I work for Avanade - we deal mostly with large enterprises (Global 500 type companies).
In those types of orgs the AD team is usually separate from Virtualisation (which is predominantly VMWare), which is again separate from the hardware components (network, security, storage). Even as a directory, AD is usually limited to the Wintel area, and most large orgs have significant investment in *nix, midrange/mainframe systems as well. The "source of truth" is generally other systems like HR/payroll. As I said before - in smaller shops, there's usually significant overlap, so it's not really an issue. In larger shops (once there isn't a predominance of Windows), and AD isn't "king", it starts to become something that needs to be dealt with in some way. Cheers Ken From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, 31 December 2008 12:31 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's That's an interesting point. Have you actually seen this in practice? What I mean is, in every shop I've been in, the virtualization group is composed of the same people who "hold the keys to the kingdom" anyway (AD admins, or Linux/UNIX admins). I've never seen a group brought in to manage the virtual environment that didn't already have that type of access. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com> Phone: 610-807-6459 Fax: 610-807-6003 ________________________________ From: k...@adopenstatic.com [mailto:k...@adopenstatic.com] Sent: Tuesday, December 30, 2008 6:33 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's Most people have said "no" to question #2. I would say that there is a definite impact. Your virtualisation team are pretty much now an additional "god" in the organisation. For smaller shops this isn't an issue. For bigger shops, or where compliance/auditing/change control are important, then this is another layer of people who have significant privileges, who must be worked into your change control process. Cheers Ken From: Andy Shook [mailto:andy.sh...@peak10.com] Sent: Tuesday, 30 December 2008 2:57 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's 1. As long as the resources are available for the VM, then transparent. I know in the past that processors had to be in the same family as well as the same brand for Vmotion but I heard that this has changed with (ESX) update 3. I don't know the details yet, so someone please chime in here for clarification. 2. No 3. Most environments will have both. Shared for the lightweight servers and dedicated for VMotion\HA\DRS and the heavy hitting servers. 4. An OS license is an OS license is an OS license. Doubtful but check with the vendors in question. Shook From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, December 29, 2008 10:32 AM To: NT System Admin Issues Subject: RE: Virtualization Questions - More Q's Great responses so far! You've all given me even more to think about. A few other questions: 1. From a DR perspective, or perhaps just for rebalancing the load on a host machine, how does moving from one host to another with different HW impact the VM, or is it transparent? 2. Does Virtualization impact your domain security requirements in any way? 3. NIC Utilization - Shared NICs or separate for each VM? 4. OS & App licensing - can we expect any reduction in licensing requirements? Thanks! ________________________________ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
