Managing Site Links and Intersite Replication

Site links are used to connect two or more sites together for the purpose of replication. When you install Active Directory in a new forest, a new site link called the DEFAULTIPSITELINK is created. As you add additional sites to the forest, these sites are included in the default site link unless you have configured other site links. If all of the network connections between sites are the same speed and priority, the default configuration can work. In this case, the "

intersite replication configuration for all sites will have the same properties. If you were to a.

change these properties, the changes would affect the replication topology for all sites. By cre- g ating additional site links, you can configure different replication properties when the network connections between sites have different speeds and priorities.

Creating additional site links helps the designated Inter-Site Topology Generator (ISTG) for a site to prioritize the site links and determine when a site link should be used. It doesn't, however, change the way intersite replication works. Replication traffic between sites is always sent from a bridgehead server in one site to a bridgehead server in another site. Although it is the job of the ISTG to generate the intersite replication topology and designate bridgehead servers, you can manually designate bridgehead servers as well. Once you've established site links and designated bridgehead servers as necessary, you might want to change the way replication between sites is handled. For example, you might want to disable compression or enable notification so changes can be replicated more quickly between sites.

Following this, the most common administrative tasks related to site links involve the following:

• Creating site links

• Configuring site link bridges

• Determining the ISTG

• Configuring site bridgehead servers

• Setting site link replication options

Before looking at these administrative tasks, however, let's first look at the available replication transports.

Understanding IP and SMTP Replication Transports

When you create a site link, you will have to select a replication transport protocol. Two replication transports are available: IP and Simple Mail Transfer Protocol (SMTP). All replication connections within sites are synchronous and use RPC over IP. In this configuration, domain controllers establish an RPC over IP connection with a single replication partner at a time and replicate Active Directory changes. By default, the remote procedure call (RPC) connection uses dynamic port mapping. During replication, a replication client establishes a connection to a server on the RPC endpoint mapper port 135 and determines which port is to be used for replication on the server. Any additional replication traffic is sent over the ports defined in Table 35-1 on page 1175. When RPC over IP is used for intersite replication, these same ports are used. If there are firewalls between the sites, the appropriate ports on the firewalls must be opened to allow replication to occur.

Because RPC over IP is synchronous, both replication partners must be available at the time the connection is established. This is important because of the transitive nature of site links. For example, if Site 1 has a link to Site 2, and Site 2 has a link to Site 3, there is an automatic c bridge between Site 1 and Site 3 that allows Site 1 to replicate traffic directly to Site 3. Because p of this, you must carefully configure site link schedules so that all potential RPC over IP rep-

r lication partners are available as necessary—more on this in a moment.

10 Replication between sites can also be configured to use SMTP. By using SMTP as the transport, all replication traffic is converted to e-mail messages that are sent between the sites. Because SMTP replication is asynchronous, it can be a good choice when you do not have a permanent connection between sites or when you have unreliable connections between sites. It is also a good choice when you have to replicate between locations over the public Internet.

Before you use SMTP as the replication protocol, there are several important considerations. First, SMTP can be used only to replicate information between domain controllers in different domains because the domain directory partition cannot be replicated using SMTP—only the configuration, schema, and global catalog directory partitions can be replicated. Second, SMTP messages are digitally signed and encrypted to ensure that replication traffic is secure even if replication traffic is routed over the public Internet. All domain controllers that will use SMTP for replication require additional components to create, digitally sign, and then encrypt e-mail messages. Specifically, you must install the SMTP Service subcomponent of Microsoft Internet Information Services (IIS) on each domain controller and you must install a Microsoft certificate authority (CA) in your organization. The certificates from the CA are used to digitally sign and encrypt the SMTP messages sent between the sites.

Tip Configure replication through firewalls

If you plan to use SMTP for replication, you must open port 25 on the firewall between sites. Port 25 is the default port used for SMTP Although SMTP has definite security advantages over standard IP you can encrypt RPC communications between domain controllers using IP Security (IPSec) and then open the appropriate ports on your firewalls for RPC over If? Encrypting the RPC traffic between domain controllers would then be a viable alternative for replication over the public Internet when you have a dedicated connection between sites.

Creating a Site Link

After you create the sites that your organization needs, you can create site links between those sites to better manage intersite replication. Each site link must have at least two sites associated with it. These sites establish the endpoints or transit points for the link. For example, if you create a site link and add Portland-First-Site and LA-First-Site to the link, the Portland and LA sites are the endpoints for the link and the ISTG will use the link to create the connection objects that are required to replicate traffic between these sites.

Before you create a site link, you should determine the transport that you want to use as discussed previously in the section entitled "Understanding IP and SMTP Replication Transports" earlier in this chapter. You should also consider the following:

• Link cost The cost for a site link determines the relative priority of the link in relationship to other site links that might be available. If there are multiple possible routes to a site, the route with the lowest link cost is used first. In the event a primary link fails, a secondary link can be used. Typically, the link cost reflects the bandwidth available for a specific connection. It can also reflect the actual cost of sending traffic over a particular link if the organization has to pay a fee based on bandwidth usage.

• Replication schedule The replication schedule determines the times during the day that the site link is available for replication. By default, replication is allowed 24 hours a day. If you have a limited-bandwidth connection or you want user traffic to have priority at certain times of the day, you might want to configure a different availability schedule.

• Replication interval The replication interval determines the intervals at which the bridgehead servers in each site check to see if there are directory updates available. By default, the interval is set to 180 minutes. Following this, if the replication schedule is configured to allow replication from 7 P.M. to 7 A.M. each day, the bridgehead servers will check for updates at 7 P.M., 10 P.M., 1 A.M., 4 A.M., and 7 A.M. daily.

You can create a site link between two or more sites by completing the following steps:

1 Start Active Directory Sites and Services by clicking Start, Programs or All Programs, Administrative Tools, and Active Directory Sites And Services. If your organization has multiple forests, you might need to connect to another forest. To do this, right-click the Active Directory Sites And Services node in the console tree, and then select Connect To Forest. In the Connect To Forest dialog box, type the name of the root domain in the forest to which you want to connect, and then click OK.

2 Expand the Sites container, and then expand the Inter-Site Transports container. Right-click the container for the transport protocol you want to use, either IP or SMTP, and select New Site Link. This displays the New Object—Site Link dialog box, as shown in Figure 39-3.

3 In the New Object—Site Link dialog box, type a descriptive name for the site link. The site name serves as a point of reference for administrators and should clearly depict the sites the link connects.

3"

Figure 39-3. Create the site link.

4 In the Sites Not In This Site Link list, select a site that should be included in the link, and then click Add to add the site to the Sites In This Link list. Repeat this process for each site you want to add to the link. The link must include at least two sites.

5 Click OK to close the New Object—Site Link dialog box.

6 In Active Directory Sites And Services, the site link is added to the appropriate transport folder (IP or SMTP). Select the transport in the console tree, and then doubleclick the site link in the right pane. This displays the Link Properties dialog box, as shown in Figure 39-4.

7 Use the Cost combo box to set the relative cost of the link. The default cost is 100. For pointers on determining what cost to use, see the sections entitled "Mapping Network Infrastructure" on page 1186, and "Designing the Intersite Replication Topology" on page 1190.

Figure 39-4. Set the site link properties.

8 Use the Replicate Every combo box to set the replication interval. The default interval is 180 minutes.

9 By default, the site link is available for replication 24 hours a day. To set a different schedule, click Change Schedule, and then use the Schedule For dialog box to set the desired replication schedule. When you are finished, click OK.

10 Click OK to close the site link's Properties dialog box.

+2 -1

Responses

  • eliza
    What is the connection between sites that allows for intersite replication called?
    8 months ago

Post a comment