Home
Join

4 Replies

  • You should always have at least 2 Domain Controllers (DCs) per network.

    Then as to if you need to have DCs on-prem or in the cloud depends on your needs.
    - If you have on=prem servers and on-prem clien machines that need constant Domain authentication and cannot have networking (Internet) issues that disconnect to cloud DCs, then it maybe good to have on-prem DCs as well as cloud DCs for your SAAS services.

    But do read up on the diff between DCs on Azure (or other cloud providers) vs AAD and their limitations.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • to get on-prem experience have DC;s on Azure.

    set up site to site tunnel.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Thanks for the responses.

    adrian_ych​ I have several machines that rely on the DC for authentication, but I've never given any thought to how often those machines check in with the DC. Is there an easy way to know if something requires constant authentication? Can you give me an example of a server (or service) that might require such?

    JitenSh​ Is there any limitation to this model? For example, will I be able to run DNS and DHCP on a DC that's on azure?

    Was this post helpful? thumb_up thumb_down
  • arielbenjamin wrote:

    Is there any limitation to this model? For example, will I be able to run DNS and DHCP on a DC that's on azure?

    There are no breaking limitations to this model. However, according to my experience, point-to-site VPN works much better than site-to-site and allows your endpoints to work from anywhere, which is excellent. DHCP should still be provided on-premises to be able to establish the VPN connection. Your existing router should do just fine. DNS can be in Azure but ensure you understand that if the internet connection goes down, people won't be able to browse and keep working since DNS will be missing.

    You can proceed with a non-disruptive scenario, which is building a site-to-site VPN with Azure and moving one of the domain controllers to Azure using P2V https://www.hyper-v.io/migrating-cloud-easy-experience-choosing-p2v-converters/ or Azure Migrate https://azure.microsoft.com/en-us/services/azure-migrate/. Keep that "hybrid" option for some period, try temporarily disabling the local instance to see if and how that works, and so on.

    Was this post helpful? thumb_up thumb_down

Read these next...

  • No Network Access

    No Network Access

    Networking

    Hello,Suddenly, my Windows 2012R server has NO network access through either of its two nic cards; it is a DELL PE T430. It is configured to get IP info from DHCP, and that works ok; both NICs can get an IP just fine, but after I get the IP address,  I am...

  • Understanding VPNs

    Understanding VPNs

    Security

    Hello I'm trying to learn the concept of VPN's and there's some aspect of VPN's I'm not sure about. When I configure a remote access VPN on a Fortigate, I configure the following client range 192.168.3.10-192.168.3.40When the client connects and I do a ro...

  • Snap! Outlook crashes, getting phished, supermoon, CyberOne, DALL·E 2 + SpiceRex

    Snap! Outlook crashes, getting phished, supermoon, CyberOne, DALL·E 2 + SpiceRex

    Spiceworks Originals

    Your daily dose of tech news, in brief. We made it to Friday! Before we consider our weekend plans, let's look back in time. While not the storage we're accustomed to, back on August 12, 1877 (although there appears to be some debate on the actual ...

  • Spark! Pro series – 12th August 2022

    Spark! Pro series – 12th August 2022

    Spiceworks Originals

    I want my… I want my…. Spark!    Just a reminder, if you are reading the Spark!, Spice it up. We like it spicy here! Today in History: The IBM PC Introduced August 12, 1981 IBM introduces its ...

  • Repeated Attacks on my Firewall - What to Do ??

    Repeated Attacks on my Firewall - What to Do ??

    Security

    I've got a UTM Firewall and I'm constantly getting notifications that someone is trying to gain access through an SSL-VPN. The attacking IP address is almost always different, so blocking the IP every time is not a sustainable solution. They haven't got t...