, especialyy if the PDC emulator is not available (which it won't be if HO is down) I have toyed with putting the DC holding the PDC emulator role at the DC, but if the comms goes down between the two sites then HO users will have a problem, and I don't want to have to seize FSMO roles etc. Has anyone else put together a DR plan like this and how have you overcome the DC problems. (Unless I am missing something simple, which if I am,,,apologies in advance)

Thanks in advance


Regards, Darren

 

[Spirit]

If the comms goes down between the 2 sites how will users access the DR?

You need to think about where the clients will get there DHCP lease (or are you static) from?

If you have a 2nd DC in the HO site then just add GC to it, perhaps? Along with DNS.

That should sort out the routing to the DR site, providing your like is up!

If your thinking about you HO being zapped, flooded, quarantined etc. you need to think how to get the clients to the DR from the new emergency site. And if you don't have that in advance then just to get a connection will take time. Hopefully enough for you to rebuild a server!

Another thought is even if your FSMO server is gone the users should be able to log in using cached credentials and then when they connect to citrix authentication will be checked again so think about the routing.

Right its Friday, and I think I have started rambling insanely sorry if I am not making sense!

IAin

 

[darren97]

Hi Iain

No worries on the rambling side, I do it all the time!!
Users will only access the DR site if HO blows up, floods etc, so the comms betwwen HO and DR would not be relevant as everyone will be accessing the DR solution from home computers via Citrix secure gateway to a citrix box at the DR site (in the data centre) If the comms goes down whilst everyone is working at HO (ie, no disaster at HO) then again that won't be a huge problem because replication will kick off again once the link is up. DHCP at the DR site is not relevant because all the users will connect to the citrix box that will be static anyway. Again, routing at the DR suite won't be an issue because they will connect to file nt / exchange on the LAN at the DR site and connect to the replicated servers. The issue for me is just the whole AD rep problem. I think the way forward is for me to lab this, log every user on to the citrix box, and see how the cached logons work etc.

Thanks for the input.

Darren

Regards, Darren