We use Citrix's XenApp (formerly Presentation Server or MetaFrame) and beginning with the version for Windows 2008 Server Citrix dropped support for the Novell Client and will be officially supporting Domain Services for Windows to work with eDirectory. In planning my DSfW infrastructure I see a couple of options for implementation and am looking for some feedback.

Our eDirectory structure is:


MAINOFFICE is our main site and has VMware ESXi hosting virtual servers for various applications and the Citrix server. ALTHS & HEADSTART are remote sites connected via VPNs and each site has a single server for File/Print services, GroupWise post office, and ZCM. The tree is partitioned at Root, ALTHS, HEADSTART, and MAINOFFICE. Staff from the 3 sites access Citrix and OES2 is running on SLES.

DSfW follows partition boundaries so I know that I'll have to partition O=CESA7 and install a new forest at that level and install DSfW at the OUs as sub-domains in the forest. At this time Citrix would be the only service requiring DSfW. So I could implement as follows:

Scenario 1: Install a new virtual server at the main site for the DSfW forest and reinstall the file servers at the 3 sites to include DSfW for the sub-domains. Use the Samba included with DSfW to share the data drives on each file server for the Citrix server. Budget & space constraints currently prohibit second servers for the remote sites.

Scenario 2: Build new virtual servers at the main site for DSfW for the forest and each sub-domain. Use CIFS on each file servers to share the data drives for the Citrix server.

Scenario 3: Combine options 1 & 2 by having a DSfW server for the forest at the main site and have DSfW installed at both the main site and remote sites for each sub-domain.

I'm currently leaning towards scenario 2 since it keeps the "Active Directory" at the location where it's needed for authentication but am unsure about how CIFS interacts with DSfW and wonder if I'm not going to eventually need DSfW at the remote sites someday anyway. In scenario 1 Citrix would have to communicate over the VPNs for authentication of the remote users and scenario 3 may be overkill since DSfW is only required for Citrix.

I apologize for the longwinded posted. Thank you for the feedback!