+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Thin Client and Virtual Machines Thread, Safe to run virtualbox on Domain Controller? in Technical; Hi, Just setting up a new 2008 R2 DC and would like to setup a WSUS server. Don't want to ...
  1. #1

    Join Date
    Apr 2014
    Posts
    30
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    1

    Safe to run virtualbox on Domain Controller?

    Hi,

    Just setting up a new 2008 R2 DC and would like to setup a WSUS server.

    Don't want to install the WSUS role on the DC but don't have another server until summer to install it on.

    Is it safe to run virtualbox on a DC?

    Many thanks.

    Dan

  2. #2

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    I'm running Virtual Box on our second domain controller and all is well, it just runs a standard Windows 7 OS with Spiceworks installed for my help desk, make sure when setting up a VM though don't use NAT instead use Bridged, NAT will cause endless amount of issues with your DNS etc...

  3. #3

    Join Date
    Oct 2005
    Posts
    827
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Probably not the best idea.

    Why not setup the new server as a virtual host either running ESXi free or Hyper-V and then have both the DC and the WSUS server virtualised.

  4. #4

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Quote Originally Posted by pantscat View Post
    Probably not the best idea.

    Why not setup the new server as a virtual host either running ESXi free or Hyper-V and then have both the DC and the WSUS server virtualised.
    Why is it not the best idea? I only ask because I do it and never had any issues? Normally as long as you keep the network bridged and give it it's own IP and MAC Address there isn't a problem or am I missing something?

  5. #5
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    123
    Thank Post
    12
    Thanked 17 Times in 17 Posts
    Rep Power
    3
    I never wear a helmet when I ride my bike, I have never had an issue with it, I don't see what all the fuss is about people saying it's not a good idea to wear helmets, I have never bothered with a helmet for the last three bikes I owned, my grandad never used a bike helmet and he lived until 289... I'm going to ignore everyone else's experiences and never wear a helmet because I have done it and so far everything is hunky dory, in fact I'm so pleased at my lack of non bike helmet wearing incidents I am going to start telling everyone else's it's fine not to wear helmets to.

  6. #6

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Quote Originally Posted by Jasbo View Post
    I never wear a helmet when I ride my bike, I have never had an issue with it, I don't see what all the fuss is about people saying it's not a good idea to wear helmets, I have never bothered with a helmet for the last three bikes I owned, my grandad never used a bike helmet and he lived until 289... I'm going to ignore everyone else's experiences and never wear a helmet because I have done it and so far everything is hunky dory, in fact I'm so pleased at my lack of non bike helmet wearing incidents I am going to start telling everyone else's it's fine not to wear helmets to.
    Well I tell you what instead of being a clever why don't you tell me what is wrong with using Virtual Box on a DC with a bridged connection. If I'm wrong I'd rather be told I am and why this is, so other people including myself can benefit from the new information provided rather than having 12 year olds comment in a stupid and sarcastic fashion such as yourself.

  7. #7

    Join Date
    Oct 2005
    Posts
    827
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Quote Originally Posted by abillybob View Post
    Why is it not the best idea? I only ask because I do it and never had any issues? Normally as long as you keep the network bridged and give it it's own IP and MAC Address there isn't a problem or am I missing something?
    I believe the general recommendation from Microsoft is to leave a DC as just that - don't put any additional services on it.
    From a day-to-day point of view, I suppose it shouldn't cause any issues, but given that there's the opportunity to do this in a "cleaner" fashion then that would be my recommendation.

  8. #8

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Quote Originally Posted by pantscat View Post
    I believe the general recommendation from Microsoft is to leave a DC as just that - don't put any additional services on it.
    From a day-to-day point of view, I suppose it shouldn't cause any issues, but given that there's the opportunity to do this in a "cleaner" fashion then that would be my recommendation.
    Ok thankyou, that makes more sense. Fortunately I haven't had any issues to date yet, I have to do this as I don't have enough servers to be able to run all the services I need. It'd be a quick and temporary fix for him I suppose but I can see why you wouldn't want to do it long term.
    When we move to Windows 8/9 I will run our DC as a Virtual Host instead me thinks

  9. #9

    Join Date
    Oct 2005
    Posts
    827
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    No worries!

  10. #10

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,136
    Thank Post
    215
    Thanked 1,258 Times in 789 Posts
    Blog Entries
    4
    Rep Power
    507
    Guys, please keep things civil - we're all working towards the same goals here.
    @abillybob I'm sure it wasn't meant in the insulting tone you've taken it in, and @Jasbo Your point is valid, but explaining the possible issues is probably a better move.

    Back on topic:

    Your DC is the lifeblood of your domain, usually dealing with authentication, DNS, replication, addressing all at once. and also with more technologies getting AD aware and integrated it's becoming ever more vital.

    For a long time, the best practice wisdom has to keep DCs as only DCs wherever possible. Previously I've run DCs with secondary tasks/roles and not had any issues, but after some pretty terrible replication issues raising their head recently we're moving totally in the other direction and only running DC roles on them.

    TL : DR version is - it would probably be fine, but virtualbox attaches directly into the network stack, and your DC is useless without it. The chance for disaster increases in networks with multiple DCs, as any interruption to the synch processes is awful.

    In this position myself now, I would suggest doing as @pantscat said, and making the physical server a host for multiple VMs.
    Make sense?
    Last edited by Domino; 25th June 2014 at 01:16 PM.

  11. #11

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,178
    Thank Post
    303
    Thanked 332 Times in 236 Posts
    Rep Power
    141
    I tried it, and wasn't very popular when it froze the one-and-only server in the school.

    I would have thought you were better off just running the WSUS server on your DC rather than run it in a VBox VM on your DC (if I'm reading your question correctly). Being Primary-based, only my schools with newer installations have any virtualization, so everything is run off the DC: WSUS, WDS, VAMT/KMS...

  12. #12
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    123
    Thank Post
    12
    Thanked 17 Times in 17 Posts
    Rep Power
    3
    @Domino
    Fair point
    @abillybob

    I have disabled my humour functionality, wasn't dissing..

    In essence what these guys above have said.

    Why go against commonly know best practice?

    Why take the risk?

    Because your a tech genius or because you don't know better ?

    There's shelves full of books and websites full of Info about managing Domain controllers, best practice, mitigating risk, planning capacity etc.

    If I had a job looking after a companies Infrastructure I would consider it my job to go read some of them, then I wouldn't be thinking about doing this In The first place.

    Hosting a hypervisor app on your dc to host another server is just not a great idea in my book doesn't matter if I can do it or not, I would just consider it a risk I don't need to take down to poor planning, all for what, waiting a bit longer to do it properly?

    If I had to I would put wsus on a old box as a vm, have it scaled down and move it to the new server on arrival.

  13. #13

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,529
    Thank Post
    226
    Thanked 315 Times in 231 Posts
    Rep Power
    207
    Quote Originally Posted by Jasbo View Post
    @Domino
    Why go against commonly know best practice?

    Why take the risk?

    Because your a tech genius or because you don't know better ?
    I didn't know it was a risk and neither did the OP so it's not commonly known that was why he was asking and I said I've never had a problem. I may not be a Tech Genius but I do my job well enough and actually have some manners in the way that I talk to others.

    I don't understand how you could justify your last comment in any other way than taking the out of myself or the OP, grow up and learn not to be so sarcastic and derogative towards others.

    Edit: "wasn't dissing"
    Last edited by abillybob; 25th June 2014 at 02:35 PM.

  14. #14

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,136
    Thank Post
    215
    Thanked 1,258 Times in 789 Posts
    Blog Entries
    4
    Rep Power
    507
    @abillybob you're now being insulting in return. @Jasbo has already said he "wasn't dissing" - and I think you're taking a hypothetical as a personal attack

    As I said before, keep it civil please. I don't want to lock OPs thread when it's also prompted a useful discussion.
    Last edited by Domino; 25th June 2014 at 02:26 PM.

  15. #15

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,912
    Thank Post
    1,188
    Thanked 1,062 Times in 753 Posts
    Rep Power
    329
    Fight! Fight! Fight!


    Only Joking! hehe!
    @Domino: Your perfectly right.......................you two guys sort it or else we send the boy's round ok! hehe!

  16. Thanks to bossman from:

    APMerry (25th June 2014)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Script to run based on computer name
    By FN-GM in forum Scripts
    Replies: 12
    Last Post: 10th July 2013, 11:39 AM
  2. Replies: 0
    Last Post: 2nd January 2013, 10:28 AM
  3. Kit to run Minecraft on within school
    By speckytecky in forum *nix
    Replies: 16
    Last Post: 5th October 2011, 01:12 PM
  4. Additional groups have admin rights on Domain Controller
    By jonathanhaddock in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 22nd April 2010, 01:10 PM
  5. Replies: 15
    Last Post: 1st April 2006, 04:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •