Yes; you can do that. I have 9 VMs running on one server running Vmware GSX. Needs to be a pretty beefy box to do it, though, and you're paying more since you have one extra OS to buy as well as the GSX license. Our server was around $30K IIRC, and needs about $5K in additional ram. I underspec'd the ram because "oh, there's no way they'll want to add more stuff to that server. It's just for those 4 test lab boxes". Well, we've doubled that number in less than a year...
I think the VM environment is a good idea for the medium-sized enterprise; we're planning to migrate a bunch of services to VMs. For the small business market, that has trouble affording two boxes to put a DC and exch/sql/whatever on, it's not always cost effective. >From a physical perspective, it works extremely well. I have had no issues with the underlying OS or GSX. Rock solid... ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Fuller, Stuart > Sent: Wednesday, February 16, 2005 11:34 AM > To: [email protected] > Subject: RE: [ActiveDir] DC or not DC > > I hate to drag this off subject slightly and since no one has > mentioned > it, but isn't the whole point of Microsoft Virtual Server and VMware > GSX/ESX so that you can run multiple servers on the same > physical server > and not have the application/security/resource conflicts that you can > get by running everything on one server? At the last MS > TechEd several > of the MS people I talked to were pitching Virtual Server as *the* > solution to the "I only have one server" and branch office scenarios. > > -Stuart Fuller > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Wednesday, February 16, 2005 9:50 AM > To: [email protected] > Subject: RE: [ActiveDir] DC or not DC > > Yeah MS has always said best practice is not to put back > office apps or > IIS > on domain controllers for as long as I can recall. Ditto file > and print. > There are possible resource and security issues. > > Then they have SBS.... SBS bothers me because you take > everything MS has > every said and you say, hmmm, forget about it.... At that > point, what do > you > and don't you listen to from MS? My thoughts? Listen to all of it but > don't > trust any of it until you have proven it yourself. I generally (there > are > exceptions to make the rule) consider anything from MS as propaganda > until I > have proven with my direct experience or it has been stated > to me by my > very > few trusted advisors. Like if Dean tells me something, I tend > to listen > closely, I may argue, but I start from a losing position because if I > don't > agree it is probably because I don't understand through no fault of > Dean's > explanation. Many conversations I have with Dean start out with me > thinking, > oh shit, he expects I know what I am talking about with this > functionality... With Rick, well you argue with Rick about everything > because he is a hoot to argue with. With Deji... Check it > twice - all of > it. > ;oP Tony... Never argue with Tony's dinner wine choice, never. > > My thoughts are that if you have a company small enough that SBS works > for > you. You probably won't have too many resource issues unless you have > some > serious power users. However security concerns will *always* be there > simply > because you are adding additional vectors. You can't add more services > to > service users and NOT open up more possible security holes. > Additionally > one > of the methods for fixing replication hangs and such in AD is a reboot > because attempting to stop and start the AD services is less than > helpful. > Tougher to do that when you have people using fixed services such as > F&P, > SQL, Exchange, etc as they tend to get cranky when the server side of > the > equation disappears. > > My personal reaction to anything but DHCP/DNS/WINS on a DC > are sort of a > blanched look and I don't even really like DHCP/WINS/DNS on the DC > because I > think that also raises the security vectors too much. Keep in mind, AD > is > the bastion of your enterprise security. Why give people holes to poke > at to > see if they can compromise the entire forest? > > joe > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff > Sent: Wednesday, February 16, 2005 11:24 AM > To: [email protected] > Subject: RE: [ActiveDir] DC or not DC > > If you have the resources on the box and can not afford to purchase a > new > box for SQL or Exchange, then you are stuck with the only one option. > However, I am a big believer of keeping the server roles separate. I > find > that the overhead of SQL (and even Exchange) is rather high > during peek > times. And, if SQL runs on the DC, this may cause latency issues with > DNS > lookups, group policy updates to clients and/or log in issues. I > believe > that Microsoft's best practices said to keep things separate. (But, I > may > be dreaming...Like I often do...) However, with everything that I have > said, > it is just my opinion and is dependant on how many users you > have and if > your company can afford the cost. > > ***************************************** > Steve Shaff > Active Directory / Exchange Administrator Corillian Corporation > (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alonzo Hess > Sent: Wednesday, February 16, 2005 7:01 AM > To: [email protected] > Subject: [ActiveDir] DC or not DC > > > Last night I received the latest MCPMag email newsletter and > always read > the > questions that people ask. I was kind of surprised by the opening > sentence > of the question. "I know that the Microsoft gospel is never to run > Exchange, > SQL Server, etc. on a domain controller." I've never seen or > heard this > before. I realize having the server be a DC would add some > overhead, but > what are the lists thoughts on this? Good or Bad? > > Thanks, > Zo > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
