1

I'm trying to set up a remote DC for DR, and I've chosen to put it in AWS in a VPC with our other servers being backed up. I can restrict that with security groups to only accept traffic from the main office IP while still having a public IP address, so the primary DC in the local office can see it just fine.

What is more difficult is letting this remote instance in AWS see the DC in the local office. I can connect to our Cisco IPSEC VPN with Shrew Soft, but VPNs have typically been less than reliable for me in the past. I'd also rather not attempt getting into firewall rules that directs traffic from this remote IP to the local DC.

Is there a way to set up replication where the local DC pushes out data, but the remote DC can never contact it directly? Maybe I set it up over the VPN but change the remote DC's IP to its external IP and break the VPN connection? I'm okay if the remote DC has to be read-only, so long as I can change its role for testing/DR.

icrf
  • 151

1 Answers1

2

Manually editing DNS entries to try to get the local DC to talk to the remote one didn't work at all. All my replication links disappeared. So I'm just going to go with the assumption that the VPN will stay alive and the local DC knows nothing about the remote DC's public IP. It only converses over the VPN IP. I'll try to log in and check that it's still running on a regular basis. So far, it's been more stable than home experience.

While changes in either site do propagate to the other site, I'm still seeing a lot of errors in event viewer about it being unable to have a properly spanning tree. But it's moving data, even it takes an extra hop through another DC or something. I'll look into the separate issue and possibly post a question on it when I get a chance to dig into this again.

icrf
  • 151