Its logical separation vs. physical separation. Mainframes have had LPAR's (logical partitions) for ever, which do the same basic thing.
Logically separating the platforms does protect from most of the issues caused by putting a crapload of services on one box. However, I'd never use a virtualizing solution like this on anything that has intensive hardware level requirements like file, network or memory. -------- Roger Seielstad E-mail Geek & MS-MVP > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Fuller, Stuart > Sent: Wednesday, February 16, 2005 11:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] DC or not DC > > I hate to drag this off subject slightly and since no one has > mentioned it, but isn't the whole point of Microsoft Virtual > Server and VMware GSX/ESX so that you can run multiple > servers on the same physical server and not have the > application/security/resource conflicts that you can get by > running everything on one server? At the last MS TechEd > several of the MS people I talked to were pitching Virtual > Server as *the* solution to the "I only have one server" and > branch office scenarios. > > -Stuart Fuller > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Wednesday, February 16, 2005 9:50 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] DC or not DC > > Yeah MS has always said best practice is not to put back > office apps or IIS on domain controllers for as long as I can > recall. Ditto file and print. > There are possible resource and security issues. > > Then they have SBS.... SBS bothers me because you take > everything MS has every said and you say, hmmm, forget about > it.... At that point, what do you and don't you listen to > from MS? My thoughts? Listen to all of it but don't trust any > of it until you have proven it yourself. I generally (there > are exceptions to make the rule) consider anything from MS as > propaganda until I have proven with my direct experience or > it has been stated to me by my very few trusted advisors. > Like if Dean tells me something, I tend to listen closely, I > may argue, but I start from a losing position because if I > don't agree it is probably because I don't understand through > no fault of Dean's explanation. Many conversations I have > with Dean start out with me thinking, oh shit, he expects I > know what I am talking about with this functionality... With > Rick, well you argue with Rick about everything because he is > a hoot to argue with. With Deji... Check it twice - all of it. > ;oP Tony... Never argue with Tony's dinner wine choice, never. > > My thoughts are that if you have a company small enough that > SBS works for you. You probably won't have too many resource > issues unless you have some serious power users. However > security concerns will *always* be there simply because you > are adding additional vectors. You can't add more services to > service users and NOT open up more possible security holes. > Additionally one of the methods for fixing replication hangs > and such in AD is a reboot because attempting to stop and > start the AD services is less than helpful. > Tougher to do that when you have people using fixed services > such as F&P, SQL, Exchange, etc as they tend to get cranky > when the server side of the equation disappears. > > My personal reaction to anything but DHCP/DNS/WINS on a DC > are sort of a blanched look and I don't even really like > DHCP/WINS/DNS on the DC because I think that also raises the > security vectors too much. Keep in mind, AD is the bastion of > your enterprise security. Why give people holes to poke at to > see if they can compromise the entire forest? > > joe > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff > Sent: Wednesday, February 16, 2005 11:24 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] DC or not DC > > If you have the resources on the box and can not afford to > purchase a new box for SQL or Exchange, then you are stuck > with the only one option. > However, I am a big believer of keeping the server roles > separate. I find that the overhead of SQL (and even > Exchange) is rather high during peek times. And, if SQL runs > on the DC, this may cause latency issues with DNS lookups, > group policy updates to clients and/or log in issues. I > believe that Microsoft's best practices said to keep things > separate. (But, I may be dreaming...Like I often do...) > However, with everything that I have said, it is just my > opinion and is dependant on how many users you have and if > your company can afford the cost. > > ***************************************** > Steve Shaff > Active Directory / Exchange Administrator Corillian Corporation > (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alonzo Hess > Sent: Wednesday, February 16, 2005 7:01 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] DC or not DC > > > Last night I received the latest MCPMag email newsletter and > always read the questions that people ask. I was kind of > surprised by the opening sentence of the question. "I know > that the Microsoft gospel is never to run Exchange, SQL > Server, etc. on a domain controller." I've never seen or > heard this before. I realize having the server be a DC would > add some overhead, but what are the lists thoughts on this? > Good or Bad? > > Thanks, > Zo > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
