- 最新
- 投票最多
- 评论最多
It is generally recommended to have a separate Active Directory (AD) site for each region because it helps to ensure that clients can always find a domain controller (DC) that is located close to them and can provide fast authentication and authorization services. This is especially important if the clients are located in different regions, as it can help to reduce the amount of cross-region traffic that is generated by clients trying to authenticate to the AD.
However, if you have a large number of clients that are all located within the same region and availability zone (AZ), then it might make sense to create a separate AD site for each AZ. This can help to further optimize the authentication process for these clients by ensuring that they can always find a DC that is located within the same AZ.
It's worth noting that creating a separate AD site for each AZ can be more complex to manage and maintain than a single AD site per region. This is because you would need to create and manage multiple AD site links, and you would also need to ensure that the site topology is properly configured to reflect the different AZs.
In general, the best approach for designing AD sites will depend on your specific requirements and the distribution of your clients. It might be useful to consider factors such as the number of clients that are located in each region or AZ, the expected workload on the DCs, and the expected network latency between the clients and the DCs when deciding how to design your AD sites.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前
That makes a lot of sense. Thank you!