Virtualising Domain Controllers?
Discussion
I already have one of our Domain Controllers virtualised, and now our other (FSMO master) is due to be replaced.
IMO our ESX cluster gives us a lot more resiliency then a single physical server, so I'd like to virtualise this one as well.
Just curious how many of you have fully virtual DC's these days and if you've encountered any problems?
IMO our ESX cluster gives us a lot more resiliency then a single physical server, so I'd like to virtualise this one as well.
Just curious how many of you have fully virtual DC's these days and if you've encountered any problems?
Have you read these?
http://support.microsoft.com/kb/888794
http://support.microsoft.com/kb/897615
I have not done a fully virtual AD, but I would see the basic physical principles apply,dont put all your eggs in one basket. I would be hesitant to have all DCs on the one SAN incase of SAN failure, especially if you have other servers not on the SAN that are reliant on AD access.
I would keep a DC virtualised on a basic ESXi server in case of failure of the SAN (rare but ...eventful when it happens)
but hey , im parinoid.... :geek:
http://support.microsoft.com/kb/888794
http://support.microsoft.com/kb/897615
I have not done a fully virtual AD, but I would see the basic physical principles apply,dont put all your eggs in one basket. I would be hesitant to have all DCs on the one SAN incase of SAN failure, especially if you have other servers not on the SAN that are reliant on AD access.
I would keep a DC virtualised on a basic ESXi server in case of failure of the SAN (rare but ...eventful when it happens)
but hey , im parinoid.... :geek:
lestag said:
Have you read these?
http://support.microsoft.com/kb/888794
http://support.microsoft.com/kb/897615
I have not done a fully virtual AD, but I would see the basic physical principles apply,dont put all your eggs in one basket. I would be hesitant to have all DCs on the one SAN incase of SAN failure, especially if you have other servers not on the SAN that are reliant on AD access.
I would keep a DC virtualised on a basic ESXi server in case of failure of the SAN (rare but ...eventful when it happens)
but hey , im parinoid.... :geek:
Yes I had already read those but thank you. Seemed to come down to common sense with no glaring "Do not do this" items.http://support.microsoft.com/kb/888794
http://support.microsoft.com/kb/897615
I have not done a fully virtual AD, but I would see the basic physical principles apply,dont put all your eggs in one basket. I would be hesitant to have all DCs on the one SAN incase of SAN failure, especially if you have other servers not on the SAN that are reliant on AD access.
I would keep a DC virtualised on a basic ESXi server in case of failure of the SAN (rare but ...eventful when it happens)
but hey , im parinoid.... :geek:
We currently have two SANs in two locations on our site so I'd be looking at having one virtualised DC in each location ideally.
Personally I'm paranoid as well, but I'm leaning towards the DR and ESX functionality outweighing having a DC running on a single physical box.
Point taken on SAN failure, but being blunt if that fails I've got way bigger problems than if people can't log on for a while
We have 3 virtual DCs and one physical. The physical one is only physical because it runs RIS, which we build our hosts with, hence needs to be back first in a DR situation.
There are time sync issues, and also issues with reverting snapshots. I guess you know these as you've already got one vDC.
We only have one SAN but lets face it, one physical DC isn't going to be much use if you only SAN is dead and you've virtualised everything else.
There are time sync issues, and also issues with reverting snapshots. I guess you know these as you've already got one vDC.
We only have one SAN but lets face it, one physical DC isn't going to be much use if you only SAN is dead and you've virtualised everything else.
paddyhasneeds said:
Be interested to hear more on the time issues you've encountered as I can't say we've encountered it and most guides seem to suggest it's less of an issue these days if you do the time sync the recommended way etc.
We didn't get any issues as we did it the recommended way agent006 said:
paddyhasneeds said:
Be interested to hear more on the time issues you've encountered as I can't say we've encountered it and most guides seem to suggest it's less of an issue these days if you do the time sync the recommended way etc.
We didn't get any issues as we did it the recommended way Its an approach I recommend to customers all the time. Especially when they are contemplating an Exchange migration or similar where there will be a larger requirement for Global Catalog resource, or similar.
Not only do I recommend putting on to VM, but also to use x64 flavours of either 2003 or 2008.
That said, I also recommend to keep at least one physical server in each of your datacenters with direct attach storage, for the SAN reasons you have already discussed.
HTH.
Not only do I recommend putting on to VM, but also to use x64 flavours of either 2003 or 2008.
That said, I also recommend to keep at least one physical server in each of your datacenters with direct attach storage, for the SAN reasons you have already discussed.
HTH.
pantscat said:
paddyhasneeds said:
... most guides seem to suggest it's less of an issue these days if you do the time sync the recommended way etc.
What is the recommended way?I've yet to virtualise my DCs as yet, but I will definitely do this when I update to 2008 R2...
You may know but if you're still on ESX 3.5 there's an issue with 2008 R2 and the SVGA driver the tools install by default.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff