In Active Directory, the concept of a site is very closely related to the concept of a subnet. A subnet
is an isolated area in a network that is blocked by a router that stops
broadcast traffic. From a design standpoint, this creates separation
(and therefore isolation), and places physical firewalls between
locations. The caveat to this design is that you will not have to route
between IP based subnets by using a router.
Furthermore, in Active Directory the term sites
means a collection of individual computers in a particular subnet that
are logically collected into one container. This means that by default,
each container will be autonomous and not communicate with any other
container. To make the rest of your network communicate, you will need
to establish a site link between the two sites within the various subnets so they can identify each other.
From a design standpoint,
you are concerned with sites and subnets because of the concept of
replication. As you'll recall from your study of Active Directory, replication
is the process of notifying the rest of the network of when an object
is created, deleted, moved, or changed. This is maintained by something
called the knowledge consistency checker
(KCC). The KCC generates and maintains the replication topology for
replication within sites and between sites. It is a built-in process
that runs on all DCs. When a system wide change takes place, the KCC (a
dynamic-link library) will modify data in the local directory based on
those changes and then by default, the KCC reviews and makes
modifications to the Active Directory replication topology every 15
minutes to ensure propagation of such data, either directly or
transitively, by creating and deleting connection objects as needed.
The KCC recognizes changes
that occur in the environment and ensures that domain controllers are
not orphaned in the replication topology. Due to this overhead, it is
important that you take this into account when designing your site link
topology and your overall infrastructure.
1. Site Links
Site links in
Active Directory are reliable, usually WAN, connections between
different subnets or collections of subnets. Remember, a site is a
replication boundary. Thus, in order to communicate, you must establish a
site link that connects these two different sites. Overall, each of
these sites will send all their necessary replication over one
individual connection, such as a T1 circuit.
Because not all site links
are created equal, it behooves us as administrators to establish certain
understood and quantifiable values within our site-link design:
Site-link name
Site-link cost
Site-link schedule
The site-link name is pretty obvious—it's what you name your site link. The site-link cost is a little less obvious. A site-link cost
is a value that is assigned by the administrator to identify the speed
of the connection between the two different sites, with a lower number
indicating a faster connection. Normally, Windows Server 2008 defaults
all site links at cost 100, and it's up to administrators to manually
establish costs for the rest of the topology. Table 1 shows a recommended cost-link table.
Table 1. Recommended Site-Link Cost Table
| Available Bandwidth (Kbps) | Site-Link Cost |
|---|
| 4096 | 283 |
| 2048 | 309 |
| 1024 | 340 |
| 512 | 378 |
| 256 | 425 |
| 128 | 486 |
| 64 | 567 |
| 56 | 586 |
| 35.4 | 644 |
| 19.2 | 798 |
| 9.6 | 1042 |
Keep in mind that site links
are not limited to IP. In fact, they actually use Remote Procedure Call
(RPC) over IP. But for your purposes here, IP will suffice. Site links
can also use the Simple Mail Transfer Protocol (SMTP). However, SMTP is
not available if you are within the same domain. Within the same domain,
you are limited to RPC over IP.
The last value you need to be concerned with is the site-link schedule. If you read and did your exercises in Sybex's MCTS Active Directory Configuration Study Guide,
you are probably familiar with how to set this up. Each site link
requires a schedule for replication. This is because you don't
necessarily want your servers replicating traffic all over the network
while you have 1,000 users trying to access a particular file over a
WAN. It creates a lot of traffic. For this exam, just keep in mind that
schedules are a part of site links. The actual process of setting these
up has already been covered.
2. Site-Link Bridges
The purpose of a site-link
bridge is to function as a shortcut between two sites that are not
actually linked together. In other words, if site A is linked to site B,
and site B is linked to site C, site A can be linked through site C by
using a site-link bridge.
You will be challenged to take what you have learned and apply it to a
design environment. For instance, you may be given a scenario where you
will be asked what the best solution is to connect site A to site C, as
in Figure 1.
Although it may seem like a site link would be the most logical answer,
your knowledge of site-link bridges will indicate you can save some
administrative overhead by using a bridge.
