Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
AD replication - IP site to site encryption?
Date: Fri Mar 07 2003 - 09:50:40 CST
Good day -
There is a design being discussed of a Windows 2000 Native mode forest,
single domain, multiple sites with one DC in each site.
Each DC will be kept up to date on OS patches.
Replication between DC's will be over IP without a VPN, IPSEC on the servers
or LDAP over SSL.
A question is what type, if any, encryption will be used on the replication
traffic by default.
Kerberos authentication will by default be used but will I be able to sniff
the wire during replication and view say... password changes?
This info will be used to present a case for using W2K IPSEC DC-to-DC
communication, LDAP over SSL via certificates or a hardware VPN solution.