0

I'm experimenting a little here...

Across the country I have set up 2 sites with one domain. Each site has it's own controller for that domain.

I then have DFS running and replicating files from a server in site 1 to a server in site 2.

There's no VPN link between the two sites.

Is this mad/dangerous? Have I missed anything or is this a sensible way of doing things?

Paul
  • 221
  • 5
  • 15
  • 1
    There's a very good reason I said that you **need** a VPN between your sites. You are a software developer. I'm sure you are very good at what you do, but you ought to be very careful when delving into areas outside your expertise. – EEAA Apr 30 '13 at 22:56
  • Wow, you can't ask anything on this site without a holierthanthou response. I'm just interested and trying things out. I asked earlier if it was possible...and it is, might not be sensible, but it is possible. Jeepers – Paul May 01 '13 at 10:39
  • I am not a software developer. If I asked you a similar question about software dev, something that would be make the software incredibly insecure and unreliable, I would sure hope you would give me the same answer I (and others) gave you. We all have our respective areas of expertise, and helping one another grow in weak areas is why this site and the whole of the SE network are around. – EEAA May 01 '13 at 14:11
  • I know, I totally appreciate all of the help I get on here - could just be a little friendlier, that's all :) – Paul May 02 '13 at 08:18

2 Answers2

5

Yes, It is mad/dangerous.

You should only replicate DFS through the WAN and without VPN if you have a WAN private link connecting both sites. MPLS/VPLS whatever.

Danila Ladner
  • 5,331
  • 22
  • 31
  • At the risk of opening myself up to yet more abuse from this forum, *why* is it dangerous? From what I've read server 2008 r2 handles this a lot more neatly than previous versions, and potentially a lot more securely. Doesn't mean it's right, but no one's backing it up with anything – Paul May 01 '13 at 10:41
  • 1
    I will elaborate, once in the office. – Danila Ladner May 01 '13 at 11:57
0

While DFS has some Encryption using RPC (http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_015) I still would suggest to not rely on that. RPC is very weak and has had many flaws in the past. Use (at least, if you dont have dedicated devices) something like OpenVPN or alike to make it properly safe and efficient (compression).

Alessandro Meyer
  • 201
  • 1
  • 5