@JasGOt said in Tunnel Interface with two Sonicwalls and three subnets.:
@PhlipElder said in Tunnel Interface with two Sonicwalls and three subnets.:
What we do:
Plug the server into a small 5-Port or 8-Port Gigabit switch.
We have a dedicated bench SonicWALL that is used to isolate the bench network then each LAN port on the unit is configured with its own subnet/gateway with a DENY between all.
The above switch is plugged in to one port on the SW. A Site-to-Site (S2S) tunnel is created to the client's site.
The VMs are stood up leaving the host in workgroup mode pulling a DHCP address that can be set to DHCP Reserved if need-be for longer bench duration.
All Roles and Features are set up and LoBs are installed and configured.
When it comes time to deliver we delete the S2S on both client and bench SWs.
Deliver the host. We always have a RMM/iDRAC Enterprise installed with DHCP enabled. That way we virtually never run into a problem on-site. Worse gets to worst a monitor and keyboard are available. 🙂
Once the host is configured on the production network we flip the IP on the DC VM and IPConfig /RegisterDNS then verify AD, DNS, ETC.
From there it's migrate ...
Okay. You do exactly what we do. Almost. Your outline above is describing what I am trying to streamline so it can be done over and over with different client sites with little to no effort. The one difference is that we use Robocopy to migrate all the data (over the tunnel) ahead of time (last week we pulled over 200TB of data over a tunnel in advance, it was sweet!), and then when we arrive on site (since it's all the same subnet), we run our script one last time to catch any new/modified files that showed up in the hours before final migration; this takes minutes.....
We even setup the new domain (when needed; I hate .local domains) with DHCP turned off, in our office before hand. It works a treat.
I spent time last night reading about EoIP with Mikrotik. It is exactly what I want, but I couldn't find any docs on setting it up with both Microtiks behind NAT devices. I'm still looking.
We do a .VHDX restore of their backup to the newly stood up VM what hosts their files and folders. That way there's no permissions issues. Final sync is done using BeyondCompare.