Site design depends on the networking infrastructure of your organization. As you set out to implement an initial site design, you must start by mapping your organization's existing network topology. Any time you plan to revise your network infrastructure, you must also plan the necessary revisions to your existing site design.
Although site design is relatively independent from domain structure, the replication topology depends on how available domain controllers are and how they are configured. The KCC running on each domain controller monitors domain controller availability and configuration, and updates replication topology as changes occur. The ISTG performs similar monitoring to determine the best way to configure intersite replication. This means that as you implement or change the domain controller configuration, you may change the replication topology.
To develop a site design, you should start by mapping your existing network architecture. Be sure to include all the business locations in the organization that are part of the forest or forests for which you are developing a site plan. Document the subnets on each network segment and the connection speed on the links connecting each network segment.
You need to document the subnets because each site in the organization will have separate subnets. Although a single subnet can only exist in one site, a single site can have multiple subnets associated with it. After you create sites, you will create subnet-to-site associations by adding subnets to these sites.
You need to document the connection speeds for links because the available bandwidth on a connection affects the way you configure site links. Each site link is assigned a link cost, which determines its priority order for replication. If there are several possible routes to a site, the route with the lowest link cost is used first. In the event that a primary link fails, a secondary link can be used.
Because site design and network infrastructure are so closely linked, you'll want to work closely with your organization's network administrators. If you wear both hats, start mapping the network architecture by listing each network location, the subnets at that location, and the links that connect the location. For an organization with its headquarters in Chicago and four regional offices, in Seattle, New York, Los Angeles (LA), and Miami, this information might come together as shown in Table 35-3. Notice that I started with the hubs and worked my way to the central office. This way, the multiple connections to the central office are all accounted for when I finally make this entry.
Table 35-3. Mapping Network Structure
Location | Subnets | Connections |
---|---|---|
Seattle | 10.1.11.0/24, 10.1.12.0/24 | 256 kilobits per second (Kbps) Seattle– Chicago, 128 Kbps Seattle–LA |
LA | 10.1.21.0/24, 10.1.22.0/24 | 512 Kbps LA–Chicago, 128 Kbps LA– Seattle |
New York | 10.1.31.0/24, 10.1.32.0/24 | 512 Kbps New York–Chicago, 128 Kbps New York–Miami |
Miami | 10.1.41.0/24, 10.1.42.0/24 | 256 Kbps Miami–Chicago, 128 Kbps Miami–New York |
Chicago | 10.1.1.0/24, 10.1.2.0/24 | 256 Kbps Seattle–Chicago, 512 Kbps LA– Chicago, 512 Kbps New York–Chicago, 256 Kbps Miami–Chicago |
I then used the table to create a diagram similar to the one shown in Figure 35-10, in which I've depicted each network and the connections between them. I've also noted the subnets at each location. Although it is also helpful to know the number of users and computers at each location, this information alone isn't enough to help you determine how links connecting sites are used. The only certain way to know that is to monitor the network traffic going over the various links.
Once you've mapped the network structure, you are ready to create a site design. Creating a site design involves the following steps:
Mapping the network structure to site structure
Designing each individual site
Designing the intersite replication topology
Considering the impact of site link bridging
Planning the placement of servers in sites
Each of these steps is examined in the sections that follow.
To map the network structure to site structure, start by examining each network location and the speed of the connections between those locations. In general, if you want to make separate network locations part of the same site, the sites should have at least 512 Kbps of available bandwidth. If the sites are in separate geographic locations, I also recommend that the network locations have redundant links for fault tolerance.
These recommended speeds are for replication traffic only, not for other user traffic. Smaller organizations with fewer than 100 users at branch locations may be able to scale down to dedicated 128-Kbps or 256-Kbps links. Larger organizations with 250 or more users at branch locations may need to scale up.
Following the previous example, the Chicago-based company would probably be best served by having separate sites at each network location. With this in mind, the site-tonetwork mapping would be as shown in Figure 35-11. By creating the additional sites at the other network locations, you help control replication over the slow links, which can significantly improve the performance of Active Directory. More good news is that sites are relatively low maintenance once you configure them, so you get a significant benefit without a lot of additional administration overhead.
After you have determined how many sites you will have, you next need to consider the design of each site. A key part of the site design has to do with naming the sites and identifying the subnets that are associated with each site. Site names should reflect the physical location of the site. The default site created by Active Directory is Default-First-Site-Name, and most site names should follow a similar naming scheme. Continuing the example, you might use the following site names:
Seattle-First-Site
LA-First-Site
NewYork-First-Site
Miami-First-Site
Chicago-First-Site
I've used dashes instead of spaces, following the style Active Directory uses for the default site. I've named the sites City-First-Site rather than City-Site to allow for easy revision of the site architecture to include additional sites at each location. Now, if a location receives additional sites, the naming convention is very clear, and it is also very clear that if you have a Seattle-First-Site, Seattle-Second-Site, and Seattle-Third-Site, these are all different sites at the Seattle location.
To determine the subnets that should be associated with each site, use the network diagram developed in the previous section. It already has a list of the subnets. In your site documentation, simply note the IP subnet associations that are needed and update your site diagram to include the subnets.
After you name the sites and determine subnet associations, you should design the intersite replication topology. You do this by planning the details of replication over each link designated in the initial site diagram. For each site link, plan the following components:
Replication schedule
Replication interval
Link cost
Typically, you'll want replication to occur at least every 180 minutes, 24 hours a day, 7 days a week. This is the default replication schedule. If you have limited bandwidth, you may need to alter the schedule to allow user traffic to have priority during peak usage times. If bandwidth isn't a concern or if you have strong concerns about keeping branch locations up to date, you may want to increase the replication frequency. In all cases, if possible you should monitor any existing links to get a sense of the bandwidth utilization and the peak usage periods.
Calculating the link cost can be a bit complicated. When there are multiple links between locations, you need to think carefully about the appropriate cost of each link. Even if there is only one link between all your sites now, you should set an appropriate link cost now to ensure that if links are added between locations, all the links are used in the most efficient way possible.
Valid link costs range from 1, which assigns the highest possible preference to a link, to 99999, which assigns the lowest possible preference to a link. When you create a new link, the default link cost is set to 100. If you were to set all the links to this cost, all the links would have equal preference for replication. But would you really want replication to go over a 128-Kbps link when you have a 512-Kbps link to the same location? Probably not.
In most cases, the best way to set link cost is to assign a cost based on the available network bandwidth over a link. Table 35-4 provides an example of how this could be done.
Table 35-4. Setting Link Cost Based on Available Bandwidth
Available Bandwidth | Link Cost | Preference |
---|---|---|
100 megabits per second (Mbps) or greater | 20 | Very high |
100 Mbps to 10 Mbps | 40 | Moderately high |
10 Mbps to 1.544 Mbps | 100 | High |
1.544 Mbps to 512 Kbps | 200 | Above normal |
512 Kbps to 256 Kbps | 400 | Normal |
256 Kbps to 128 Kbps | 800 | Below normal |
128 Kbps to 56 Kbps | 1600 | Moderately low |
56 Kbps or less | 3200 | Low |
You can use the costs in the table to assign costs to each link you identified in your site diagram. Once you do this, update your site diagram so that you can determine the route that will be used for replication if all the links are working. As Figure 35-12 shows, your site diagram should now show the names of the sites, the associated subnets, and the cost of each link.
By default, Active Directory automatically configures site link bridges, which makes links transitive between sites in much the same way that trusts are transitive between domains.
When a site is bridged, any two domain controllers can make a connection across any consecutive series of links. The site link bridge cost is the sum of all the costs of the links included in the bridge. Let's calculate the site link bridge costs using the links shown in Figure 35-12. Because of site link bridges, the domain controllers at the Chicago headquarters have two possible routes for replication to each of the branch office locations. The costs of these routes are summarized in Table 35-5.
Table 35-5. Link and Bridge Costs
Site/Link | Link/Bridge Cost |
---|---|
Seattle Site | |
Chicago–Seattle | 800 |
Chicago–LA–Seattle | 2000 |
LA Site | |
Chicago–LA | 400 |
Chicago–Seattle–LA | 2400 |
New York Site | |
Chicago–New York | 400 |
Chicago–Miami–New York | 2400 |
Miami Site | |
Chicago–Miami | 800 |
Chicago–New York–Miami | 2000 |
Knowing the costs of links and link bridges, you can calculate the effects of a network link failure. In this example, if the primary link between Chicago and Seattle went down, replication would occur over the Chicago-LA-Seattle site link bridge. It's relatively straightforward in this example, but if you were to introduce additional links between network locations, the scenarios become very complicated very quickly.
The network topology used in the previous example is referred to as a hub-and-spoke design. The headquarters in Chicago is the hub, and the rest of the offices are spokes. Automatic site link bridging works well with a hub-and-spoke design. It doesn't work so well when you have multiple hubs. Consider the example shown in Figure 35-13. In this example, Chicago is the main hub, but because Seattle and LA have a spoke, they are also considered hubs.
Site link bridging can have unintended consequences when you have multiple hubs and spokes on each hub. Here, when the bridgehead servers in the Chicago site replicate with other sites, they will replicate with Seattle, New York, LA, and Miami bridgehead servers as before, but they will also replicate with the Vancouver and San Diego bridgehead servers across the site bridge from Chicago-Seattle-Vancouver and from Chicago-LA-San Diego. This means that the same replication traffic could go over the Chicago-Seattle and ChicagoLA links twice. This can happen because of the rule of three hops for optimizing replication topology.
The repeat replication over the hub links is made worse as additional spokes are added. Consider Figure 35-14. Here, the LA hub has connections to sites in Sacramento, San Diego, and San Francisco. As a result of site link bridging, the same replication traffic could go over the Chicago-LA links four times. This happens because of the rule of three hops for optimizing replication topology.
The solution to the problem of repeat replication traffic is to disable automatic site bridging. Unfortunately, the automatic bridging configuration is all or nothing. This means that if you disable automatic site link bridging and still want some site links to be bridged, you will need to configure those bridges manually. You can enable, disable, and manually configure site link bridges as discussed in the section entitled "Configuring Site Link Bridges".
When you are finished configuring site links, you should plan the placement of servers in the sites. Think about which types of domain controllers and how many of each will be located in a site. Answer the following questions:
Will there be domain controllers? If so, how many?
Will any of the domain controllers host a global catalog? If so, how many?
Will any of the domain controllers host DNS? If so, how many?
Will any of the domain controllers have an operations master role? If so, what roles and on which domain controllers?
Think about which Active Directory partitions will be replicated between the sites as a result of the domain controller placement, and about any additional partitions that may need to be replicated to a site. Answer the following questions:
Will domain, configuration, and schema partitions be replicated to the site?
Will a global catalog be replicated to the site?
Will ForestDnsZones and DomainDnsZones partitions be replicated to the site?
Will any special application partitions be replicated to the site? If so, what partitions, how are they used, and which domain controllers will host them?
By answering all these questions, you will know what servers will be placed in each site as well as what information will be replicated between sites. Don't forget about dependent services for Active Directory. At a minimum, each site should have at least one domain controller, a global catalog, and DNS. This configuration allows intrasite replication to occur without having to go across site links for dependent services. To improve the user experience, keep in mind the following facts:
Global catalogs are needed for logon (unless universal group membership caching is enabled). If there is a local global catalog, logon can complete without a request having to go across a site link.
DHCP servers are needed for dynamic IP addressing. If there is a local DHCP server, clients with dynamic IP addressing will be able to start up and get an IP address assignment without having to go across a site link.
DNS servers are needed for forward and reverse lookups. If there is a local DNS server, clients will be able to perform DNS queries without having to go across a site link.