Local Portal instance in branch office

Similar Messages

• New Branch Office - High Security

  Hello
  we plan to have 5 branch offices each with around 40 users. All branches will be in different geographical locations. Best Security needs to be implemented in all branches. All services email, SAP, Portals are hosted in the HeadOffice Datacenter. Each Branch will have dedicated internet 5MB for Voice and DATA
  Guidelines for security  -
  ensure users cannot insert usb or cd on laptops /desktops
  laptops/desktops are allowed to access restrictive internet from Office
  Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
  to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
  vendors proposed following ;-
  3921 router for branch
  ASA 5510 for branch
  3945 router for HeadOffice ( VPN )
  Filtering - Web Washer - Mcafee
  Experts can advice what hardware will best fit on branches, what other devices I need to achieve the above goals
  Thanks
  Vishal

  Hello Vishal,
  I would recommend the following:
  For Branches:
  1-  Cisco : 2921 : Voice Licensed (you dont need a higher end above this series for 40 users).
  2-  Cisco ASA 5510: (This will be your Security appliance at each branch).
  For Head Quarter:
  1-  Cisco ASA 5520: (This Will be Your HQ Security Appliance).
  2-  Cisco 3925 or 3945 router (Voice Licensed).
  For Your Security Guidelines, here is my answers:
  ensure users cannot insert usb or cd on laptops /desktops
  FOr this purpose, you Can disable the administrative privelege on the Notebooks and PCs for All users and remove the software driver for thier USPs.
  laptops/desktops are allowed to access restrictive internet from Office
  FOr this Purpose, I would recommend using Cisco IronPort WebFiltering, it Can be easily Integrated with your Active Directory and Enforces all Filtering Policy you would require.
  Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
  For this Purpose, I would recommend deploying Wireless LAN Controller at your HQ to have benefit and full advantage of managing your Wireless Infrastructure.
  to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
  FOr this Purpose , I would also say Your Best Option is to have Remote Access VPN & (VPN Client) deployed at all employee's Notebook. Though, You Can have another Option which to have SSL-VPN deployed at your HQ, but this will have additional cost as its added value featured licensed per number of users.
  Let me Know if this answers your Question Or if you require additional assistance.
  Regards,
  Mohamed

• Windows 8.1 laptop not connecting to domain in branch office

  We have a problem with a laptop. 
  It is installed in our Head office (The Netherlands), just like all other laptops by using an image.
  Tested and working on the domain.
  The user had to go to one of our branch offices (China) and when he connected there, the laptop just won't connect to the domain.
  When he plugged in the laptop, it keeps trying to connect it's directaccess.
  Other laptops (same image) immediately recognize the domain network, but this laptop just won't.
  I am able to ping everything on the local network (MPLS connection), from HQ to all Branch offices but not access them.
  I've tried changing the DNS settings, but without any result.
  Any suggestions?

  Hi,
  According to this tool's description, I think it should be helpful to check system current enviroment, such as network, certificates, etc. problem. Actually according to your description, I doubt it probably network enviroment of ISP problem, but we should
  find a way to verify our suspect. Then this tool would be convenient, it also would generate a trace log and it would be helpful with troubleshooting.
  The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests.  Built-in health tests: The following tests are currently implemented:
  Network interfaces Network location (NLS and NRPT DNS) IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS) Windows Firewall (applied profile, Firewall outbound rules) Certificates (EKU Client Authentication, trust chain for AIA and
  CRL) IPsec infrastructure tunnel (Domain SysVol share) IPsec intranet tunnel (PING and HTTP probes) Additional features Run post-check script (PowerShell, VBScript, BAT or CMD file)
  Roger Lu
  TechNet Community Support

• Branch office logic from SD

  The business scenario I'm trying to address is:
  we have multiple customers/shiptos that order, have credits issued for, and an individual credit limit set - but one corporate office that pays all of the bills and wants to take credits from shipto A for a balance on shipto B. 
  I know about and have set up the head office/branch office relationship and about setting the Payer partner to = the head office.  The problem with this set up is that it rolls into one credit limit (head office customer) rather than each branch having it's own.  If I change the payer to = the branch office, then it does not show up within open items or cash app in FI under the head office.
  Has anyone figured out how to keep seperate credit accounts for the branch offices but apply cash from a corporate level?

  The variable WDSSERVER is a variable that is figured out by MDT when booting a machine using the boot image created by Microsoft Deployment Toolkit. Therefore it is not available in Windows.
  If you want different WSUS servers depending on location of the client you can use for instance this technique in CustomSettings.ini. This will point clients on a specific subnet to a specific WSUS server.
  [Settings]
  Priority=DefaultGateway,Default
  [DefaultGateway]
  10.0.0.1=HQ
  10.0.1.1=BranchOffice
  [HQ]
  WSUSServer=http://wsus-hq:8530
   [BranchOffice]
  WSUSServer=http://wsus-branch:8530
  Blogging about Windows for IT pros at
  www.theexperienceblog.com

• Branch Office Communication

  Hi,
  Supposingly we have many branch offices with good internet speed but no dedicated bandwidth between individual locations.
  We need to enable VoIP calling using Internet, can we use any skype product to tie all standalone EPABX system for branch office communications. 
  Can we have SIP trunks on skype gateway from each location and enable interoffice calling.
  Please suggest

  Hello Rahul,
  I see you are asking about connecting your offices together for calling and comminucations.
  Well,  Connecting the offices together will require a Communication Server of some sort.  Manufacturers like Nortel, Avaya, Cisco, and many others have these type of devices available to accomplish the "link" between your offices, as long as the equipment is all compliant with the Communication Server.   I suggest you contact a local agent for these manufacturers and have them take a look at what you have. They will provide you with a quote to get you connected.
  As for Skype, making and receiving calls is a snap for us.  We provide these services 24/7. We can get you connected in miinutes and have you making cheap calls all day long.  The cost just depends on where in the world you are calling.  Our "minutes" bundles are very cost effective to use.  And, all of your incoming calls are free. All you would need, would be a Skype Online Number, a Managed User for the Skype Clients that want to call you, and SIP Channels to connect to your PBX to talk on.
  That's pretty much it.  I hope this helps you in your research to get your offices connected and to start using Skype.  I have provided  a few links for you to look at below.
  http://www.skype.com/intl/en-us/business/skype-connect/
  http://www.skype.com/intl/en-us/business/skype-manager/
  http://download.skype.com/share/business/guides/skype-connect-rates.pdf
  http://skypeconnect.voxygen.com/#stage1
  Thank You for considering Skype and using the Skype Community Forums.
  Regards,
  Victor S.
  Skype Enterprise Support

• Branch office WDS still pullinh image from main site

  Hi,
  I'm trying to configure a WDS on our branch site.
  what i did was open a new folder named DeployFilesFromMaster on the branch office server and replicate the DeploymentShare from main to branch office using DFS.
  then i installed WDS services on the branch office and add a Boot Image (taken from DeployFilesFromMaster)
  next i configured, under Scope Option on the DHCP server, options 66 (giving the ip address of the branch WDS), and option 67 (giving the path \Boot\x64\wdsnbp.com).
  now when I'm booting a computer into PXE it start working, but when pressing F8 and use the netstat command i see it has a session to my main office deploy server instead to the branch office.
  what do i need to change?
  when looking in the branch office server, there is ofcourse the DeployFilesFromMaster folder and there is another folder named DeploymentShare that was made while installiing the WDS server, and there is a wdsnbp.com file as well. how do I know, when DHCP
  direct me to the boot file name, that it direct me to the right file, or it doesnt matter.
  thanks for your help

  The variable WDSSERVER is a variable that is figured out by MDT when booting a machine using the boot image created by Microsoft Deployment Toolkit. Therefore it is not available in Windows.
  If you want different WSUS servers depending on location of the client you can use for instance this technique in CustomSettings.ini. This will point clients on a specific subnet to a specific WSUS server.
  [Settings]
  Priority=DefaultGateway,Default
  [DefaultGateway]
  10.0.0.1=HQ
  10.0.1.1=BranchOffice
  [HQ]
  WSUSServer=http://wsus-hq:8530
   [BranchOffice]
  WSUSServer=http://wsus-branch:8530
  Blogging about Windows for IT pros at
  www.theexperienceblog.com

• Branch Office Mail Server?

  I have Mac OS X providing mail services to about 100 users at a main office. We are opening a branch office with 20-30 users. I'm wondering if it is possible to setup another mail server for the branch office using the same domain. The users at the branch office are moderately heavy users who will often deal with lots of attachments. I would like them to have an IMAP server that is local to them for better performance and to reduce traffic on the main office network.
  I thought I'd give it a try. There's a field called "Mail Server" on the mail tab of WGM for each user. I put the address of the branch office server in that field. However, the main office server keeps the messages in its own mailstore. So, what's this field for? It doesn't seem to do anything.
  I see a way to accomplish this by editing the postfix alias file for each user and adding a line for each branch office user like branchofficeuser: [email protected] but that wouldn't be so nice if I ever have to turn over administration of these servers to someone else.
  Is there any way to distribute mail for users of the same domain across more than one IMAP server without resorting to entering aliases to subdomains for each user?

  x

• Branch office Exchange 2010 Role base administration control for branch site administrator

  Dear sir,
       Customer has a Exchange 2010 Main and Branch office environment:
  - Main office Exchange 2010 CAS x2 +HTS & Mailbox x2  (Server1,2 & Server 3,4)
    (Main office administrator:domain1\administrator) - DAG1
  - Branch office Exchange 2010 CAS+HTS x2 & Mailbox with DAG x2 (Server5,6 & Server7,8
     (Branch Administrator: domain1\badmin) - DAG2
       Customer would like to know what is the role which permission should grant / delegate for ID: badmin in order to manage Exchange server 5,6,7,8 ?  (with manage user account and performance in DAG2 failover & branch exchange server)
  Regards,
  Joe Tam

  Dear Brian,
     I have try in my lab to scale down into 2 x Server in 1 AD Single Domain And Single Forest.  It still have many unexpected behaviour, can you please suggest whether it is a design or bug of Exchagne 2010 SP1?
  Procedure:
  ============================================================================
  Exchange 2010 Role Delegation Problem: (Single AD, Single Site)
  Environment:
  Server: Windows 2008 R2 AD x1 + (CAS+HTS+Mailbox) Server x1
  AD Server: AD1
  Exchange2010 Server : EX2010 (with SP1) – Member Server Joined to testdomain1.net
  Domain Name: testdomain1.net (NETBIOS: TESTDOMAIN1)
  In AD,
  Login as domain administrator: Testdomain1\administrator
  1. Create an Organization Unit OU1.
  2. Create User User1 under OU1
  3. Delegate User1 to allow create user in OU1
  Select all item in “Delegate the following common tasks:
  In Exchange 2010 Server,
  Login as domain administrator: Testdomain1\administrator
  1. Rename existing database name to HKDB1
  2. Create a new database AUDB1 in EX2010 Server:
  AUDB1 Create Done.
  Assign testdomain1\User1 as Exchange 2010 local administrators group.
  Logoff Testdomain1\administrator and Login Testdomain1\User1
  Open Exchange EMC: (Failed, because no user management roles is grant).
  Logoff Testdomain1\User1, Login Testdomain1\Administrator
  Open Exchange 2010 PowerShell:
  Delegate User1 to allow perform recipient management in HKDB1 only:
  ====================================================================
  New-ManagementScope "HKDBSCOPE" -DatabaseRestrictionFilter {Name -Eq 'HKDB*' }
  $RoleGroup = Get-RoleGroup "Recipient Management"
  New-RoleGroup "HKDBRecipientManagement" -Roles $RoleGroup.Roles -CustomConfigWriteScope "HKDBSCOPE"
  Add-RoleGroupMember “HKDBRecipientMANAGEMENT” -Member User1
  ====================================================================
  Result:
  In Exchange 2010 Server, logon as domain user: Testdomain1\User1
  Open Exchange Management Console: (User1 able to open EMC now)
  Perform Create User User2 in OU1 with Mailbox located in HKDB1
  Mailbox Creation Failed because it cannot match the Database name = HKDB*
  Logoff Testdomain1\User1, Login Testdomain1\Administrator
  In Exchange Management Shell, enter:
  Set-ManagementScope "HKDBSCOPE" -DatabaseRestrictionFilter {Name -Like 'HKDB*' }
  Logoff Testdomain1\administrator, Login Testdomain1\User1
  Open Exchange Mangement Shell and Create User2 again.
  Create user successfully.
  Perform create User User3 in OU1 with Mailbox located in AUDB1
  User3 Creation Failed because it is not meet the Database restriction of User1 – Like HKDB*
  Logoff Testdomain1\User1, Login Testdomain1\Administrator
  Open Exchange Management Console, create User3 in AUDB1
  Create User3 in Users Container, by administrator ID.
  Logoff Testdomain1\administrator, Login Testdomain1\User1
  Perform mailbox remove of User2
  User2 mailbox remove successfully.
  Perform deletion of User3
  Mailbox User3 Remove Successfully.
  Why User3 is allowed to deleted mailbox which is located in by using delegated of User1?
  Moreover, it found that User3 properties can also be changed by using User1. Why?
  Does it mean delegation cannot handle delete operation?
  In Active Directory User and Computer: User2 is deleted successfully by using User1 ID.
  In Active Directory User and Computer: User3 is also deleted successfully by using User1 ID.

• Branch Office CME design Verification

  Hi All,
  Please refer to the attached network diagram.
  I need to verify this can be implemented and would work.
  We have a branch office moving to a new location and they intend to keep their existing CME (for business reasons),  provided by their local service provider with ISDN line for calls to the PSTN. This is managed by the service provider and we have no access to it. However we would like to grant them connectivity to the existing corporate voice network via an IP VPN connection, which shall be put in place soon. This will enable  the branch make site to site calls within the corporate network
  With a SIP trunk between the internal and external CME, I intend to make all the phones register with the Call Manager, however on the call manager , set a route pattern for calls going out to the PSTN from this branch back to the internal CME and this will then be matched by a SIP dial peer  directing the call to the external CME out to the PSTN.
  My worry is with the delay  that might be introduced when making a PSTN call as the internal CME has to first contact the call manager in order to know where to send the call.
  So my questions are as follows,
  1. Is this solution feasible especially in terms of delay? If not,
  2. Are there any other ways to achieve the same scenario
  Thanks,
  Yomi

  Are the phones at the branch office going to register to the Internal CME? If so, all configuration for outbound dialing will be done on the Internal CME, not on UCM. ie. dial-peer on the Internal CME for outbound dialing. For phone connectivity back to UCM, you will have a SIP trunk between UCM and internal CME and that is perfectly acceptable. You "might" see some quality degradation but that is to be expected from Internet based WAN connectivity. If your RTT delay is greater than 150ms, then you might see some quality issues.

• Branch Office DC Demand Dial VPN connection keeps failing

  here is me issue
  Our Branch Office DC is connected to Main Office DC with a Demand Dial Connection in RRAS Everything is connected fine for a little bit then its like the connection just gives out, it stays connected but i cannot ping the branch office DC with the local
  IP from the Main Office or access any network shares on it. When this happens i have to disconnect the server at the remote office and wait for it to reconnect im currently baffled as there are no Error LOGS to help me along and there doesnt seem to be anything
  that would be causing the issue for now until i get some answers as to what is going on i opened a command prompt on the DC here at the main office and i typed "ping 10.141.70.25 -t100" to monitor the connection more or less and when i see it timeout
  i reconnect it, i also have the networking tab open in task manager to monitor the LAN and RAS (Dial-In) Interface  the LAN doesnt seem too active but the RAS Interface does its got a constant network utilization of 0.28% and the Demand Dial interface
  on the remote office DC has a Utilization of 0.38% (Server Just disconnected as i was typing this and the utilization on the VPN connections on both servers went through the roof) heres the troubleshooting i have tried so far
  1. Rebooted both office DC`s at the same time
  2. Rebooted the branch office DC alone (this helped a little because the connection is staying active longer without fail)
  3. looked through all RRAS configuration on both servers to see if theres any mistakes by any other administrators (None Were Found)
  4. Used wireshark to see if there was anything interfering or that would cause this to happen (Nothing found)
  5. manually connected to the server in multiple ways like accessing network shares and remote management via MMC and manually making the servers replicate to see if any of that was causing issues and it wasnt
  My thoughts: im starting to think it may be a switch or something causing the connection issue at the branch office because the main office has all new routers and switches and just recently got a 100.00MBPS connection but nothing was affected for a good
  month so im not thinking it is the new connection or anything at the main office if theres something im overlooking here please let me know if some ipconfig /all results are needed i can provide them
  Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

  Hi,
  Are there any error messages on the event log ?
  Meanwhile, it is more network issue, i think you may ask in network forums:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS
  Regards.
  Vivian Wang

• Branch Office setup

  Hello All.
  I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.
  I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network.  The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
  The issue I have is this.  Wired clients work fine at this branch office, at least 95% of the time.  I have a lightweight AP there that can come up and join the controllers at the central network, no problem.  I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
  Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day.  Latency never comes close to the 600ms proposed limit with CAPWAP.  Yet, for some reason the performance of the clients is problematic.  Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.
  If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
  Something about this particular location is causing a lot of grief for our users.
  For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0.  The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.
  Any help on this would be appreciated, I am at my wit's end with this setup.

  Yes, 20/5 Download/Upload. 
  So I did as you suggested, here are the results with a 1400 byte packet:
  Ping statistics for 172.16.253.50:
      Packets: Sent = 100, Received = 99, Lost = 1 (1% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 17ms, Maximum = 2208ms, Average = 42ms
  That 2208ms response was an anomaly.  I ran it again and got this:
  Ping statistics for 172.16.253.50:
      Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 16ms, Maximum = 93ms, Average = 21ms
  With this one specific application we're testing with - it stops loading at a predictable point, every time.  However, I can remain VNC'd to this machine the entire time, and do anything else on the machine, but the application will fail to load at the same point every time.  But like I said, if I bring that client back to our main network, it works just fine, so it's not the application itself causing the problem, and we have other, smaller issues with other applications we have.  It's really bizarre.
  It's really not acting like interference.  I just set up a new site with an identical configuration - but with a 3502i AP, and I can replicate the behavior at that location too.  Unfortunately at this time we don't have anything to study the traffic with - I actually have a call on a solution for that this afternoon.

• Branch Office for Webtogo Apps

  Does Branch Office support Webtogo Apps? This would help with initial download times if a sync could be made to a Branch Office machine and then have local downloads by clients.

  I have a web-based Java servlet application. My application size is about 50MB of data/code and I would like to know if a Branch office configuration would help with sync times? Meaning, a central server would perform the sync with many Branch office machines located remotely. Then local clients would log into branch office machine and be able to access the web-based application and go offline if wanted.
  I installed a Branch Office machine but the Control Center does not have ability to create or manage Users or access to applications. Did I miss something?
  Thanks for your input,
  John

• Branch Office without network

  Hi!
  We have been trying to use a branch office install on a single computer for concurrent access from multiple (local) clients.
  This works like a charm as long as the computer is on a network (dial-up up or LAN). When we disconnect from the network, new connections to the BO database tends to take several seconds.
  The BO machine OS is Windows NT or 2K
  I suspect this delay has something to do with the network connection. We have tried to install Microsft Loopback Adapter to remedy this. The result is that it is a little bit faster than before, but the delay is still there.
  Is the Branch Office multiuser listener bound to a specific network interface? If so can it be changed? Or does anyone have any other ideas...

  It is possible that a PC responds slowly when connecting to the a MU listener when the PC is not on the network. Check how the DSN is defined. Defining it as a localhost may speed up.
  MU Listener uses Windows sockets to open the connection.

• SPA8800 and SRST for small branch office?

  Hi All,
  Need some help. I have a central site that will be running Cisco BE 5000. I have a small branch office I would like to place IP phones in so we can just dial an extension to call each other. The branch will have its own connection to the PSTN with a couple of POTS lines from the phone company.
  So I am wondering how I can connect branch and HQ for intra-office calling and let the branch office use their PSTN connection for their local calls. I would think I could place a gateway such as the SPA8800 in the branch and connect the PSTN lines to it.
  My concern is, what happens if I lose the WAN connection between HQ and branch? Then the branch could not make any calls right? I know a little about SRST and how that solves the issue of losing WAN connection with the central Call Manager site, but I what I don't understand is SRST something that can run on a device like the SPA8800 or do I need an ISR router in the branch that can run SRST if I want the branch to be able to make phone calls without a connection to HQ?
  Thanks for any help!                  

  u may but any plane wireless device and run it in bridge mode (shouldd run by default i beleive). Then connect one of its lan port to any one of the lan ports available on the DPC3829 thing.
  you are correct in what you want to do, and it can be done no problem.
  Regards
  Please mark answer as correct if it helps.

• Windows 2008 R2 RODC + Branch Office

  I'm looking at utilising a new RODC in a small branch office but I have a copuple of queries that hopefully someone can point in the right direction.
  Is it possible to move a RODC to a new Site / Subnet like you can with a normal DC. I plan to build the rodc and then move it to the new office once the sites / subnets have been created.
  I think I need to run ADPREP / rodcprep to install this server. I currently have 2 windows 2008 rc domain controllers and 1 windows 2003 (soon to be retired).
  Plan:
  Adprep the domain
  Build Windows server and promote to RODC
  Create new site and subnet
  POwer down RODC
  Move RODC to the new site within AD and physcially move to site
  Does this sound feasible?
  Many thanks

  I'm looking at utilising a new RODC in a small branch office but I have a copuple of queries that hopefully someone can point in the right direction.
  Is it possible to move a RODC to a new Site / Subnet like you can with a normal DC. I plan to build the rodc and then move it to the new office once the sites / subnets have been created.
  I think I need to run ADPREP / rodcprep to install this server. I currently have 2 windows 2008 rc domain controllers and 1 windows 2003 (soon to be retired).
  Greetings!
  Promote your RODC and let it replicate the content from RWDC, after that move RODC within new site and then move the server to new location with yourself.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?