I'm confused. Does the esx server/hypervisor authenticate to AD? If not, wouldn't you just boot the virtual servers the same way you boot them if they are physical. You start with a DC and go.
Bill -----Original Message----- From: mse...@ont.com [mailto:mse...@ont.com] Sent: Monday, March 30, 2009 3:06 PM To: NT System Admin Issues Subject: RE: Pros/Cons of putting PDC/2DC on Virtual Server Try bringing up your virtual environment with no authentication or name resolution if your Domain Controller VM goes down and no physical DC. Mike Original Message: ----------------- From: Bill Songstad (WCUL) administra...@waleague.org Date: Mon, 30 Mar 2009 14:35:33 -0700 To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Pros/Cons of putting PDC/2DC on Virtual Server ������������m going to throw my opinion in to see if I can get my thinking torn apart as ����������m unsure of the value of the physical boxes. I am in the process of planning the exa�����������bad pla��������� as the original poster is dealing with. I have three servers built on cheap hardware. Sometimes controllers fail or disks fail or get full and moving up to new hardware is a pain. But if I put all three on a sing�����������big ����������� server with hotswap everything, I get a level of reliability, scalability, and recoverability that I could not previously afford. I am not seeing the why of not putting all the DCs on a VM. If my VM goes down, all the servers are down, yes, but all the servers are good and I can restore them to dissimilar hardware in a jiffy. If I keep a physical DC off the VM, all my other servers are still down so nobody is working still. I guess what���������m asking is what is the value of having a physical DC if nobody can get to file-and-print or sql or exchange? What is the purpose of the extra physical box? Is there a problem with having all of AD down at one time? (I mean other than not allowing access to other resources; of which I have none) I suppose if I really should keep a physical server, I certainly w�����������t have anything critical on it. I just�������������t like the idea of keeping an extra $1000 box with a $650 license on it just to keep the domain on two machines. Bring on the ridicule if ��������m making a mistake. I opened my mouth to learn something he��������¦ I just ha������������t seen a good reason to have a physical DC if all your other servers are on a single VM. Bill From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Thursday, March 26, 2009 3:58 PM To: NT System Admin Issues Subject: RE: Pros/Cons of putting PDC/2DC on Virtual Server I do/have all dc�������s �����������ed in vm environments. I do understand ������������feel g������������ scenario. However, I place as much trust in the esx delivery as I do the physical box, if not more so since the vm is portable. That�������s my .02. This structure is based around a san with or w/o vmotion (depending on budget). You can put a san together for next to nothing, that is fairly robust (drbd/openfiler/iet). With Esxi, and no vmotion. If a physical esx goes down you simply start them on the other machine. Its not pretty but it works, and a small/med shop that can be down for 15 minutes while someone does that can be worth saving the 5k. If you are talking about putting all your eggs in one basket that�������s acceptable in small/med environments. I know you mention this is a large environment so then I wonder how big could it be with just 1 exchange and 2 dcs ? Everything regarding restoring������������s with DC data is well documented and there should be no surprises for those who need to do that. On the physical box, if the server crashes you have it even worse, because you cant jus��������˜resto��������� the image. You have to go rebuild the server, join the domain and then promote it again, or restore from backup. That actually sounds like more work, then restoring the vm, rolling back the ticket. In your particular case, it sounds like the advantages vmware gives you , space, consumption, failover have all been swept aside to save dollars. Therefore, I would say you should rethink the current solution. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -------------------------------------------------------------------- mail2web.com���� What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
