Storage Question
-
@scottalanmiller said:
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Um, that's against Best practice and causes AD DNS issues. @Rob-Dunn would fuss at you for that one.
-
@Jason said:
I should say not virtualized in the sense that it runs on shared storage and does automated Vmotion. Exchange level failovers are much better.
Ah yes, in that case, I totally agree. Virtualize but don't use shared storage of any sort. Application level high availability via the DAG groups is how it "should" be handled. And how Office 365 and any large environment that I know of would be handling it.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
For DC redundancy. I really don't want to roll with one DC.
What makes you so dependent on Active Directory? I've had AD go down for two weeks and not one user even mentioned it. That's atypical, but my point is that on its own AD is designed to be able to go offline for long periods of time with little or no impact. What's the specific risk that you are facing?
Well I don't know about him, not that this is an advocate for requiring dual AD boxes, but I know that I run all internet DNS queries through my AD DNS box. If I only have one, then basically the internet is down for me as well as the AD box.
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Yeah, that's been less than successful for me in that past. Once the PC fails to the second or third DNS (which by itself even in Windows 7 seems to take forever) the machine will never failback. You have to reboot, or at least refresh IP to get it to go back.
But it's definitely an option, and one I would use in this case.
-
@Jason said:
@scottalanmiller said:
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Um, that's against Best practice and causes AD DNS issues. @Rob-Dunn would fuss at you for that one.
It would only cause AD issue in a case where AD has failed.... meaning AD issues are moot. It's the best practice that I am aware of for an environment without a need for AD failover.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
For DC redundancy. I really don't want to roll with one DC.
What makes you so dependent on Active Directory? I've had AD go down for two weeks and not one user even mentioned it. That's atypical, but my point is that on its own AD is designed to be able to go offline for long periods of time with little or no impact. What's the specific risk that you are facing?
Well I don't know about him, not that this is an advocate for requiring dual AD boxes, but I know that I run all internet DNS queries through my AD DNS box. If I only have one, then basically the internet is down for me as well as the AD box.
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Yeah, that's been less than successful for me in that past. Once the PC fails to the second or third DNS (which by itself even in Windows 7 seems to take forever) the machine will never failback. You have to reboot, or at least refresh IP to get it to go back.
But it's definitely an option, and one I would use in this case.
You have the entries already in the PCs and they never fail back? That seems odd.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
For DC redundancy. I really don't want to roll with one DC.
What makes you so dependent on Active Directory? I've had AD go down for two weeks and not one user even mentioned it. That's atypical, but my point is that on its own AD is designed to be able to go offline for long periods of time with little or no impact. What's the specific risk that you are facing?
Well I don't know about him, not that this is an advocate for requiring dual AD boxes, but I know that I run all internet DNS queries through my AD DNS box. If I only have one, then basically the internet is down for me as well as the AD box.
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Yeah, that's been less than successful for me in that past. Once the PC fails to the second or third DNS (which by itself even in Windows 7 seems to take forever) the machine will never failback. You have to reboot, or at least refresh IP to get it to go back.
But it's definitely an option, and one I would use in this case.
You have the entries already in the PCs and they never fail back? That seems odd.
Nope, they never try DNS 1 again until DNS 2 fails to 2, which then fails again back to 1.
-
Well, even if I wanted to keep the backup DC, I could install Server 2012 on a desktop I have here, and at least save the cost of a second server.
That wouldn't be crazy, right? Other than the license cost.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
For DC redundancy. I really don't want to roll with one DC.
What makes you so dependent on Active Directory? I've had AD go down for two weeks and not one user even mentioned it. That's atypical, but my point is that on its own AD is designed to be able to go offline for long periods of time with little or no impact. What's the specific risk that you are facing?
Well I don't know about him, not that this is an advocate for requiring dual AD boxes, but I know that I run all internet DNS queries through my AD DNS box. If I only have one, then basically the internet is down for me as well as the AD box.
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Yeah, that's been less than successful for me in that past. Once the PC fails to the second or third DNS (which by itself even in Windows 7 seems to take forever) the machine will never failback. You have to reboot, or at least refresh IP to get it to go back.
But it's definitely an option, and one I would use in this case.
You have the entries already in the PCs and they never fail back? That seems odd.
Nope, they never try DNS 1 again until DNS 2 fails to 2, which then fails again back to 1.
You could block 8.8.8.8 and 8.8.4.4 at the firewall temporarily to force them back I guess
-
@BRRABill said:
Well, even if I wanted to keep the backup DC, I could install Server 2012 on a desktop I have here, and at least save the cost of a second server.
That wouldn't be crazy, right? Other than the license cost.
It's not crazy at all. Since it's free and just adding extra redundancy.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
For DC redundancy. I really don't want to roll with one DC.
What makes you so dependent on Active Directory? I've had AD go down for two weeks and not one user even mentioned it. That's atypical, but my point is that on its own AD is designed to be able to go offline for long periods of time with little or no impact. What's the specific risk that you are facing?
Well I don't know about him, not that this is an advocate for requiring dual AD boxes, but I know that I run all internet DNS queries through my AD DNS box. If I only have one, then basically the internet is down for me as well as the AD box.
Should not be. You just set your secondary and tertiary DNS entries via DHCP to Google and voila, problem fixed.
Yeah, that's been less than successful for me in that past. Once the PC fails to the second or third DNS (which by itself even in Windows 7 seems to take forever) the machine will never failback. You have to reboot, or at least refresh IP to get it to go back.
But it's definitely an option, and one I would use in this case.
You have the entries already in the PCs and they never fail back? That seems odd.
Nope, they never try DNS 1 again until DNS 2 fails to 2, which then fails again back to 1.
You could block 8.8.8.8 and 8.8.4.4 at the firewall temporarily to force them back I guess
LOL I suppose I could.
-
@Dashrender said:
Nope, they never try DNS 1 again until DNS 2 fails to 2, which then fails again back to 1.
@Dashrender is correct here. I have seen this more than once, and this is why I refuse to put any external DNS entry in my local machines.
If I have an AD environment with only a single internal DNS server I will give the router as a secondary DNS. The router itself will look to the internal DNS first and then to google second.
-
@scottalanmiller said:
@BRRABill said:
Well, even if I wanted to keep the backup DC, I could install Server 2012 on a desktop I have here, and at least save the cost of a second server.
That wouldn't be crazy, right? Other than the license cost.
It's not crazy at all. Since it's free and just adding extra redundancy.
It's not free, it's $800 and it's another box he has to maintain.
-
@scottalanmiller said:
It's not crazy at all. Since it's free and just adding extra redundancy.
Well, other than the license cost.
-
If you really want a solution for a second DC, I'd buy a Unitrends appliance. Then if the AD VM fails, you can spin up the AD VM on the Unitrends box and be back online in under an hour normally.
This gives you your sorta 2nd DC and your backup solution.
-
@BRRABill said:
@scottalanmiller said:
It's not crazy at all. Since it's free and just adding extra redundancy.
Well, other than the license cost.
But already paid.
-
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
Well, even if I wanted to keep the backup DC, I could install Server 2012 on a desktop I have here, and at least save the cost of a second server.
That wouldn't be crazy, right? Other than the license cost.
It's not crazy at all. Since it's free and just adding extra redundancy.
It's not free, it's $800 and it's another box he has to maintain.
He already paid for the license. So it is free now.
-
@scottalanmiller said:
He already paid for the license. So it is free now.
You're assuming the two current servers he has are 2012R2.. if that's the case, you're right.
-
@scottalanmiller said:
He already paid for the license. So it is free now.
I technically haven't paid for it, but we ended up doing it in monthly payments, and I'm not sure the paperwork can be stopped.
Are you really recommending NOT to have a backup DC. Everything I have always read said to definitely do it. I think I'd feel better with it, but I can be talked out of that!
-
@BRRABill said:
Are you really recommending NOT to have a backup DC. Everything I have always read said to definitely do it. I think I'd feel better with it, but I can be talked out of that!
Honestly for the smaller side of SMB, no you do not need it with all the fast recovery options that exist with everything virtualized now.
-
@BRRABill said:
Are you really recommending NOT to have a backup DC. Everything I have always read said to definitely do it. I think I'd feel better with it, but I can be talked out of that!
That's because of several factors:
- Lots of people like MS and their partners make money selling you extra licenses. There is a lot of incentive to push them.
- Companies of any significant size need things like this to failover because the impact is many times larger and the cost of extra licenses is nothing to them. So they assume you are bigger than you are.
- They assume AD being tied into other systems where there is no cache layer.
- IT folks often want to add complexity to make their jobs appear harder than necessary.
- Hubris. IT must be mission critical, right? It would be unthinkable that we could live without it for a few hours.
For small businesses, it is actually decently rare that the cost of a second AD DC is justified. If you had a second server anyway for other reasons, like most medium sized businesses and larger do, the second AD DC might be free. But for you, it is a LOT of money.
