BruceTonge.Info

So I have been looking into designing an AD replication structure for a network which is designed around all sites connecting into a managed MPLS network. So really all sites just connect to the MPLS cloud and data comes out the other end the routing of the cloud was not under my control. All the sources I have found on the net talk about sites being linked to other sites via leased lines and to map your AD design to the network design. This doesn’t really work in an MPLS network as all sites are connected to each other. So in this situation I believe that link cost can be treated a little differently.

First I decided to have two types of links core links with a cost of 10 and default site links with a cost of 100. Now I decided to put all my core sites (HQ’s and sites with large user populations) in to one site link called the hub. It should be noted that the KCC will fully mesh all sites that are in one link so if you find you are going to have alot of core hub sites you may want to construct the mesh manually by creating individual site links for the core. I would say more that 5 core sites probably requires manual link creation.

Next you need to create site links for all of your other sites. It is recommended to only have 2 sites in a link (apart from the core) this means that you can have full control of your replication paths. If you require backup links you can add these using a link cost of say 200. I decided to have sites that connected to the same MPLS core networks link together. This means that your replication traffic will only traverse the network via the core hub sites and not all the other sites. This cuts down on unnecessary bandwidth usage.

You should have no more than default satellite sites connected to one hub site. If you do you ether need to make sure the hub site has the resources in bandwidth and server performance to take the load or create another hub site and move some sites across to the new site.

You will also need to decide on replication intervals and schedules. This can be decided by how often you make changes and how quickly you need them to replicate.

To monitor your replication system I would recomend installing Ultrasound from Microsoft it is free and will monitor and debug any issues you might get in the future.

The live feed for the MacWorld keynote from MacRumours was hacked today. This hack also took down there regular site. From the text that was in replacement to the keynote info (provided by thoes that had hacked the site) it seems that access to the server controle pannel was hacked allowing access to the hole system. It also apeared that more than one hacker had had ago at the system as conversations emerged in the streem. At one point it seemed that other users of the site were also able to contribute as requests to stop were also included in the streem as well as info from other streem providers. Not a good day for MacRumours.

I have ordered my key now will be with me in two weeks so I can have a proper play then. But I have been thinking. This device doesn’t work if you can just buy one anonymously and create an identity with it and use it for authentication. All it is really good for a single user is for adding to existing accounts on systems and using the key as a single authentication device through the central auth system (openID). Other than that the key needs to be issued by a party and tied to there system and issued in a way so that it is securely placed into the hands of the correct owner for multi factor authentication. in this method for each system you need authentication to you would need a separate key ie for access to a bank account with one firm and access to a credit card held by another firm. One key will not do all. What this system needs is a central authentication system that can be trusted to some level. A bit like Thawte did with ssl certs all those years ago.

Ok I have just herd about the new authentication device from Yubico it is called the Yubikey and it is verry simple it is a usb keyboard in a pen drive that sends a single instance key for authentication anyway I am pressed for time at the mo and this Portugees keyboard is all wrong. But the top and the bottom is havea look it is all opensource they just sell the hardware I have bought mine to play with. you should too. I will postmore when I have had a play but read theresite is is verry cool in the way that it works.

This is a quick tip for travelers.I recently went to Portugal intact I am still here. Anyway if you want to skip the now massive queues at passport control get an e passport asap as Portugal has loads of e control points like 5ish and only 2 regular only one of which is for eu citizens. By the way e passports have a chip behind the photo and an icon on the front. Anyway enjoy the nice weather I will…