many people use VMs for AD redundancy?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I know its not recommended to run your primary DC in a VM, however, I wondered how many people use VMs for AD redundancy in a production environment?

what precautions did you take?

One of our small offices needs redundancy and a small scale exchange environment, I am thinking of setting up a exchange member server in ESXi and having a redundant DC/File server as VMs.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

At the last place I worked at I had set this up. The second DC was a VM running AD, DNS and DHCP.

Worked really well as you could do maintenance on the primary DC during the day as you had the VM DC to take over. Saved me a lot of after hours work.

 

Our company have a policy that all DC's, with the exception of the PDC, are running on VMWare.

Seems to be working well, except that its a ball-ache for me (the changes dont work well with my AD query scripts).

 

If its only for backup I dont see it being a problem at all. Stick the PDC on a physical server and all other's as VM's

 

Almost my entire infrastructure runs on ESX. DCs, file & print, Exchange, BES, AV, all our web and app servers - the whole nine yards. I still have a couple of beefy Oracle boxes on tin, as well as network monitoring, IDS servers and a couple of odds and ends.

I'm rebuilding my DR site right now - used to run it on VMWare Server (free) and am currently running it on ESXi as a stop-gap before I get budget for a SAN and full-fat ESX. I've not had any problems running our DR colo on VMWare Server, though admittedly it's a 'skeleton service' - a few web servers, a DC, file & print and little else (no Exchange etc). Obviously, with ESXi - unless you buy the full licensed version - you're not getting VMotion or anything like that, but you can get round the shared storage issue without a SAN by using Openfiler or similar. Backups are a pain, with VMWare Server I used to shut the VMs down once a month and run a manual backup - you could script this if you wanted, but I've not looked into it because I never needed to. You could, of course, run SAN snapshotting from Openfiler, but I've never bothered with that either - mainly because I once had an extremely bad experience with OF snapshots and have shied away from them ever since.

 

Most the companies I work with also put every DC on virtual machines, hell I've been places where DCs were running on desktops in racks!
seriously, people don't think very highly of their DC's!

VMWare is a great place to put a DC or two, just use DRS rules or affinity rules to make sure they never end up all on the same box!

 

Amen to that. First time we had a power issue in a rack at our main datacentre it took out a host - unfortunately all three of our DCs were on that host That was a fun couple of hours!

 

Thanks All .... for the thumbs up

I must admit for the size of office i am tempted to put both DCs in VMs and have two ESXi boxs and also make the other member services have a level of redundancy. Basically we have AD, file shares and SOAP based applications (which i need to look into) and i would like to add redundancy and leave things open for a few member servers namely exchange and sharepoint.

LOL..yeah

I dont think that will be a problem as i would plan to use ESXi with my budget.

Although this may make some of the bespoke software services difficult to have a level of redundancy, i would have to look into this further by looking under the hood. (i was going to write a simple script to ping and modify DNS (low TTL) entries based on failures for these SOAP based services or use DNS round robin)

 

Before HA came out we used to script the feature anyway in virtual center, so if you can get budget to manage the ESXi boxes (even though they are free, the VC Agents and VC are not) you could just use heartbeat scripts against the VM to restart it on another box

that still assumes shared storage though

is this a branch solution? are the services available across the wire also and you just want to have local services for availability and performance? you could just fail back to the HQ services if there is a problem with the branch systems, i dont know many folks who build in redundancy at the branch level

or is this the only place these services will exist?

 

Although national each branch is run as a independent entity. Really i should of said it was a single site to avoid confusion. Therefore, there is no centralised infrastructure.

Thanks i'll look into this some more.

 

I am not familiar with Hyper-V as of yet would there be any advantages in looking at this as a possible solution?