Jollity (27th February 2014)
Things to consider when you host Active Directory domain controllers in virtual hosting environments
One of the things to remember is that if your Hyper-V hosts are members of the domain (which, if you want to use any of the clustered failover stuff they need to be I believe), you then have a chicken and egg problem - if your entire cluster is down, and you turn it back on, your host nodes now won't have a DC to work with, as they are guests on top of the host and aren't live. If you use things like clustered storage volumes then you won't be able to boot up your VMs either, as your host won't have access to a DC to authenticate access to the CSV.
So, some potentially major problems.
At the risk of having eggs thrown at me, its not quite true that you *must* always have a physical DC with Hyper-V, it depends on your setup. Our main host is not part of a failover cluster, no SAN, everything is on local storage, there are nothing that depends on a functioning domain to start. You start the host and the DCs start up. Yes there might be a short period where there is no domain but its only the time to restart the main host or start up the replicated VMs on the backup host. It isn't worth us purchasing and maintaining a physical DC just for that.
Just to address the failover cluster question as well. Advice given out by Veeam here:
From Virtualizing a Domain Controller or not? - Spiceworks
you can create a failover cluster and keep one DC as not highly available and on the local storage. That takes out the risk when everything goes down at once
Also, wouldn't this setup require at least three hosts if one host is not part of a failover cluster? Two hosts is more common in my experience, at least in school environments.
I believe we are in the same situation as sparkeh.
We have multiple hosts (four) that are not part of a cluster. We have all the VMs hosted locally on the hosts as we don't have a SAN. I don't think we can get caught in the chicken/egg trap. IF ever one of the hosts was to go down the other would pick up the authentications. If both hosts that were hosting each DCs we to go down we could them bring it back on one of the other remaining two.
I know it is not the idea setup. But we cant afford a SAN, and we are using our underpowered Dell Poweredge rack servers.
localzuk - The hosts are domain members, but in that situation of double host failure wouldn't we be able to login locally and start the VMs??
I could easily rebuild DC3 onto a physical server as we have the capacity. What do you think please?
Last edited by burgemaster; 27th February 2014 at 10:12 AM.
Ah, I see what you are doing. Just make sure you don't set this server to be your primary authentication server or DNS server in any systems where you have to set primary and secondary LDAP or DNS (external systems, firewall/VPN, DHCP server, web filter, etc). Because if that server goes down (and it's more likely it could as it's not highly available) then you will encounter problems. For this same reason, you shouldn't make the physical DC that is your "safety net" in a virtualised environment your primary LDAP/DNS either.Don't think so, as far as I am aware you can run a standalone VM separate from the cluster on the cluster node. Just run up your VM, use local storage, but don't make it highly available and it operates as a standalone VM. In the event of problems you can startup your standalone DC then bring up your cluster. At least that is what I have read about what other people have done but can't claim personal experience of doing it.
Learned that lesson the hard way,
sparkeh (27th February 2014)
Hopefully you have a good backup strategy?
The newer version of Clustering services is supposed to start without AD if necessary; although I haven't tested that scenario.
I had also been interested in the reasons for needing a physical DC.
Do you think it is necessary to keep the master roles (schema master, PDC emulator etc) on the physical DC or is it just a question of having a DC and DNS server so the main virtualised ones can get going? Edit: I had missed the last page. If I read correct, Seawolf is saying it is better to have the primary AD server on the virtual server for availability reasons.
I was thinking that our VM hosts would just not be kept on the domain to reduce the risk of dependency loops. I want to use one of the old servers as a physical DC, but I do not think it will last more than a couple more years, but we can probably find something to use after that.
Last edited by Jollity; 27th February 2014 at 12:42 PM.
seawolf has said the physical DC is a safety net and more likely to fail.
In this situation though, you would have 4 completely independent Hyper-V hosts replicating to three other Hyper-V hosts. If a VM goes down - which replica takes over?
EDIT: Also, please don't think that Hyper-V Replication is designed for HA - it is not. You will have to manually spin up the replica VM on the secondary host, and you will likely have some data loss. See Microsoft Tech Note regarding unscheduled outages and Hyper-V replicas:
Business Continuity and Disaster Recovery (BCDR)
In a BC scenario and a planned failover event of a primary VM, Hyper-V Replica will first copy any un-replicated changes to the replica VM, such that the event produces no loss of data. Once the planned failover is completed, the replica VM will then become the primary VM and carry the workload, while a reverse replication is automatically set. In a DR scenario, i.e. an unplanned outage of a primary VM, an operator will need to manually bring up the replicated VM with an expectation of some data loss, since changes of the primary VM not yet replicated to the replicated VM have now been lost along with the unplanned outage.
- See more at: Hyper-V Replica Explained, Windows Server 2012 Style - Yung Chou on Hybrid Cloud - Site Home - TechNet Blogs
Last edited by seawolf; 27th February 2014 at 09:56 PM.
Yeh thats exactly why I didn't go with the replica system and have mine designed for manual failover on local storage.
@zag, do you not have the same core issue as Replica though? As in you're only as good as the time interval from the last clone/backup? I think it was mentioned a few posts back, full HA requires SCVVM and SCOM and some form of shared storage.
Yeh, definitely only as good as your last backup.
Veeam all the way for that
There are currently 1 users browsing this thread. (0 members and 1 guests)