We are a small consulting firm, with a need for a windows domain based network. Most of our consultants work either at home, or on-site.
What would be the best way to provide a domain centric infrastructure to our staff?
VPN would be used to connect to the infrastructure (hosted COLO), but this could be annoying if the user can't access the VPN due to on-site restrictions etc.
I realize this is just vague hand-waving, but take a look at DirectAccess. This allows for VPN-like functionality (using IPsec and IPv6, IIRC) to access internal applications such as Exchange and AD without going through the VPN connection process. It prefers (only has documentation for) using a MS-based firewall solution such as ISA 2007 or the new Threat Management Gateway. As you're on the latest client and server OS, this may be a viable option (it requires Windows 7 on the desktop).
Is the windows domain even relevant to your requirements? More relevant I would say are the services you want to provide to remote workers. So...what services do your users need to be able to use off-site?