I’m wondering if anyone with experience siting a heavily-firewalled DC on the internet for the purposes of replication can share a bit more about the implementation details. This kind of solution might be used when you don’t have a direct private network between two geo regions.   In particular, I’m wondering how you address having a dual-homed DC, since that seems to be required in such a configuration, but isn’t supported by Microsoft. (Dual-homing may not be required—and if not, that’d be good to hear too)   I know Microsoft has some information about using IPSEC to encapsulate DC traffic, and there are a couple really old papers where Microsoft notes that this sort of approach is viable. But nothing explains how to work around the dual-home issue.   Brian