SiteConcepts

While a domain is a logical grouping of computers connected for administrative purposes, a site is a physical grouping of computers that are well-connected to one another from the point of view of network bandwidth. Specifically, a site must consist of computers that:

• Run the TCP/IP protocol and are located on one or more subnets

• Are joined by a high-speed network connection, typically a LAN connection of 10-Mbps or greater with a high available bandwidth, but in some cases slower dedicated WAN connections

Sites are created within Active Directory to mirror the physical layout of a large network. Sites consist of one or more subnets and should mirror the physical connectivity of your network. Computers joined by LAN connections typically form a site, while slower WAN connections form the boundaries between different sites. You thus might have a Vancouver site, a Seattle site, and so on within your enterprise. Sites and domains don't need to correspond in a one-to-one fashion. For example, one domain may span several sites, or one site may span several domains.

Site Terminology

You need to understand a few other concepts to work with sites:

Site link

A connection between two sites that involves:

Cost

This is a number used to determine which site link will be preferred for replication when two sites are connected by multiple site links. The higher the cost number assigned to a site link, the lower the priority of the link as far as replication is concerned . A cost of 1 represents the highest priority for replication.

Member sites

This specifies the names of the sites that are connected by the site link. Most site links join only two sites, but it is possible to create backbone site links that link more than two sites together.

Schedule

This specifies the times when replication will occur between the sites. You might typically use 15 minutes over fast WAN links and longer time intervals over slower links.

Transport

This is the method used for intersite replication and can be either:

RPCs over IP

Use this transport when your WAN links are dedicated (always on). RPC communication is supported only by dedicated network links. Typically, this means using a leased line, such as a T1 line, for your WAN connection.

SMTP over IP

Use this transport for asynchronous WAN connections such as dial-up ISDN links. SMTP is Simple Mail Transport Protocol, the mail protocol used on the Internet, and it allows replication updates to be stored and forwarded as email messages.

Site-link bridge

This is a connection between two or more sites using multiple site links. Each site link in a site-link bridge must have a site in common with another site link in the bridge. This enables the bridge to calculate the cost value between sites in different links of the bridge.

You shouldn't need to use site-link bridges in fully routed IP internetworks, as site links are transitive. As a result, all site links belong by default to a default site-link bridge, and this is sufficient. You can disable the transitive nature of site links if you are using IP as your transport, and this will require that site-link bridges be created, but this is a lot of extra work and usually offers little gain in performance.

Subnet

This is a collection of IP hosts with a common subnet mask and network ID. Each site can consist of one or more subnets on your network.

Bridgehead server

This is a single domain controller used in each site for replication with other sites. You can let WS2003 automatically select and configure a bridgehead server, or you can manually define one for each site transport. Once you decide to manually specify a bridgehead server, the Knowledge Consistency Checker (KCC) no longer selects another bridgehead server if the designated one becomes unavailable, which can cause intersite replication to the site to stop.

Using Sites

Creating sites can help optimize the performance of your WS2003 network in a number of ways.

Logon Traffic

When a user attempts to log on to the network, the user's client computer contacts a domain controller to accomplish this. By default, XP Professional client computers try to find a domain controller in their own site to authenticate the user . In this way, valuable WAN-link bandwidth is conserved by not attempting to authenticate the user by remote domain controllers in other sites.

Replication Traffic

Sites can be used to schedule Active Directory replication traffic so that it occurs during off-peak hours. This gives administrators more control over replication traffic on their network. The reason is due to how the replication process works within a site (intrasite) and between sites (intersite):

Intrasite replication

Replication has low latency within a site, with the result that all domain controllers within a site almost always tend to be fully synchronized. If you make an update to Active Directory on one domain controller, this update is replicated to other domain controllers in the site 15 seconds after the update was made (this used to be 5 minutes in W2K). The way it works is that the domain controller on which the update was made notifies its replication partners , which then pull the updates from it. The topology of intrasite replication between domain controllers in a site is configured automatically by the KCC, and it doesn't need any further manual configuration by administrators. (The KCC is usually smart enough to establish the optimal replication topology within a site.)

Intersite replication

Replication between sites can be scheduled to utilize slow intersite WAN links during off-peak hours. In addition, replication information is compressed by about a factor of 10 to make more efficient use of these slow links. Intersite replication doesn't use notifications the way intrasite replication does. Intersite replication is enabled by creating site links between different sites.

Compression is used for intersite replication traffic only when the information to be updated exceeds 50 KB.

Distributed File System (DFS)

If you implemented DFS on your network and have replicas of a shared folder located in different sites, users will be automatically directed to the replica in their own site first if one exists, again conserving valuable WAN-link bandwidth between sites. See DFS earlier in this chapter for more information.

Site-Enabled Applications

Finally, Active Directory-aware applications, such as Microsoft's Exchange Server, can take advantage of sites to optimize messaging and replication traffic.

Planning Sites

Implementing sites on your network requires planning. The following are some of the things you need to consider when planning sites:

Default-First-Site- Name

When you install your first WS2003 domain controller, creating a forest root domain in a new forest, a default site called the Default-First-Site-Name is also created. You can rename this site to something more descriptive before you start creating new sites.

Site boundaries

Start by identifying the slow WAN links between different physical locations of your network, and use this information to create your sites.

Subnets

Each site must consist of one or more IP subnets. Look for subnets that are joined by high-speed LAN or WAN connections in your enterprise, and use this information to create subnet objects in Active Directory Sites and Services, associating them with your site objects.

Site links

Sites must be connected to one another by site links in order for replication to occur between them. Select the appropriate transport, specify the cost, and schedule replication for your site links as desired.

Domain controllers

Domain controllers should be placed where client computers can easily access them over high-bandwidth connections. Usually, the best solution is to place at least one domain controller in a site for each domain that is part of the site. The exception is when your site is a small branch office with only a few computers, in which case using the slow WAN link for logons would be acceptable.