[GRLUG] VMWare ESXi Was: Raid, LVM, and Cheap Storage
Ben DeMott
ben.demott at gmail.com
Tue Oct 14 18:23:18 EDT 2008
>
> [Forget VM's for this] Isn't that the point of having multiple DC's?
> The network still runs in the event one DC fails? But what happens if
> it takes a couple days to get a replacement part to get the failed DC
> back up and running?
When the Offline DC holds the Host Masters the issue is a bit different, but
when the offline dc doesn't hold any Master Roles the DC being offline
shouldn't encounter a problem unless it goes past the Tombstone lifetime,
which is 30 days by default I believe.
The problem occurs when the Offline domain controller becomes untrusted.
For security reasons (is my guess) Microsoft does not elaborate on the exact
conditions that cause a situation in which one of the DC's becomes
untrusted.
In testing environments during configuration changes of security accounts
while a domain controller was offline, I've had the partner domain
controller become unstrusted in as little as 3 days!
This problem CAN be corrected and is not as serious as a USN rollback.
If I was at work I could send you a log containing all of the NTDS errors
I've encountered.
Wether this is documented or not I've experienced the behavior in very short
amounts of time being offline.
I believe this is why Microsoft suggests when transporting a DC regardless
of the offline time, to first demote it, then restore from a recent AD
Backup. (theres a best practice somewhre about this)
I agree with you, I am avoiding virtualizing Exchange 2007 and any 2008
products until they are tried and tested - you would be smart to hold off on
exchange, besides most exchange servers have fairly high resource
requirements on a continual basis, so a dedicated box isn't all bad.
We and MANY MANY MANY hosted exchange and hosted database companies run both
exchange 2003, 2007, and sql 2005 in virtual environments.
My litmus test for doing something that isn't supported by Microsoft is
composed of these questions:
1.) How many other organizations do it anyway?
2.) Are they not supporting it for monetary reasons, or technical reasons?
3.) How hard is it to 'go back' to a supported environment.
4.) Can I test my environment and have one foot in and one foot out?
I think with SQL servers especially those questions can be answered:
Lots,
Monetary,
Not Hard if done early on.
Yes.
We have quite a few SQL 2005 virtualized instances - developers love it, and
there is no reason not to do it.
Oh you want to try and work on the (name here) database while your in
Arizona? here just take server with you ... (done)
And Microsoft did publish an article on considerations... so if you follow
that you should be in their (albeit unsupported) good graces.
http://www.microsoft.com/sql/techinfo/whitepapers/virtenviron.mspx
SQL 2003 works great hosted on VM Server 1.06, 2.0, ESX, and ESXi - so you
should be fine any way you go about it.
On Tue, Oct 14, 2008 at 5:04 PM, Bruce Smith <blubdog at gmail.com> wrote:
> > Let me explain my experiences in some more detail for you Bruce :)
>
> And I appreciate this very much!!! :-)
>
> Currently I have mostly Linux servers virtualized.
>
> The only Windows boxes I currently have in a VM are a couple Win2003
> Terminal Servers, and those were built from scratch.
>
> > Exchange 2003, and 2000 servers:
>
> We will be installing Exchange 2007 shortly, although probably not in
> a VM since our consultant says it's not supported by Microsoft.
>
> > Sql 2000:
>
> What about newer versions of SQL server? (2005?)
>
> We have a couple low usage SQL servers that are installed and
> maintained by outside parties (i.e. our payroll vendor). Those would
> be nice to virtualize. And it's be nice to avoid major problems so
> employees (including myself) keep geetting paid! :-)
>
> > Domain Controllers: (I will go into some detail here seeing you are
> > considering this)
> > Windows Domain Controllers states cannot be restored, they cannot be left
> > offline, snapshots cannot be used - any of this can cause a USN Rollback
> -
> > which is bad, and basically makes the server useless, untrusted by the
> > remaining domain controllers, and unsyncable.
> > This can happen if you leave the server connected to the network AFTER
> > performing your Conversion.
> > When you convert a DC (which I don't advise, it's better to rebuild it,
> > transfer Host Master Roles, and retire the old one just because of how
> > insanely tempermental AD really is.)
> >...
> > Note: YOU MUST start the virtual machine within literally HOURS of
> > converting it, if a DC is left offline in a multi-site multi-dc
> environment
> > Microsoft states that problems can start in as little as 8 hours.
>
> What you're saying about replication makes sense to me, except for the
> part of leaving a DC offline can cause problems. (I'm not disagreeing
> with you, I'm just trying to understand why)
>
> [Forget VM's for this] Isn't that the point of having multiple DC's?
> The network still runs in the event one DC fails? But what happens if
> it takes a couple days to get a replacement part to get the failed DC
> back up and running?
>
> - BS
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shinobu.grlug.org/pipermail/grlug/attachments/20081014/733e1e03/attachment.htm
More information about the grlug
mailing list