The Snapshot feature is also really useful, especially in a development/test environment. Being able to quickly roll back the machine without requiring a restore can save hours!
If you have ESX on a SAN, Vmotion can provide some interesting DR/BCP options for server apps that are not cluster aware. I saw a demo at HP a while back where they failed a VM over to another node whilst pinging the server - it didn't even drop a packet. Cool but pricey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart Sent: 16 February 2005 19:34 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC I hate to drag this off subject slightly and since no one has mentioned it, but isn't the whole point of Microsoft Virtual Server and VMware GSX/ESX so that you can run multiple servers on the same physical server and not have the application/security/resource conflicts that you can get by running everything on one server? At the last MS TechEd several of the MS people I talked to were pitching Virtual Server as *the* solution to the "I only have one server" and branch office scenarios. -Stuart Fuller -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, February 16, 2005 9:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC Yeah MS has always said best practice is not to put back office apps or IIS on domain controllers for as long as I can recall. Ditto file and print. There are possible resource and security issues. Then they have SBS.... SBS bothers me because you take everything MS has every said and you say, hmmm, forget about it.... At that point, what do you and don't you listen to from MS? My thoughts? Listen to all of it but don't trust any of it until you have proven it yourself. I generally (there are exceptions to make the rule) consider anything from MS as propaganda until I have proven with my direct experience or it has been stated to me by my very few trusted advisors. Like if Dean tells me something, I tend to listen closely, I may argue, but I start from a losing position because if I don't agree it is probably because I don't understand through no fault of Dean's explanation. Many conversations I have with Dean start out with me thinking, oh shit, he expects I know what I am talking about with this functionality... With Rick, well you argue with Rick about everything because he is a hoot to argue with. With Deji... Check it twice - all of it. ;oP Tony... Never argue with Tony's dinner wine choice, never. My thoughts are that if you have a company small enough that SBS works for you. You probably won't have too many resource issues unless you have some serious power users. However security concerns will *always* be there simply because you are adding additional vectors. You can't add more services to service users and NOT open up more possible security holes. Additionally one of the methods for fixing replication hangs and such in AD is a reboot because attempting to stop and start the AD services is less than helpful. Tougher to do that when you have people using fixed services such as F&P, SQL, Exchange, etc as they tend to get cranky when the server side of the equation disappears. My personal reaction to anything but DHCP/DNS/WINS on a DC are sort of a blanched look and I don't even really like DHCP/WINS/DNS on the DC because I think that also raises the security vectors too much. Keep in mind, AD is the bastion of your enterprise security. Why give people holes to poke at to see if they can compromise the entire forest? joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Wednesday, February 16, 2005 11:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC If you have the resources on the box and can not afford to purchase a new box for SQL or Exchange, then you are stuck with the only one option. However, I am a big believer of keeping the server roles separate. I find that the overhead of SQL (and even Exchange) is rather high during peek times. And, if SQL runs on the DC, this may cause latency issues with DNS lookups, group policy updates to clients and/or log in issues. I believe that Microsoft's best practices said to keep things separate. (But, I may be dreaming...Like I often do...) However, with everything that I have said, it is just my opinion and is dependant on how many users you have and if your company can afford the cost. ***************************************** Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alonzo Hess Sent: Wednesday, February 16, 2005 7:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC or not DC Last night I received the latest MCPMag email newsletter and always read the questions that people ask. I was kind of surprised by the opening sentence of the question. "I know that the Microsoft gospel is never to run Exchange, SQL Server, etc. on a domain controller." I've never seen or heard this before. I realize having the server be a DC would add some overhead, but what are the lists thoughts on this? Good or Bad? Thanks, Zo List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ********************************************************************** This is a commercial communication from Commerzbank AG. This communication is confidential and is intended only for the person to whom it is addressed. If you are not that person you are not permitted to make use of the information and you are requested to notify <mailto:[EMAIL PROTECTED]> immediately that you have received it and then destroy the copy in your possession. Commerzbank AG may monitor outgoing and incoming e-mails. By replying to this e-mail you consent to such monitoring. This e-mail message and any attached files have been scanned for the presence of computer viruses. However, you are advised that you open attachments at your own risk. This email was sent either by Commerzbank AG, London Branch, or by Commerzbank Corporates & Markets, a division of Commerzbank. Commerzbank AG is a limited liability company incorporated in the Federal Republic of Germany. Registered Company Number in England BR001025. Our registered address in the UK is 23 Austin Friars, London, EC2P 2JD. We are regulated by the Financial Services Authority for the conduct of investment business in the UK and we appear on the FSA register under number 124920. ********************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/