Always Virtualize Domain Controllers
-
@DustinB3403 said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
I even bolded it so that you could not miss their clarification.
Since we know that a physical install is not what does that, we know that they typed the wrong thing and left out the word "separated".
To play devils advocate here, you're adding the word "separated". They could very well mean it. . .
Except they explain what they meant.
-
@Tim_G said in Always Virtualize Domain Controllers:
I would advise against virtualizing domain controllers Pre-Server 2012, mostly due to prior versions missing safeguards. But if you know what you are doing and know how to prevent rollback and other issues, then it should be done. This is of course if there's no possible way to run 2016, or even 2012 R2.
Rollback is a risk with physical too. That's not a virtual risk. That's a general best practice about snapshotting one portion of a live database.
-
@scottalanmiller said in Always Virtualize Domain Controllers:
@Tim_G said in Always Virtualize Domain Controllers:
I would advise against virtualizing domain controllers Pre-Server 2012, mostly due to prior versions missing safeguards. But if you know what you are doing and know how to prevent rollback and other issues, then it should be done. This is of course if there's no possible way to run 2016, or even 2012 R2.
Rollback is a risk with physical too. That's not a virtual risk. That's a general best practice about snapshotting one portion of a live database.
Yes but as a VM, the risk is so much greater if you aren't aware of what can cause it.
-
@Tim_G said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
@Tim_G said in Always Virtualize Domain Controllers:
I would advise against virtualizing domain controllers Pre-Server 2012, mostly due to prior versions missing safeguards. But if you know what you are doing and know how to prevent rollback and other issues, then it should be done. This is of course if there's no possible way to run 2016, or even 2012 R2.
Rollback is a risk with physical too. That's not a virtual risk. That's a general best practice about snapshotting one portion of a live database.
Yes but as a VM, the risk is so much greater if you aren't aware of what can cause it.
But it isn't the virtualization. This is just "do your job well". This same logic would lead us to say that using a SAN is always bad too, because even more so than virtualization that "encourages" snapping.
-
@scottalanmiller said in Always Virtualize Domain Controllers:
@Tim_G said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
@Tim_G said in Always Virtualize Domain Controllers:
I would advise against virtualizing domain controllers Pre-Server 2012, mostly due to prior versions missing safeguards. But if you know what you are doing and know how to prevent rollback and other issues, then it should be done. This is of course if there's no possible way to run 2016, or even 2012 R2.
Rollback is a risk with physical too. That's not a virtual risk. That's a general best practice about snapshotting one portion of a live database.
Yes but as a VM, the risk is so much greater if you aren't aware of what can cause it.
But it isn't the virtualization. This is just "do your job well". This same logic would lead us to say that using a SAN is always bad too, because even more so than virtualization that "encourages" snapping.
Right.
Who are those that are still running Server 2008 DCs, that are wanting to virtualize them on old Hyper-V?
I'll tell you, exactly the type of people who are more likely to unknowingly cause rollback or other issues by not doing things right or not doing their job well as you say.
-
@Tim_G said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
@Tim_G said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
@Tim_G said in Always Virtualize Domain Controllers:
I would advise against virtualizing domain controllers Pre-Server 2012, mostly due to prior versions missing safeguards. But if you know what you are doing and know how to prevent rollback and other issues, then it should be done. This is of course if there's no possible way to run 2016, or even 2012 R2.
Rollback is a risk with physical too. That's not a virtual risk. That's a general best practice about snapshotting one portion of a live database.
Yes but as a VM, the risk is so much greater if you aren't aware of what can cause it.
But it isn't the virtualization. This is just "do your job well". This same logic would lead us to say that using a SAN is always bad too, because even more so than virtualization that "encourages" snapping.
Right.
Who are those that are still running Server 2008 DCs, that are wanting to virtualize them on old Hyper-V?
I'll tell you, exactly the type of people who are more likely to unknowingly cause rollback or other issues by not doing things right or not doing their job well as you say.
Right, so the recommendation is "don't be those people." It's not virtualization that's the risk, it's incompetent shops. That's the actually issue that needs to be solved. Running a physical DC isn't going to protect them in any way.
-
What that document should be saying is that you need a DC on a system that is not part of the cluster.
Said system should be a domain joined Hyper-V Server running the DC as a VM.
-
@JaredBusch said in Always Virtualize Domain Controllers:
What that document should be saying is that you need a DC on a system that is not part of the cluster.
Said system should be a domain joined Hyper-V Server running the DC as a VM.
Exactly.
-
But that said, you are wrong @scottalanmiller. You are choosing to interpret the words with your own bias. The words mean what they mean and there is no clarification that correctly states what you want.
You are correct it is an industry standard to always virtualize and you are right that the Microsoft document should be corrected.
-
@JaredBusch said in Always Virtualize Domain Controllers:
But that said, you are wrong @scottalanmiller. You are choosing to interpret the words with your own bias. The words mean what they mean and there is no clarification that correctly states what you want.
You are correct it is an industry standard to always virtualize and you are right that the Microsoft document should be corrected.
But they explained what they meant and it didn't match what they said. So the other option is that they don't know enough. If I'm wrong, it's really bad that MS doesn't understand the issue.
-
@scottalanmiller said in Always Virtualize Domain Controllers:
@JaredBusch said in Always Virtualize Domain Controllers:
But that said, you are wrong @scottalanmiller. You are choosing to interpret the words with your own bias. The words mean what they mean and there is no clarification that correctly states what you want.
You are correct it is an industry standard to always virtualize and you are right that the Microsoft document should be corrected.
But they explained what they meant and it didn't match what they said. So the other option is that they don't know enough. If I'm wrong, it's really bad that MS doesn't understand the issue.
No, they clearly state multiple times physical server. They should not, but they do. They do correctly say that at least one DC on the cluster make sure that the virtual disks for the DC not be on the CSV for when the physical DC is not available.
-
@JaredBusch said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
@JaredBusch said in Always Virtualize Domain Controllers:
But that said, you are wrong @scottalanmiller. You are choosing to interpret the words with your own bias. The words mean what they mean and there is no clarification that correctly states what you want.
You are correct it is an industry standard to always virtualize and you are right that the Microsoft document should be corrected.
But they explained what they meant and it didn't match what they said. So the other option is that they don't know enough. If I'm wrong, it's really bad that MS doesn't understand the issue.
No, they clearly state multiple times physical server. They should not, but they do. They do correctly say that at least one DC on the cluster make sure that the virtual disks for the DC not be on the CSV for when the physical DC is not available.
I only saw one spot with it and there was every reason to accept a typo. At least they provide the explanation of their goal so we know they provided the wrong solution. Because we know that they confused their goal with the wrong proximate.
-
@scottalanmiller said in Always Virtualize Domain Controllers:
@JaredBusch said in Always Virtualize Domain Controllers:
@scottalanmiller said in Always Virtualize Domain Controllers:
@JaredBusch said in Always Virtualize Domain Controllers:
But that said, you are wrong @scottalanmiller. You are choosing to interpret the words with your own bias. The words mean what they mean and there is no clarification that correctly states what you want.
You are correct it is an industry standard to always virtualize and you are right that the Microsoft document should be corrected.
But they explained what they meant and it didn't match what they said. So the other option is that they don't know enough. If I'm wrong, it's really bad that MS doesn't understand the issue.
No, they clearly state multiple times physical server. They should not, but they do. They do correctly say that at least one DC on the cluster make sure that the virtual disks for the DC not be on the CSV for when the physical DC is not available.
I only saw one spot with it and there was every reason to accept a typo. At least they provide the explanation of their goal so we know they provided the wrong solution. Because we know that they confused their goal with the wrong proximate.
Then read closer because there is more than one.
-
Yeah, this is confusing. My co-worker was quoting Microsoft the other day and I looked exactly this up. It's hard to be able to justify virtualization in this scenario from where I am standing because I'd essentially either be insinuating microsoft doesn't know their own products or saying people I know, know more than they do. It's not an easy sell.
-
@wirestyle22 said in Always Virtualize Domain Controllers:
...where I am standing because I'd essentially either be insinuating microsoft doesn't know their own products or saying people I know, know more than they do. It's not an easy sell.
That's not the case. Microsoft is a vendor. This isn't a discussion about their product, it's a discussion of IT practices. MS is not an IT company. Using them as IT guidance is like listening to Chevy engineers on how to drive instead of to race car drivers. Sure, most Chevy engineers know how to drive to some degree, but their job isn't to drive.
No matter how much MS knows their product, it doesn't mean that they know how to properly use it in a business. It also does not mean that their recommendations are based around what is good for you, but rather what is good for them. Recommendations like always having a second DC is not based around your business needs, but to sell licenses. This is, once again, getting advice from someone with a strong financial incentive to sell you something.
So this really comes down to failing to identify the proper role of who you are talking to. MS is certainly worth checking in with, they have a lot of good info. But the idea that MS knowing or not knowing their products means that they have any say in what good deployment design is is crazy. It's a failure to identify who our peers are versus who our vendors are.
-
That article I linked was to show the benefits of virtualizing a DC, that Microsoft supports it, and other things regarding virtualizing a DC. It wasn't meant to say anything else. I thought of it as an informative link in many aspects.
I will disagree with anybody who says a DC should be physical.
I only mentioned physical DCs for "people who can't do their job well", as Scott put it.
-
@Tim_G said in Always Virtualize Domain Controllers:
I only mentioned physical DCs for "people who can't do their job well", as Scott put it.
And the correct fix in those cases is beat them with noodles and take their access away
-
I agree with Scott here. The wording doesn't help. They mean to have a DC outside of cluster storage, incase of cluster storage issues etc. That doesn't mean it has to be physical. It just has to be off of the csv and can still be a VM. Bad wording.
Even if different hardware entirely from the cluster nodes and storage, the DC could still be a VM on that other box.
-
@scottalanmiller said in Always Virtualize Domain Controllers:
@black3dynamite said in Always Virtualize Domain Controllers:
It would help if Microsoft would also recommend to always virtualize domain controllers.
They do. They've been really clear on that from everything that I have seen.
Last recommendation seen on microsoft official docs - maybe the italian ones: virtualize the AD first instance, keep a phisical one as second instance...
don't understand the logic of this. but hey: their offical business support said I was not allowed to virtualise more than 2 VMs on hyper-v, even if there were linux
