Agreed. While it would be nice to see something like this out of MS it isn't something they can put together very quickly, VMWARE has spent years and years on making this work. People have been deploying AD in droves and are now maturing and hitting several different things that ESX would make much easier to deal with, especially in the DR Realm. Once someone has AD Deployed and running fairly well they start considering how do I recover if I blow up and how can I duplicate for a lab environment. While this can be done with Virtual Server, it still doesn't have the gains and performance that you can get with ESX due to the fact that ESX is so well optimized for this. Consider, as Stuart pointed out, Virtual Server and GSX are solutions built on top of an OS. The OS isn't optimized for virtualizing other machines upon itself. It is a full normal user interface OS that has an App running on it which can run other virtual machines. ESX is an OS that is designed from the ground up to only host virtual machines.
Take for instance, a poor analogy. You have say a BMW X5 which is a hot rod SUV. It is a great all around vehicle and handles offroad ok and hot rodding ok. However if you are really serious about hot rodding or offroading, you will find other products that will blow the X5 off the map for you for the thing you are interested in. Say a ferrari or a jeep wrangler? If you want to see a truly amazing display, poke Dean (yes the Dean that posts here) and get him to show you the little automated recovery system he has come up with for ESX that allows very quick rollback of a seed environment or even a full forest if everything is on ESX. He has been working on these mechanisms for a couple of years for his work that he does and the beauty of it is it can be extended to fully account for a complete intel DR solution for an entire company. When it truly comes down it. Vmware ESX is simply something that should be considered a piece of hardware from the viewpoint of MS and VMWare should be able to hear from MS how to get onto the HCL and be fully supported. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart Sent: Friday, March 18, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Continuity planning and AD To duplicate ESX, you would have to develop a very stripped and efficient kernel. ESX is actually running a proprietary kernel running underneath the hosts and it uses a Linux console OS to control the kernel. This is one of the main reasons why ESX is so much more efficient than VPC or GSX where the underlying OS is normal Windows. ESX also uses a specialized and very efficient disk format (VMFS) for the actual host files. Here is the map: VPC = VM workstation Virtual Server = GSX ??? = ESX Hardware virtualization idea is a HUGE thing and Microsoft needs to get more on board and should have bought Vmware when they had the chance. As the to the DR scenario (e.g. SunGard), we are in the same boat and ESX and Virtual Hosts solves all of the mucking about with dissimilar hardware restores. In fact, because ESX emulates common drivers on the OS install CD you can actually do a physical to virtual restore with a lot less trouble than one would think. In our specific case we are able to use Ntbackup to restore directly a Windows 2000 Dell 2550 to a virtual server on ESX with no special steps. -Stuart Fuller -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, March 18, 2005 11:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Continuity planning and AD Wouldn't it just be easier to expect them to put that ESX functionality in virtual server? ;) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, March 18, 2005 11:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Continuity planning and AD I am 150% behind this mechanism. Your up and functioning again time is drastically reduced as you can recover to any machine that has your virtualization software up and running. This is technology that I have been recommending to the list for probably a couple of years now along with many others. Basically you spin up a little site with virtuals of all of your domains, you script their daily (or more often) shutdown and backup. If you get really cute you have multiple DCs of each domain and stagger their shutdown and backup times and maybe even their replication schedules. This also helps with establishing lab forests or safe harbor (aka Life Boat) forests to do real data tests for things like schema updates and such. If MS would get off their butt and support VMWARE ESX officially as a hardware platform this would open up even more possibilities such as near immediate full forest recovery even with X domains where X is some crazy number like 20+. In fact, now that I have heard of Server Foundation Architecture at DEC[1] from Stuart Kwan, my battle with IE on DCs is pretty much wrapped up (unless I hear the idea dying) and I appear to have won so I am going to see if I can take on getting MS to support ESX since they have no competing product. I believe the idea is as solid and just as the idea to get IE/GUI off of servers if you want to run that way. So anyway, if this is something you are interested in as well, getting ESX server supported as a hardware platform, feel free to ping me offline about it and let me know the kind of business you represent (size, how much MS, etc) so when I start my email compaign and start making a nuisance of myself in the various forums and face to face times with MS Execs I have some numbers and company names behind me. Virtualization is truly where we are going and MS and Virtual Server is no where near the capability of ESX and I haven't heard anything that would lead me to believe MS is anywhere near to announcing anything like that. This seems to be good for everyone from what I can see, good for the customer as their life will probably become easier and more secure, good for MS because people will buy more product licenses because they can fit more in the data center, good for hardware vendors because they sell better higher end hardware instead of a bunch of the lower end small margin stuff. Some very large orgs (no names please) I talked to at DEC are all moving forward with ESX solutions even though MS doesn't officially support the platform. They have looked at it and determined that the solution justifies going outside the realm of guaranteed MS Support. That doesn't look good for MS, it is inability to admit to reality. Sure don't support vmware workstation or GSX, we understand, it competes with your own productlines, but you don't have a product like ESX... period. And larger customers are going to want to go ESX versus GSX or Virtual Server. Heck if you really look at it, you could come up with some pretty good cookie cutter Small Business ESX solutions as well. joe [1] When Stuart announced having a DC up and running in the lab on this platform with no GUI/IE there was big time applause from the audience and a tear came to my eye. People were buzzing about it the whole rest of the week. Rick tried to get me in trouble by indicating I could now drop death threats I had out against various MS people which was completely untrue and of course he was only joking. Luckily he only embarassed me as I got a shout out from Stuart from the podium, I don't think many people really knew who he was referring to though because most people don't know my full name. Anyway, I have been exceedingly vocal about this issue to every level of MS Management I have come into contact with for some time now. I mentioned it a little here occasionally but that wasn't even the tip of the iceberg because I didn't think this list had much power to invoke that change. I was sending notes to folks like Allchin and Nash about it and posting heavily on an MS and MSMVP Security DL about it and was a broken record at the MVP Security Summit last fall and tended to bring it up in nearly every session for several days. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, March 18, 2005 10:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Continuity planning and AD You can pull the disaster docs at Microsoft (should be off of http://www.microsoft.com/ad ) and re-use a lot of that. There are KB articles as well. As for the original poster's question, "The plan is this at the moment: when our server cathes fire, is flooded or stolen, we take a recent tape from off site with all our data and another tape with our 'system' and restore. Well that was easy!!" That is great for things such as physical site issues but doesn't cover any issues with logical corruption. You may want to include that in your scenario. Another thought is one that has been kicked around a lot. Since you need system state to get your DC back up and running, and since system state restores almost require you to use duplicate hardware, have you considered what a virtual instance can do for you? You could introduce a second DC running in a virtual instance and then your hardware issues are abstracted. So when you do the restore, you would have two choices: put back the entire virtual machine (binary blob that you backed up (shut down the VM instance, backup the blob, restart sort of thing) and restore the blob in your DR site. Perform metadata cleanup, seize the roles, and move ahead. Or you could restore the data via tape to a VM instance. Either way, your duplicate hardware requirement goes away because virtual server technology abstracts the hardware from the physical hardware you use. Can be much faster, more reliable, and easier under pressure. Just wanted to throw that out there. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, March 18, 2005 8:46 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Continuity planning and AD My organization just moved to a W2K3 AD and we have one of our offsite DR tests coming up. I was wondering if someone wouldn't mind sharing any step by step documentation that you have generated to perform this restore (basically so I don't have to go and draft one from scratch)? If not, is there any other interesting tid-bits that we need to know. (I will probably end up restoring two Domain Controllers, one for the Forest and one for my domain during this test plan) so any and all help will be nice. Thanks. -----Original Message----- From: Hunter, Laura E. [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 6:23 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Continuity planning and AD I run into this a lot; we go to Sungard twice a year to do DR testing and we never -ever- get identical hardware. It becomes a voodoo dance of running a repair, occasionally doing an in-place upgrade, and getting rid of now-extinct metadata and replication entries with ntdsutil and repadmin. FWIW, it works better on 2003 than 2000, since sometimes the TCP/IP stack gets hosed and it's easier to delete/recreate in 2003 than 2000 - it's a 3-step KB article instead of a 3 -page- one. Laura > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, March 18, 2005 5:37 AM > To: ActiveDir@mail.activedir.org > Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] > Subject: Re: [ActiveDir] Continuity planning and AD > > Hi Johnny > > In theory, you should be able to do your restore to the different > hardware, and then boot to the CD, choose setup, and choose repair > existing version of Windows to redetect all hardware. I am not sure > this is supported but we were able to do it in our forest recovery > test with no real problems besides time time time and more time. > > Make sure you test the solution well before deciding that an identical > box is not the answer. > > Regards; > > James R. Day > Active Directory Core Team > Office of the Chief Information Officer National Park Service > (202) 354-1464 (direct) > (202) 371-1549 (fax) > [EMAIL PROTECTED] > > > > > > "jonny" > > > <[EMAIL PROTECTED]> To: > <ActiveDir@mail.activedir.org> > > Sent by: cc: > (bcc: James Day/Contractor/NPS) > > [EMAIL PROTECTED] Subject: > [ActiveDir] Continuity planning and AD > > tivedir.org > > > > > > > > > 03/18/2005 10:03 AM GMT > > > Please respond to > > > ActiveDir > > > > > > > > > > Dear All > > I am a bit of AD newbie so I am not even sure if this is an AD issue; > so apologies in advance. > > Anyway, we have a disaster recovery server which we plan to store off > site. > This will be switched off while in storage. Our live server is a > Windows 2000 server running AD. The backup software is Veritas Backup > Exec. We do not use one button recovery. > > The plan is this at the moment: when our server cathes fire, is > flooded or stolen, we take a recent tape from off site with all our > data and another tape with our 'system' and restore. Well that was > easy!! > > Well aside from many likely problems this I the one I want to ask > about > here: > > The system tape is derived from a Veritas backup called System backup. > I believe this backs up all the registry settings and I assume the > user databse, the DNS, DHCP setting and other services settings also. > The recovery server is not a hardware duplicate of the live server, > but it does run Windows 2000 server and Veritas. > > Question: I have been told a systemn restore will result in the > recovery server crashing as it is not a hardware duplicate. How do I > backup (and > restore) all the software and operating system settings and the AD > settings without requiring a hardware duplicate? Can anyone point to > resources that state how to do this and what to be aware of? > > Many thanks for any help on this > > Jonny > > > _________________________ > Jonathan Feldman > ICT Manager > NACVS > 177 Arundel Street > Sheffield, S1 2NU > > Tel: 0114 278 6636 > Fax: 0114 278 7004 > Textphone: 0114 278 7025 > Email: [EMAIL PROTECTED] > Web: http://www.nacvs.org.uk > ______________________________ > > Registered charity no. 1001635 > Registered company no. 2575306 > Registered office as above > ------------------------------- > > Dates for your diary > =================== > > Chief Officers' Residential Event 2005 Royal Court Hotel, Coventry > 6-7 April > > http://www.nacvs.org.uk/nacvs/events/core/index.shtm > > If you take my advice...getting HR support right Age Concern, > Birmingham 21st March > > http://www.nacvs.org.uk/nacvs/events/hr/index.shtm > > Local Public Service Agreements: engaging communities Novotel > Birmingham Centre > 19 May 2005 > http://www.nacvs.org.uk/nacvs/events/lpsa > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
