|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
AD replication - IP site to site encryption?
sn0rt_y
hotmail.com
Date: Fri Mar 07 2003 - 09:50:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Good day -
There is a design being discussed of a Windows 2000 Native mode forest,
single domain, multiple sites with one DC in each site.
Each DC will be kept up to date on OS patches.
Replication between DC's will be over IP without a VPN, IPSEC on the servers
or LDAP over SSL.
A question is what type, if any, encryption will be used on the replication
traffic by default.
Kerberos authentication will by default be used but will I be able to sniff
the wire during replication and view say... password changes?
This info will be used to present a case for using W2K IPSEC DC-to-DC
communication, LDAP over SSL via certificates or a hardware VPN solution.
TIA
Sn0rt_y
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]