Microsoft Azure AZ-800 — Section 4: Configure and manage multi-site, multi-domain, and multi-forest environments Part 2

33. Visualizing sites and replication

Now, one of the things that is important for us to understand about Active Directory is that in a lot of our organizations and businesses, we have more than one location, right? You aren’t always a business that’s just located in one building in one place. You might be spread out through multiple geographical locations, and you want to have an understanding of how replication works when you are spread out throughout multiple geographic locations.

So the first thing I want to show you is I want to just, you know, talk about, first off, what is a site? So a site is an object in Active Directory that is going to represent usually a physical geographical location.

OK, so a site, an object that represents a physical, geographical location? All right. And it’s going to be used to help control replication amongst your disease.

OK.

So, it’s an object that is usually going to represent a physical, geographical location. It’s used to help control replication of your disease.

Now, Active Directory doesn’t use GPUs or anything like that to determine where your domain controllers are, So, it’s up to us to tell Active Directory.

Now, in the beginning, Active Directory just thinks you just have one place, one location where everything is stored, OK? Everything being stored in that one location, they call it the default for lightning.

OK. And then from there, all domain controllers get put in that object, which means, according to Active Directory, Active Directory believes that everything is just stored in the same place.

OK, so, we have to basically go in Active Directory and configure Active Directory so that it knows how things are laid out.

So, in my little imaginary example here, we’re going to say that we have three locations. One is in New York, New York City, one is in Dallas, Texas, and then one is in Birmingham, Alabama. All right, ovals are usually the symbol that represent a site when you’re drawing the South.

So that’s why I’ve used ovals. And then these lines are going to represent the connection between the sites. These can be kind of like your if you want to be thinking about land lines, maybe have a wide area network connection or something that connects your offices together. That’s what that’s going to represent. That’s these little lines are going to represent. They are known as something called a site link, which I’ll talk more about coming up.

OK, first, let’s just look at how replication occurs from within a site.

OK. All right.

So, let’s say that we have. Let me just create a domain controller here, DC, OK, because really it’s only domain controllers that matter when it comes to all this. All right.

So here is a DC. All right. And we’re going to say that we have in New York, we’re going to pretend like we have four domain controllers all right now within Active Directory Active Directory on a domain controller has this thing. This component, called the KCC, the KCC is the knowledge consistency checker and all domain controllers have that component. All right.

So the KCC on your different domain controllers are going to communicate with each other and they’re going to locate each other, actually going to do almost like a ping to determine how close each domain controller is in the same site. And they will create a circular replication ring amongst these disks by determining how close they are. The latency between the different pieces? OK. And so what then happens once these are this internal replication ring is created by this, by the way, this called intra site intra site, OK, replication interest site replication is the replication ring that’s going to happen within the site.

OK. And essentially, what’s going to happen there is your domain controllers will replicate very quickly within just a few seconds of something changing.

OK? Usually within about 30 seconds.

So, for example, if I create a user account, OK, let’s say that this little smiley face here might create a little smiley face object. This little smiley face is going to represent a user account. All right. And.

So basically, what will happen is if you created this little user account, let’s say you created it on this first DC right here within about 30 seconds, this DC will contact its neighbor and say, Hey, neighbor, I’ve got a change for you. Do you need this change in the domain or so? Yeah, I don’t have that change.

So at that point, the user will get replicated over that other DC and then within 30 seconds, it’s going to contact the next DC, and he’s going to pull that change as well. And then that DC is going to pull the next, going to tell the next DC and he’s going to pull the change until they all know about that change.

So that is how replication is going to happen within a site.

OK, I’m going to move my little user account out of the way for just a moment. We’ll come back to him. All right.

So that is called interest site replication. The other thing that happens with the KCC. Is the KCC is that every 15 minutes, it’s going to check to see if all of the DCS are still communicating so the cakes are always communicating with each other. If one of the DCS goes down for any reason, like, let’s say this going to go, this goes down, then it updates the ring to look like this. It would just use these three until he comes back online, so, it does provide some redundancy. The KCC is constantly checking to make sure that there is some redundancy there.

OK, so that is how replication occurs within a site. It occurs very, very quickly.

So you can imagine the issue of what happens when. You got domain controllers that are spread out over a longer geographical locations.

OK, so, for example, when we add we create another DC here, we’ll put we’re going to put some in Dallas. He will put three disks in Dallas.

OK, and then maybe.

Some desks over in Birmingham. All right. Originally, Birmingham maybe was a small office, but it’s grown into a bigger office, So, it’s getting full blown disease. You know, lots of users there.

OK, so the same thing is going to happen here. The problem, though, in the beginning, is that all these things are going to start out in the same site.

OK, so, If the very first site in Active Directory is called the default first site, all domain controllers are going to be in that site.

So you have to go an actor director, you have to create the different sites which I’m going to show you, and then you have to move the domain controllers into the proper site, which I’m going to show you how to do that as well.

OK. If you don’t, then all 10 of these disks would be in the first site and they would all replicate every time. There’s a change that would happen within that 30 second interval, when there’s a change 30 seconds and then it goes across to every DC now. If you have good bandwidth, OK, like you know, you’ve got plenty of bandwidth between your offices. It may not be a big deal to have a single site, OK, but if you’ve got slow connections between your offices, OK, like, let’s say that. This off, this connection here is, will say, just like a. We’ll say five Mbappe’s connection. All right. And maybe this a two MEPs connection. All right. Then, Dean, you may not want them replicating very, very quickly. You would want to separate the sites, you would want to have multiple sites and not put everything all in one site because you don’t want replication to happen so fast amongst those different sites.

So what happens when you separate your to make tours into different sites? OK, well, when you do that, the cakes on those machines build the ring just like they did in New York. It’ll happen automatically. You don’t have to do anything to make this happen. And then what happens by default is the KCC will appoint a server known as a Bridgehead server, so each and each site one of the servers will be known as a bridgehead. The bridgehead is the server that does replication between the sites, and the replication occurs every hundred and eighty minutes between the bridge. It’s OK that’s called into site replication. Inter site replication.

OK. And this going to occur every 100 in 80 minutes or, in other words, three hours.

OK.

Now, by default, there is a feature known as Site Link Bridging that isn’t a site line. Bridging means that when the three hour time interval hits all bridgehead, servers talk to each other across the entire company.

So what’ll end up happening is, for example, I create this user right here on this DC.

OK, it’s going to replicate very quickly amongst the other devices in that office.

Now, when the three hour time interval hits, this Bridgehead is going to contact both of these brackets.

So this guy right here is going to learn about it in this guy right here is going to learn about it. They’re going to learn about it the exact same time. And then at that point, they’re going to replicate it around to their domain controllers, and this user account will now exist in these on all that he sees across the board.

OK. And so that’s how that’s going to work.

OK, now the other thing that I want to help you understand, and I’m going to get rid of the user account again, I want to move him out of the way. Just to kind of clean things up a little bit is I want to talk about some redundancy for your sites in case a link goes down.

So these right here, these are called site links. They’re going to represent the connections between the sites.

Now you might have, let’s say that that for redundancy, your company has a way in connection between Dallas and Birmingham. It’s a land line, a wider network connection. And let’s just say it’s a very slow connection, just as a backup.

OK, let’s say it’s 512 K OK kilobits per second. Very slow connection, and it’s only to be used if one of these other lines goes down.

So, it’s actually faster if you think about it, if replication is occurring between offices. It’s actually faster for this bridgehead to contact this bridgehead through New York than it is to contact directly. But here’s the what you’ve got to understand. Site links. There’s there’s two requirements for site link. First off, you have to have a name for a site link. Secondly, you have to have something called cost.

OK, so let’s let’s illustrate this so that I’m going to give my site link between New York and Dallas. I’m going to call it will call it Dallas Dash. And I like to do this. I like to say five in the Dash. New York, OK? And that’s just how I like to name it.

OK. And then we’ll call this one. We’re going to call it New York Dash. To him, Emby, oops, that’s just represents the speed, it’s just a name anyway, and then I’ll just put Berm for Birmingham, OK? Kameny spaces when you name it. And then this connection here we’ll call it. We’ll call it Berm -five 12 K -Dallas. And that’s just going to represent the object that is known as a cycling.

OK.

So again, a site link. Site Link. This going to represent the connection between your sites.

Now this connection has this number called Hulst.

OK. And the default cost is always an always one. That’s just the number they chose.

So every one of these has this number that is set to 100.

Now you’re going to change the course to whatever you want in order to make replication occur the way you want it to occur right now, it would cost for this domain controller right here to communicate with this domain controller right here. This bridgehead. It would cost 200 to go through New York. It would only cost 100 to talk directly over the 5:12 case, so what you want to do is you don’t want that to happen. You only want this connection to be used if one of these connections is not available.

So you’re going to change the cost.

OK, so, I’m going to and the rule of thumb generally with calls is you can make the number whatever you want, but you want the faster connection to have a lower cost number.

So, we’re going to set the first one here, the five, the five megabyte megabits per second. We’re going to change that to 25.

OK. I can change what I want. This just one way to do it.

OK. We’re going to set the two megabyte. To what will this leave it to 100 and then will set the five, we’re going to set that to 400.

OK. And so now if you add all that up and you could have done this so many different ways, it really doesn’t matter. Once you add all that up, it would cost 125 replicate this way would cost 400 or update that way.

OK. All right. And so that is how your site links work.

Now the other thing that’s critical for replication is that each site you must associate all the TCP IP subnets with that site.

OK.

So, for example, if New York, let’s say that New York’s subnet is 192.168.1.1 zero slash 24, you would need to illustrate that. And then maybe Dallas is 192 168. 2.0 slash 24. And then Birmingham as 192 dot 168th 3.0 slash 24.

So the reason that’s important is because DNS, your domain name system is going to receive this information and it’s going to know which domain controllers reside in which sites.

So, it’s very important if we have a computer that is logging on in Dallas, we’re going to want that computer to interact with the domain, which were in Dallas. If the computer is logging on in New York, we want it to interact with it to make sure New York is logging on in Birmingham. We want to interact with the domain stores and Birmingham. Those subnet objects are going to play a role in making that happen.

OK. All right. The last thing I want to mention is site link bridging.

Now Site Link Bridging is something that’s enabled by default in your active territory site environment, and it just means all bridgehead servers can communicate with all other bridgehead servers. And that’s generally the way you want it to happen. But I will say, in a very slow environment, you may not want that to happen every three hours you may want it to. You may want to alter replication. Let me give you an example.

OK, let’s let’s go down here. All right.

So here you’ve got you. Got your first site. You another site? Another site? In these sites are connected together. All right.

Now, let’s say for a moment that the that you have, let’s say that you have a site in. Let’s say the. Caribbean, OK, so Caribbean. Caribbean. All right.

So you’ve got a site located in the Caribbean, Caribbean being, you know, the islands. There’s different islands in the in the Caribbean, and once you realized that I type of that may fix that. All right. There we go. Caribbean, so the Caribbean is made up a bunch of different islands, right? And so you got your main island here. We’ll say, actually, you know what we’ll do this will say this like Miami. All right.

So, we have Miami and then you have some Caribbean islands here. All right. That you’ve got offices at, OK, now you’ve got very slow satellite connections that connect these offices together from Miami and in Florida.

OK. And so slightly bridging is turned on, which basically means that right now, if you have a domain controller in every one of those locations right now, every three hours, they’re all going to replicate. The problem is, is that these connections are very slow. And so, instead, maybe you’re going to allow these sites to replicate because they have solid connections, you’re going to allow them to replicate immediately when the three hour time interval hits. But you can disable bridging for all the sites and you can make it where these sites are bridge so that every three hours they replicate bridgehead, servers all together. And then what you’ll do with these is you’ll you’ll separate these out.

So, they have their own three hour time interval.

So basically this has its own three hour time where it’s going to replicate with this. This guy will never replicate directly with this, this site or that site. If you do that, if you disable site link bridging. They can only replicate with their parent site. They won’t replicate with all these others.

So that also, though, does mean that when something changes over here, Miami has to learn about it. And then that point Miami, when the next three hour time interval hits, it’ll replicate it here.

So that’s the idea of site link bridging.

OK.

So slightly bridging is turn on for all sites by default. And then if you want to alter that, you can.

OK. All right.

So now hopefully you got a visualization of how sites work. Site links this concept of inner site replication versus interest site replication. Interest site replication is going to occur very quickly by separating your domain chores into different sites. You can break that up and change it to every three hours. By the way, all of that is ultra. You can alter the three hour time interval however you want, and then the subnet objects. Again, they’re going to represent the TCP IP subnets with each site.

So hopefully that gives you a good visualization of how this all works, and now we can jump in and see how to configure it.

Related posts:

  1. Advantages of Free IT Training: Top 6 Benefits That Will Bring You More Than You Think
  2. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 15
  3. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 26
  4. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 36
  5. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 4
  6. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 47
  7. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 5
  8. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 58
  9. Microsoft Azure AZ-800 — Section 3: Deploy and manage AD DS domain controllers Part 5
  10. Most Popular Certification Choices for Top 6 IT Jobs in 2020 You Should Know About