In our production environment we have a single SLP scope with two DAs, both DAs at our HQ location. We have two large remote sites with a 3 node NCS cluster and several hundred users at each site. The remote sites are WAN connected and in the same tree as HQ. We plan to add DAs to each remote site but have not done so yet.

I'm seeing that even though each remote site has local servers with replicas, most users at these sites are authenticating to servers here at HQ over the WAN connection. The standard client setup has the tree name and context specified and the server field left blank.

We would like to get these remote site users authenticating via their local servers. I assume one way is to add the appropriate local server entry to the client setup. We are already doing this at over 100 small branch offices that each has a local server and that works fine. However, would the "SLP Resolve Nearest Server" setting work? By default this is off. If I understand the docs, by turning this on the client will "cost" the server connections and authenticate to the nearest one. Is this a correct assumption? I also assume that simply placing DAs at each remote site, while probably a good idea, will not encourage local authentication unless SLP Resolve Nearest Server is on.

Any comments or suggestions appreciated. Just looking for the best solution to reduce the over the WAN authentication we are now seeing. Thanks,