Friday, January 4, 2019

Windows Server: Sites, Subnet and Site Links

Microsoft

What are sites?

Sites represent the physical network in a logical way
Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology between your domain controllers. 
Initially there is only one site
When you add the Active Directory Domain Services server role to create the first domain controller in a forest, a default site (Default-First-Site-Name) is created in AD DS. As long as this site is the only site in the directory, all domain controllers and servers that you add to the forest are assigned to this site.

When should you create more sites?

Visual representation of the four reasons to create more sites, as discussed in the content.
Sites identify networks that have good network connectivity. By creating more sites, domain controllers and other servers that use AD DS can take advantage of this connectivity. This means sites can help with improving the efficiency of these activities.




  • Slow Links
    A slow link separates part of the network. If two locations are connected by a slow link, you should configure each location as a separate AD DS site. A slow link typically is considered one that has a connection of less than 512 kilobits per second (Kbps). However, for AD DS design, consider a larger threshold value.




  • User locations
    If a network location has a sufficient number of users for whom the inability to authenticate would be problematic, put a domain controller in the location to support authentication within the location. After you include a domain controller or other distributed service in a location that will support those users, you might want to manage Active Directory replication to the location or localize service use by configuring an Active Directory site to represent the location.




  • Service Localization
    You want to control service localization. By establishing AD DS sites, you can make sure that clients use domain controllers that are nearest to them for authentication, which reduces authentication latency and traffic on WAN connections. In most scenarios, each site will contain a domain controller (and often two for redundancy). However, you might configure sites to localize services other than authentication, such as DFS, BranchCache, and Exchange Server services. In this case, some sites might be configured without a domain controller present in the site.




  • Replication
    You want to control replication between domain controllers. There might be scenarios in which two well-connected domain controllers are allowed to communicate only at certain times of the day. Creating sites allows you to control how and when replication takes place between domain controllers.

What are subnets?

Subnets map network addresses to sites
Subnets identify the network addresses that map computers to AD DS sites. A subnet is a segment of a TCP/IP network to which a set of logical IP addresses are assigned. A site can consist of one or more subnets.
Visual representation of subnets. The London site has two subnets. The Toronto site has one subnet.

Keep your subnet information up to date
When you design your AD DS site configuration, it's critical that you correctly map IP subnets to sites. Similarly, if the underlying network configuration changes, make sure that you update the configuration to reflect the new site mapping. Domain controllers use the AD DS subnet information to map client computers and servers to sites. If this mapping isn't accurate, operations such as logon traffic and applying GPOs are likely to occur across WAN links, and may be disruptive.
Visual representation of the default first site being divided into two sites one for London and one for Toronto. Sites have fast, reliable, and inexpensive connections.

What are Site Links?

Site links describe connections
Site links describe the connections between sites. For two sites to exchange replication data, a site-link must connect them. A site-link is a logical path that is used to establish replication between sites.
Initially there is only one site link
When you create a forest, one site-link object is created: DEFAULTIPSITELINK. By default, each new site that you add is associated with this site link. The DEFAULTIPSITELINK and any other site-links created have a default cost of 100 and a default replication period of 180 minutes. 
Screenshot of the DEFAULTIPSITELINK Properties page. The default-first-site-name link is shown with cost of 100 and replication every 180 minutes.

When to create more site links?

By default, all sites use the default site link
To understand site links it is best to think through an example. Consider an organization with a data center at the headquarters and three branch offices connected to a data center with dedicated high speed networks. You create sites for each branch office: Seattle, Amsterdam, and Beijing. By default, each of the sites, including headquarters, is associated with the DEFAULTIPSITELINK site-link object.
Visual representation of four sites Headquarters, Amsterdam, Beijing, and Seattle. A possible site link is shown from Amsterdam to Headquarters to Seattle.
A single site link may not be efficient
Because all four sites use the same site link, you are instructing AD DS that all four sites can replicate with each other. That means that Seattle may replicate changes from Amsterdam; Amsterdam may replicate changes from Beijing; and so on. So, some replication traffic on the network can flow from one branch through the headquarters on its way to another branch. A single site-link does not control the network routes that are used. Having a single site link may not be efficient when you have multiple sites and different network topologies.
Control replication by creating site links that mirror your network topology
To align your network topology with Active Directory replication, you must create specific site-links. That is, you can create site-links that reflect your intended replication topology.
Visual representation of four sites, Headquarters, Seattle, Amsterdam, and Beijing. Only three sites are shown, one from Headquarters to each fo the other sites. For example, Headquarters to Seattle.
Define the site links you want to use for replication
Continuing the preceding example, you would create three site-links as follows:
  • HQ-SEA includes the Headquarters and Seattle sites.
  • HQ-AMS includes the Headquarters and Amsterdam sites.
  • HQ-BEI includes the Headquarters and Beijing sites.
After you create site-links, the topology will be used to build a replication topology that connects each site.
Understanding Sites, Subnets, and Site Links - This topic provides a nice overview of sites, subnets, and site links.

No comments:

Post a Comment