Logon and Replication Traffic Analisys

I´m doing some tests in my environment with 2 Sites connected by a 2 Mb/s
WAN Link and 250 users in Site1 and 350 Users in Site2

I´m doing some analisys and, in my environemnt, a Logon consumes aprox.
100Kb (KBit) of traffic with a average rate o 5-6 KB/s (KByte) and the AD
Replication Traffic uses a 15-Minutes interval, 24H/Day and each replication
connection consumes 15-22 KB/s in 7:00 AM-18:00 period and 12-14 KB/s in
non-work hours (Measurement made by Perfmon, Bytes/Sec After compression
Inbound/Outbound)

I´m beggining a "SIngle Sign On" Project to consolidate various Forest
structures in 50 locations with 10, 30, 40 users and 6 of then with more than
100 users each in a Big AD Forest with 2.400 users and 2500 PCs

I´m tryingo to understand wich option is better. More DCs to service Logon
Requests "onsite" (more replication traffic and less Logon Traffic ) or Less
DCs centralizing Logon, avoinding Replication Traffic (More Logon Traffic and
less Replication Traffic)

Some locations have full time admins (probably i´ll use Child-Domains) and
som locations have 128 Kb/s leased/MPLS WAN

There somthing more to consider in the decision?

Danny
Wed Aug 06 13:56:05 PDT 2008

I would forget about those numbers and concentrate on the user experience.
Number don't mean squat to a user that thinks it's taking too long to log
in.
Define a site for each location and include a DC in each site.

> Some locations have full time admins (probably i´ll use Child-Domains) and
> som locations have 128 Kb/s leased/MPLS WAN

This would add another layer of admin overhead. Changing passwords on
services for compliance purposes would have to be done once in one domain
and again on the other domain. If they were in a site, you make the change
and it replicates..........done.

We have 50+ sites and over 8K users. The DC is the print, DHCP,DNS and file
server for each site. Sites where they have admins we provide them with a
taskpad to do only what we want them to do.


hth
DDS|

"FB" <FB@discussions.microsoft.com> wrote in message
news:C543FB7F-63FB-40AE-B35D-6AFE54FB4970@microsoft.com...
>
> I´m doing some tests in my environment with 2 Sites connected by a 2 Mb/s
> WAN Link and 250 users in Site1 and 350 Users in Site2
>
> I´m doing some analisys and, in my environemnt, a Logon consumes aprox.
> 100Kb (KBit) of traffic with a average rate o 5-6 KB/s (KByte) and the AD
> Replication Traffic uses a 15-Minutes interval, 24H/Day and each
> replication
> connection consumes 15-22 KB/s in 7:00 AM-18:00 period and 12-14 KB/s in
> non-work hours (Measurement made by Perfmon, Bytes/Sec After compression
> Inbound/Outbound)
>
> I´m beggining a "SIngle Sign On" Project to consolidate various Forest
> structures in 50 locations with 10, 30, 40 users and 6 of then with more
> than
> 100 users each in a Big AD Forest with 2.400 users and 2500 PCs
>
> I´m tryingo to understand wich option is better. More DCs to service
> Logon
> Requests "onsite" (more replication traffic and less Logon Traffic ) or
> Less
> DCs centralizing Logon, avoinding Replication Traffic (More Logon Traffic
> and
> less Replication Traffic)
>
> Some locations have full time admins (probably i´ll use Child-Domains) and
> som locations have 128 Kb/s leased/MPLS WAN
>
> There somthing more to consider in the decision?

Paul
Thu Aug 07 05:47:29 PDT 2008

If you have more than about 50 users in a site, have a slow link, an
application that needs to access AD or an unreliable link then that site
should have a DC. Obviously I have over simplified but those are mainly the
basics to look at when you are trying to decide which sites should have a
dc.

Best Practice Guide
http://technet.microsoft.com/en-us/library/cc755768.aspx

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"FB" <FB@discussions.microsoft.com> wrote in message
news:C543FB7F-63FB-40AE-B35D-6AFE54FB4970@microsoft.com...
>
> I´m doing some tests in my environment with 2 Sites connected by a 2 Mb/s
> WAN Link and 250 users in Site1 and 350 Users in Site2
>
> I´m doing some analisys and, in my environemnt, a Logon consumes aprox.
> 100Kb (KBit) of traffic with a average rate o 5-6 KB/s (KByte) and the AD
> Replication Traffic uses a 15-Minutes interval, 24H/Day and each
> replication
> connection consumes 15-22 KB/s in 7:00 AM-18:00 period and 12-14 KB/s in
> non-work hours (Measurement made by Perfmon, Bytes/Sec After compression
> Inbound/Outbound)
>
> I´m beggining a "SIngle Sign On" Project to consolidate various Forest
> structures in 50 locations with 10, 30, 40 users and 6 of then with more
> than
> 100 users each in a Big AD Forest with 2.400 users and 2500 PCs
>
> I´m tryingo to understand wich option is better. More DCs to service
> Logon
> Requests "onsite" (more replication traffic and less Logon Traffic ) or
> Less
> DCs centralizing Logon, avoinding Replication Traffic (More Logon Traffic
> and
> less Replication Traffic)
>
> Some locations have full time admins (probably i´ll use Child-Domains) and
> som locations have 128 Kb/s leased/MPLS WAN
>
> There somthing more to consider in the decision?

FB
Thu Aug 07 09:07:02 PDT 2008


One of the problems is that some locations does not have power during
weekends, power outages are very common in various locations (Are
constructions, building bridges and other things)


This is a strong discussion point, i have friend with the opposite
strucuture, where 10K Exchange 2003 users authenticate and have 4 DCs and 1
EXC2003 system centralized in a major city with 50 locations arround, all of
then without DCs., DNSs, WINS, etc

"Danny Sanders" wrote:

> I would forget about those numbers and concentrate on the user experience.
> Number don't mean squat to a user that thinks it's taking too long to log
> in.
> Define a site for each location and include a DC in each site.
>
> > Some locations have full time admins (probably i´ll use Child-Domains) and
> > som locations have 128 Kb/s leased/MPLS WAN
>
> This would add another layer of admin overhead. Changing passwords on
> services for compliance purposes would have to be done once in one domain
> and again on the other domain. If they were in a site, you make the change
> and it replicates..........done.
>
> We have 50+ sites and over 8K users. The DC is the print, DHCP,DNS and file
> server for each site. Sites where they have admins we provide them with a
> taskpad to do only what we want them to do.
>
>
> hth
> DDS|
>
> "FB" <FB@discussions.microsoft.com> wrote in message
> news:C543FB7F-63FB-40AE-B35D-6AFE54FB4970@microsoft.com...
> >
> > I´m doing some tests in my environment with 2 Sites connected by a 2 Mb/s
> > WAN Link and 250 users in Site1 and 350 Users in Site2
> >
> > I´m doing some analisys and, in my environemnt, a Logon consumes aprox.
> > 100Kb (KBit) of traffic with a average rate o 5-6 KB/s (KByte) and the AD
> > Replication Traffic uses a 15-Minutes interval, 24H/Day and each
> > replication
> > connection consumes 15-22 KB/s in 7:00 AM-18:00 period and 12-14 KB/s in
> > non-work hours (Measurement made by Perfmon, Bytes/Sec After compression
> > Inbound/Outbound)
> >
> > I´m beggining a "SIngle Sign On" Project to consolidate various Forest
> > structures in 50 locations with 10, 30, 40 users and 6 of then with more
> > than
> > 100 users each in a Big AD Forest with 2.400 users and 2500 PCs
> >
> > I´m tryingo to understand wich option is better. More DCs to service
> > Logon
> > Requests "onsite" (more replication traffic and less Logon Traffic ) or
> > Less
> > DCs centralizing Logon, avoinding Replication Traffic (More Logon Traffic
> > and
> > less Replication Traffic)
> >
> > Some locations have full time admins (probably i´ll use Child-Domains) and
> > som locations have 128 Kb/s leased/MPLS WAN
> >
> > There somthing more to consider in the decision?
>
>
>