We have a Windows 2008 server that we want to move offsite to the cloud (we're using Rackspace). It has to talk to our Active Directory domain constantly, so we need a stable site-to-site VPN between it and our datacenter. Rackspace doesn't offer a virtual VPN device, and a quick search shows that Cisco-Windows VPN tunnels don't work well, if it all. We do have a Windows 2008 server in our datacenter that the offsite server could connect to.
What is the best way to get these two Windows 2008 servers to connect to each other?
You should be able to use Routing and Remote Access (RRAS) on both servers to setup a VPN connection between the two. You can set the connections as "Persistent" and they will automatically connect the VPN at startup. I have tested this with a 2003 Server on Rackspace at one end and a Watchguard Firebox X20e on the other end, communicating over a PPTP VPN. It worked flawlessly. I was able to join the cloud server to the domain and communicate with no problem.
A VPN may be unnecessary. If you promote the server to a Read-only Domain Controller, I think it will encrypt all communication automatically via kerberos.
Otherwise, add the role 'Network Policy and Access Services' and install the VPN service.