Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Virtualizing SBS, Domain Controlers and Exchange Server DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • Virtualizing SBS, Domain Controlers and Exchange Server DC

    Hi all,

    We have an installation of 2 physical Domain Controlers (Windows 2008R2) - 1 is Fileserver, Printserver etc. and 1 is Exchange server 2010 - both DNS and DC.

    Furthermore we have 3 x ESXI 5.5 hosts (Vsphere Essentials) - 1 of those is used for backups of the 2 DC's (Virtual copies done with VMware Converter. None of the monthly backups have never been online or started.

    The intention was if one or both of the DC would break down, we would have the virtual copies that could be taken online and patched with the latest daily (Novabackup) and then have the domain back online to serve the users.

    Today I came across some whitepapers that state that virtualizing DC's from Physical servers is not recommended. None of the conversions have ever logged any conversion errors.

    I would like to ask you guys if any of you have a recommendations for a backup type (security) for the above mentions scenario or even a better way to secure the AD by having Virtualized copies offline. ??

    The physical servers are now 4 years old:
    HP Proliant ML310 G5 - Hardware RAID 1 - 2 discs 1 spare (DC, Fileserver, DNS, etc.)
    HP Proliant ML350 G6 - Hardware RAID 5 - 4 discs 1 spare (DC, Exchange 2010, DNS)

    Recommendations ??

  • #2
    IIRC there are some issues with snapshots of virtual DCs - in particular if there is a rollback, but no reason not to virtualise some DCs. Offline DCs are NOT a good idea as they will be out of date (passwords, objects etc) and after the tombstone period AD will want to kick them out

    There used to be a recommendation to have at least one physical DC to be able to cold start an environment - not sure how that fits with ESXi which, AFAIK, is not a domain member

    I would be looking (subject to licenses) at having a physical DC - can be on very low spec hardware if required supplemented by one or 2 virtual DCs on different hosts. These should be running all the time and replication with the other DCs checked

    Also note having Exchange on a DC is a "Bad Thing" but demoting that DC is even worse
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      The intention was - if just one of the DC's broke down - the second one would be taken offline as well and then both virtual copies should stand in.

      Is it an idea to make a fresh clean virtual DC member ??

      And then what if one of the physical DC's break down - is it then possible to restore it from the normal backups (novabackup/backupexec - systemstate AD) ?? - here i am thinking about the tombestone period kick-out....

      I am looking for a way to have virtual machines offline of the DC's - that with a system state restore, normal restore from the day before - can be re-instated until new hardware for the physical DC's are present.

      Such major breakedowns does always happen on weekends or days where access to new hardware is difficult.....


      • #4
        Hello Saxodreng

        Your physical server are already quite old and the cost of extended warranty exceeds the benefits, if you look at the advantages of a fully virtualized environment.

        To improve the reliability of your environment, I would suggest you to make the following steps:

        Virtualize existing servers using vCenter Converter and perform the backup using a VMware specific Backup solution such as Veeam Backup & Replication.

        As a result you have the opportunity to start the virtual machine, hardware-independent on an existing ESX when a hardware failure happened. The biggest advantage of Veeam is that the backups are VSS consistent and you can register the VM directly with a wizard on the vCenter. In case of a failure, you can start the VM directly from the backup storage and move it back to the main storage with Storage vMotion, while the VM is running and the users are working.

        Your solution has the disadvantage that you have many dependencies and you need relatively large amount of know-how to start the environment safely. Usually in such cases, you will have time pressure and this causes unwanted mistakes.

        Best Regards