2

We need to deploy RODCs to many small satellite offices where we may want additional lightweight infrastructure there too (file, print, dhcp)

Are there any networking devices that include RODC functionality so users can log in with local credentials?

Update: I'm looking for other options similar to this Cisco WAAS Device, with Windows on WAAS (WoW)

If I were to take this a step further, are there devices that include lightweight file and print features as well?

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
  • I assume by "local login" you mean that the RODC authenticates instead of the writable domain controllers. RODC's do not allow local login by default. You need to add users in your branch office to the Password Replication Policy for "local login". Doing this negates the security benefits of a RODC (the passwords are stored locally for all authenticated users). You might want to investigate using BitLocker as well if you wish to pursue this configuration. – Joseph Kern Oct 26 '11 at 14:55

3 Answers3

6

An RODC is still a Domain Controller and requires a full or core installation of Windows Server 2008 or 2008 R2. Since it requires a normal installation of Windows and the installation of the Active Directory binaries, it, by definition, requires a server and not an appliance. It needs to be updated and maintained like any other Domain Controller in your organization. Just because it's not writable doesn't mean that it shouldn't be protected with the same safeguards as everything else.

Edit: I'd like to just point out that this answer was written before the OP edited the Cisco WAAS part into his question. WAAS uses some baked in virtualization tech to run Windows Server 2008 Core, making it possible to install a DC on it. IMO, it's not a standard LAN/WAN accelerator project, but rather virtualization in a box. Either way, this answer may not answer the question in its current state, but it did answer the original question as asked at the time.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Are you aware of any "appliances" that include the full server installation as you describe? – makerofthings7 Oct 26 '11 at 15:41
  • 1
    @makerofthings7 What are you looking for? An appliance is typically server hardware in a sealed off box with the underlying OS hardened and hidden from the user that performs a very specific function. Cisco NAC appliances, for example, run CentOS on IBM server hardware, but come with a slick web interface for configuring everything. If your appliance has a disk or RAM issue, they just send you a whole new one and you just reload your config. By definition, a box wouldn't be an appliance if it runs a full-blown Windows Server install. – MDMarra Oct 26 '11 at 16:53
  • I updated the question with a comparable Cisco product "WWAS". Are there any others from other Manufacturers? – makerofthings7 Oct 26 '11 at 16:59
4

It is now possible to use Samba 4 now as an RODC.

This actually makes it practical to deploy as an appliance in branch offices.

I've been testing this setup for a customer who wants to deploy exactly this environment and it's looking viable.

@MDMarra, I'm so sorry.

MikeyB
  • 39,291
  • 10
  • 105
  • 189
1

This is certainly a product suggestion and will likely be closed. In any case, have a look at the Riverbed Steelhead devices. Not only do they provide a SIGNIFICANT improvement in WAN performance but you can add a full install of Windows to the appliance at the branch office to run as your RODC as well as provide other local services. Very simple to install and maintain. Great tech support. I have no connection to Riverbed but have used their products. BTW, We spoke to several people who had used the Cisco hardware while doing research and all reported setup took significant time and required a few calls to support. The Riverbed was almost Plug and Play once IP was assigned and a couple of other steps.

Once running reports and usage graphs guide you to changes that will further optimize traffic.

Dave M
  • 4,514
  • 22
  • 31
  • 30