Branch Office Environment Characteristics
Updated: June 3, 2009
Applies To: Windows Server 2008
Branch offices have specific requirements beyond their normal, centralized services. The key requirement is to provide the normal range of data and services in these branches. However, systems architects face a difficult trade-off in designing their branch architectures. They can do either of the following:
Place servers in branch sites, which provides better reliability. Branch office users can work if the wide area network (WAN) link to the main site is not available and the users are not held back by bandwidth delays. However, this also incurs the management costs that an organization incurs by deploying and managing servers in each site.
Leave the servers in central sites and have branch office users access the resources on those servers remotely. This reduces the server management requirements, but it also reduces the performance and autonomy of the branch office.
In an ideal strategy, branch offices have the benefit of data and service locality without the costs of securing and administering the information technology (IT) infrastructure. Read-only domain controllers (RODCs) map well to that strategy because they can cache the data that the branch office needs, and they provide delegation for specific management tasks. The rest of this topic describes some of the challenges that branch offices present. For more information about how RODCs help address some of these issues, see Deciding Which Type of Domain Controller Meets the Needs of a Branch Office Location.
A typical branch office environment has one or more of the following characteristics:
Hub-and-spoke site topology
In this type of network topology, all or most of the IT staff and resources reside in one or more centralized hub locations, while users and computers reside in multiple branch offices. Each branch connects to a central hub through a WAN link. Typically, the central IT staff administers IT resources remotely in the branch as necessary.
Large number of branch offices
A branch office environment can include many remote locations where there are users who need to access IT resources. Some of the branch offices may currently have part or all of the required resources available locally. However, some branch offices may rely entirely on the availability of a link to a hub site for access to these resources. In particular, some branch offices may currently have a domain controller; others may not.
Slow, congested, latent, or unreliable network connectivity between the branch and hub locations
Even if the WAN links provide more bandwidth at a higher speed, when a domain controller in a branch office is offline, the users, computers, and applications in that branch office might be able to continue to work, but they might experience slower response times for operations such as logon. In this situation, an RODC can speed up response times and mitigate a potential service-failure scenario. This represents a compelling deployment reason by itself.
Small number of users in each location
A branch office might have few users and computers that require authentication and authorization for network services and resources. However, there are no technical limitations that prevent an RODC from supporting thousands of users and computers.
Lack of dedicated IT experience in the branch office
Typically, few or none of an organization’s branch offices have dedicated IT personnel to manage the local IT infrastructure. Therefore, access rights are often limited to the performance of required tasks. In less-ideal cases, an organization may have to deploy a domain controller to a branch office and grant elevated permissions to manage the domain controller to one of the branch users to provide necessary IT services locally.