Domain Controller virtualization solutions - Part 1
In this article we will show you the advantages and disadvantages of some common domain controller settings.
When it comes to building a virtual data center, there is probably no more controversial topic with the domain controller setup topic. Server virtualization has been around for a while and there have been some virtualization products, which is for many people to think that the basic principles for virtualizing network servers are probably well established. sure. All server virtualization has specific and concise instructions in most parts. That's why we don't just mention domain controller virtualization in our minds. However, there are many different philosophies about how to handle domain controllers in a virtualized environment. And there are actually many advantages and disadvantages associated with each of these different philosophies, so we decided to take this series to consider setting up domain controllers in a virtualized environment.
Now you might wonder why the topic of setting up domain controllers is such a controversial topic. We have heard of some people comparing complex domain controller setups like the question of 'previous ducks or eggs'. On the one hand, domain controllers will set up Active Directory structures that all other Windows servers follow, on the one hand, you need to create and configure virtual servers (usually Hyper-V or VMware servers). before doing everything virtualization. So you have to decide if your server needs to be a domain member. If you decide to turn your servers into a part of the domain, you must configure it to work in a certain way to make the network secure.
Separate the servers from the domain
One potential solution to the domain controller implementation problem is to separate the servers from the domain. In this domain model, the entire Active Directory forest will be virtualized, but the servers will reside in a workgroup outside the domain.
This domain controller model works quite well, especially in small organizations. In fact, when we decided to virtualize our production network, this is the domain controller implementation model that we choose to use. The basic reason behind our decision is that this model has allowed us to virtualize all our production servers. This makes it possible to move production servers from one server to another when needed.
Even so, this design work is not perfect. For us, the biggest problem we have encountered is also the result of using this model, which limits many options for network backups.
In our test network, we ran Hyper-V on all of our virtual hosts and used System Center Data Protection Manager 2007 (DPM 2007) as the backup solution. The problem is that DPM 2007 is quite dependent on Active Directory. That means that there is no option to join the DPM 2007 server into the domain. As a result, DPM 2007 has trouble backing up virtual machines, but we have no way to back up virtual hosts properly.
Another problem with separating virtual hosts from Active Directory is that almost all network management software extract information from Active Directory. Therefore, this type of design can limit your ability to manage virtual hosts by using other management software.
To give you an idea of what we're saying, consider another aspect of network design. After we virtualized our production network, we decided to add a virtual host and use it to configure some testing machines. Although no testing machine is a member of the production domain, but the server is hosting test machines as a domain member.
As the network continued to grow, we decided to install System Center Virtual Machine Manager 2008 (SCVMM 2008) on the server hosting the test machines. You can see the screen captured from the SCVMM 2008 console in Figure A.

Figure A: SCVMM 2008 cannot see other servers
Notice in the figure that the All Hosts section only lists one server, although there are many Hyper-V servers in the network. This behavior is a direct result of the fact that other servers are not domain members. SCVMM 2008 not only can't see other servers (or virtual machines reside in them) but you can't even install SCVMM 2008 on a non-domain server.
Create a separate domain
As you can see, ignoring virtual hosts from Active Directory works quite well for small networks, but this can lead to some management issues if the network grows and expands. There is another technique that allows us to solve most of those problems.
This technique involves setting up an Active Directory domain before deploying host servers. This domain exists only for the purpose of managing your virtual hosts. In this model, all of your production servers will be members of an entire Active Directory that are based on virtualized domain controllers.
This technique provides all the same advantages as separating servers from Active Directory, but allows you to take advantage of network management tools depending on the Active Directory database.
As is the case with all other domain controller implementation models that we will discuss, this model is not perfect. Make sure that you know, one of the main driving forces behind virtualization technology is to reduce hardware costs by making better use of server resources. This model does not accomplish that goal.
Having a separate domain for virtualized servers means that you will need at least one physical server to act as a domain controller. Of course, having a domain with only a single domain controller is a risky proposition, so in fact you will definitely spend two or more physical servers on service tasks as domain controllers.
Since the domain in question is created for virtual hosts only, it means that domain controllers for that domain will experience a very light load, which is impractical if your goal is to be good. more than your server hardware resources.
If you yourself want to use this domain model but are hard-pressed to justify the dedication of physical servers to perform tasks like domain controllers, then we recommend that you consider using the machines. The old owner you gave 'retired' before. As long as your old servers are still active and not obsolete, they will still be able to work as domain controllers for virtual hosts. It should be noted that, although you choose to reuse old server hardware, this model still requires you to purchase additional registrations required for the additional domain controllers you are deploying.
Conclude
So far, I have shown you two models that implement different domain controllers within a virtualized environment. However, there are many other implementation models that you can use, and we'll cover them in Part 2 of this series.
You should read it
- Working with the Domain Controller Diagnostic Utility - Part 6
- Instructions for creating a Domain Controller - DC on Windows Server 2012
- 4 free virtualization software solutions on Windows
- Working with the Domain Controller Diagnostic Utility - Part 3
- Working with the Domain Controller Diagnostic Utility - Part 1
- Working with the Domain Controller Diagnostic Utility - Part 5
- Working with the Domain Controller Diagnostic Utility - Part 4
- Working with the Domain Controller Diagnostic Utility - Part 2
May be interested
- Virtualization realizationthe field of virtualization is currently hot! many new virtualization platforms have emerged, including software and hardware solutions, virtualization from chips to it infrastructure. the it community in general is eager for this technology for its benefits
- Fix the problem when removing Windows Server 2008 Server Core from the domainin the following article, we will show you how to handle and fix errors when removing windows server 2008 r2 server core from the domain system. the case here is that both core and domain controller (dc) systems are virtual machines, when the user tries to switch dc to the state of the previous snapshot, but the core part cannot access the data source on the dc. ...
- Windows User State Virtualization - Part 5: Complex environmentin this section, we will show you the high-level steps for implementing various windows user state virtualization solutions.
- What is virtualization? Why should you use this technology?according to gartner market research firm, virtualization with multi-core processors, 'cloud computing', electrical-computing-everywhere and virtual social networking will be the 5 technologies that completely change the it industry. global.
- Create a Site-to-site VPN on ISA 2006 (Part 2)in this second part we will explore the issues with dns (domain name system), the domain name system, a very important component in creating solutions, installing css and creating isa isa arrays. main room and branch office.
- Run Windows Server 2008 R2 - Install and create a Lab Domain Controller (Part 1)in this series, i will show you how to create a lab domain controller in windows server 2008 r2.
- How to check which Domain Controller holds the FSMO role in Active Directorythis tutorial illustrates how to test the fsmo role in server 2016. the 5 fsmo roles in active directory include: rid master, pdc emulator master, infrastructure master, domain naming master, schema master.
- Use eBox as Windows Primary Domain Controllerthe platform platform is one of the open source server systems that allows administrators to capture, control and manage network services.
- Windows User State Virtualization - Part 2: Scenarioin part 2 of this series, we will explore different business scenarios for implementing windows user state virtualization technologies (usv.
- Symantec redefines Terminal Virtualizationsymantec group has just announced extended terminal virtualization solutions to better protect and manage terminals, whether it's physical terminals or not.