Announcement

Collapse
No announcement yet.

Run domain controller as a guest OS or host?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Run domain controller as a guest OS or host?

    Hello all. I'm a long time lurker on both the site and the forums. It is truly a great resource.

    Network Info:

    Approx 300 Users
    One Win 2003 Application Server (member server)
    One Win2003 Domain Controller running AD, DNS, WINS, File & Print duties, some light network applications and Exchange 2003 & OWA. (I eventually want to move Exchange to its own box.)

    Our secondary AD server, an old 400MHz PC converted to a server role several years ago had to be shut down this week due to cooling and power component failure. The server was running AD and DNS. It was also running IAS for authenticating our soon-to-be-active wireless network. I plan to replace it with actual server hardware. I'm thinking something like an HP ProLiant DL360 (Single, Dual-Core Xeon 1.87, 2GB RAM, SATA drives in either RAID 1 or 5). I would like to also run WSUS on the new hardware.

    Since the duty of those services will not be very taxing on that hardware, I'm thinking the server may be a good candidate to try virtualization. This way I can avoid a situation like our primary server where everything is installed on a single instance of the OS. I've used VMWare server before for testing, just not in live environment.

    I would like to keep AD, DNS and IAS by themselves - good idea right? Would it be a better idea to install those services on the host OS, or in a guest? Are there any major issues to watch out for when running AD in a VM, or VMWare on a domain controller?

    Outside of RAM, are there any components that would need to be upgraded to make running VM faster? I wish I could get SAS drives, but it isn't in the budget. Will SATA suffice? This is my first non-SCSI server, so I don't know what kind of performance hit I will take.

    Thanks everyone.

  • #2
    Re: Run domain controller as a guest OS or host?

    i currently run two of the 5 domain controllers at my site on virtuals... i have one FSMO standalone, a x64 2003 (soon to be FSMO), and two virtual DCs on site.

    i am doing kinda what you are talking about... the virtuals are to accomadate the IAS role amongst other services. this give me a bit of flexability with rebooting DCs and not interupting VPN connections during work. it also adds a bit of security being spread about...

    i really like having a "floating" DC to handle logon requests and crap like that.. it allows me to take down standalone servers for maintance... have you played with the VMWare convertor? the new release just showed up the other day..

    i suppose its labled "beta" but ive used it three times on real servers with no problem.
    http://www.vmware.com/products/converter/

    i like that tool, cause i can make an "image" of the server (even during production) and then boot up a virtual, repoint some things, and then i can do what ever i have to with the standalone... i guess it just rips out everything north of the HAL, cause it must be reactivated after the vmdk file is created...

    i havent tried it in reverse; i.e. runing vmware workstation on the DC though...
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Run domain controller as a guest OS or host?

      Originally posted by bbailey View Post
      Hello all. I'm a long time lurker on both the site and the forums. It is truly a great resource.
      I used to be a regular contributor to these forums for a while last year but I took a break to catch up on some other stuff so Daniel hates me and stripped me of my moderator priveleges. That's ok though because Daniel sucks

      Originally posted by bbailey View Post
      Network Info:

      Approx 300 Users
      One Win 2003 Application Server (member server)
      One Win2003 Domain Controller running AD, DNS, WINS, File & Print duties, some light network applications and Exchange 2003 & OWA. (I eventually want to move Exchange to its own box.)

      Our secondary AD server, an old 400MHz PC converted to a server role several years ago had to be shut down this week due to cooling and power component failure. The server was running AD and DNS. It was also running IAS for authenticating our soon-to-be-active wireless network. I plan to replace it with actual server hardware. I'm thinking something like an HP ProLiant DL360 (Single, Dual-Core Xeon 1.87, 2GB RAM, SATA drives in either RAID 1 or 5). I would like to also run WSUS on the new hardware.

      Since the duty of those services will not be very taxing on that hardware, I'm thinking the server may be a good candidate to try virtualization. This way I can avoid a situation like our primary server where everything is installed on a single instance of the OS. I've used VMWare server before for testing, just not in live environment.

      I would like to keep AD, DNS and IAS by themselves - good idea right? Would it be a better idea to install those services on the host OS, or in a guest? Are there any major issues to watch out for when running AD in a VM, or VMWare on a domain controller?

      Outside of RAM, are there any components that would need to be upgraded to make running VM faster? I wish I could get SAS drives, but it isn't in the budget. Will SATA suffice? This is my first non-SCSI server, so I don't know what kind of performance hit I will take.

      Thanks everyone.
      I used to virtualize all domain controllers and that works fine but with one exception: If you have a power outage or your VMware hosts go down for some reason, everything sucks in the world. No authentication. No AD. No DNS for name resolution. No internet access. No DHCP. No DFS. No Certificate Authority. Suddenly you must do everything by IP address. Since VirtualCenter is reliant on name resolution and authentication, you now lose VirtualCenter for managing the DataCenter which sucks even more.

      Hard/annoying lesson learned, virtualize all domain controllers except one. Leave one physical. And while you're at it, do plan your FSMO roles accordingly. In addition, if you're running Exchange server, remember that Exchange server is down if there is no global catalog server available.

      Yes, I've been through some long evenings in my own frickin basement before.
      Last edited by jasonboche; 11th April 2007, 04:30.
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment

      Working...
      X