"When deploying virtual disks, the same rules apply as they would for the same process on physical disks. For example, do not allow a database store to use the same disk spindles as its transaction logs."
Something to note is that virtualization sometimes has a higher cost for the disk subsystem. What I mean by that is that if you normally would expect 90 IOPS from a spindle on a standard machine, you might only be able to push 80 IOPS in a virtualized machine. As Robert also points out, if you mix multiple VM's on spindles, which you're often pressured to do, that can become less responsive in large increments. Don't assume you'll get a 1 for 1 performance swap for physical hardware. Also consider that the backplane becomes shared, and there's a shim driver between the host and the disk subsystem that adds performance cost.
The good news is that a lot of legacy OS's have low hardware requirements. They'd be really happy to use a 15K spindle, 400 MHZ memory, and 3GHZ processors with tons of cache and a fast FSB. Especially for OS's that are barely using their existing PII with 128 MB :) Not to mention the 64b deployments that really open a lot of doors for memory and processor as well.
Another one to watch that often gets overlooked is the network bandwidth. For example, if you stack 10 VM's on a single guest, you have at least (details another time) 11 hosts worth of network traffic to plan for and support. Gigabit adapters suddenly don't seem like they have so much extra capacity.
Be careful what you do at the host level. In the past, if you just willy-nilly threw on patches and configuration changes, at most you would take down that machine only. When you scale that to 10 or 20 or 30 guests, the impact is much much higher. Consider employing best configuration practices for your hosts at a minimum. You'll be glad you did.
Look both ways when you cross the street, don't spit in the wind, and don't tug on Superman's cape. [1]
Virus scans: be sure to do your homework there. Some of these VM's and components can look like morphing software to a virus scanner.
Something else that wasn't mentioned before, but can be very helpful is that your VM's can be useful for creating valid-data test environments and can be instrumental in fast-recovery disaster scenarios if done correctly. They really can open the door for a lot of options.
Al
[1] I just throw that in there because I'm drinking my coffee and it seemed like a diversion would be amusing for the moment. That's not to say you can disregard that advice without consequence; to the contrary, you'll still want to understand the risk/reward of any of those actions before going against the advice. <G>[2]
[2] Oh, and it's not original adivce. I know that too 'cause the coffee is starting to kick in...
On 6/13/06, Rob MOIR <[EMAIL PROTECTED]> wrote:
I have a few notes on general best practices for building Virtual Servers on my website if that is any help:
http://robertmoir.com/blogs/someone_else/archive/2006/03/12/2155.aspx
--
Robert Moir
Microsoft MVP for Windows Servers & Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong | Good vs. Evil
God vs. the devil | What side you on?
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED]] On Behalf Of Al Mulnick
> Sent: 13 June 2006 03:07
> To: [email protected]
> Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on
> tuning Virtual Server
>
> There's this:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-
> 4209-8ED2-E261A117FC6B&displaylang=en
>
> And then
> http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
>
> And
> http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-
> 4209-8ED2-E261A117FC6B&displaylang=en
>
> But now that you mention it, I don't think a collective best practice
> for general usage is something I've seen.
>
>
>
>
> On 6/12/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote:
>
> Re-post
>
>
>
> Administrator
>
> Texas Christian University
>
> (817) 257-6971
>
>
> ________________________________
>
>
> From: [EMAIL PROTECTED] <mailto:ActiveDir-
> [EMAIL PROTECTED]> [mailto: [EMAIL PROTECTED]]
> On Behalf Of Lucas, Bryan
> Sent: Thursday, June 08, 2006 8:05 AM
> To: [email protected]
> <mailto:[email protected]>
> Subject: RE: [ActiveDir] Virtual DCs
>
>
>
> Along these lines, has anyone seen an actual best practices
> whitepaper for MS Virtual Server? How to configure disk arrays,
> controller cache, how many VHDs per volume, memory allocation, etc.
>
>
>
> Bryan Lucas
>
> Server Administrator
>
> Texas Christian University
>
> (817) 257-6971
>
>
> ________________________________
>
>
> From: [EMAIL PROTECTED] <mailto:ActiveDir-
> [EMAIL PROTECTED]> [mailto: [EMAIL PROTECTED]]
> On Behalf Of Presley, Steven
> Sent: Wednesday, June 07, 2006 10:23 AM
> To: [email protected]
> <mailto:[email protected]>
> Subject: RE: [ActiveDir] Virtual DCs
>
>
>
> This is absolutely true. I know virtualization scares a lot of
> people, but the fact is that in some environments virtualizing systems
> saves a great deal of money and actually makes managing systems much
> easier (here it has reportedly saved a "significant" amount in hardware
> cost for the enterprise). I have been closely watching my Exchange
> servers ever since our AD side of the house started virtualizing DC's
> and with domain controllers running on ESX servers in an optimized
> configuration the performance is very close to hardware. I have
> noticed that in terms of LDAP performance that VM's are a tad bit
> slower then hardware, but that "tad" is well within the range of
> performance that applications like Exchange require. After over a year
> of having virtualized DC's we have not had any problems with
> virtualized domain controllers (placed globally on ESX servers around
> the world). We do, however, work on the side of caution and do
> maintain a few hardware DC's in our HQ that own FSMO roles, but I've
> seen nothing to suggest that they could not be on VM's to date (it's
> just a precaution).
>
>
>
> I have to admit at first I totally dismissed virtualization
> because I considered it, like others, as more of a development\test
> environment solution, however I have since been convinced after working
> with virtualized OS's that it has it's place (we have 100's if not
> 1000's of virtualized hosts currently in production). I/O intensive
> applications are not a good place for virtualization in production, but
> other less I/O intensive applications work great with it. Brian does
> have a point in that it has to be "done correctly" and with the right
> understanding of how to build a high performing virtualization
> environment it will work just fine for domain controllers\global
> catalog servers.
>
>
>
> Regards,
>
> Steven
>
>
>
>
> ________________________________
>
>
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] <mailto:ActiveDir-
> [EMAIL PROTECTED]> ] On Behalf Of Brian Desmond
> Sent: Wednesday, June 07, 2006 12:04 AM
> To: [email protected]
> Subject: RE: [ActiveDir] Virtual DCs
>
> I have no problem with VMWare or Virtual Server DCs if done
> correctly. Frankly, 7K users is like pocket change if you ask me.
> Really, the users generate no load – they logon to the PC and change
> their password. Things like Exchange (and OLK), machines, and other AD
> aware apps do. If properly written and the virtual hardware properly
> configured everything should still jive. If I had to make a one off
> guess with no more info I'd say go for it. The price war with MS and
> EMC on virtualization has made this far more economical, and if you're
> going to be doing branches, you can play your sacred card and
> virtualize stuff and quasi isolate it. There have been a couple lengthy
> discussions on that subject recently – Tony has a search widget on the
> website for this DL. :)
>
>
>
> Thanks,
>
> Brian Desmond
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
>
>
> c - 312.731.3132
>
>
>
> From: [EMAIL PROTECTED] <mailto:ActiveDir-
> [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]]
> On Behalf Of Molkentin, Steve
> Sent: Tuesday, June 06, 2006 8:50 AM
> To: [email protected]
> <mailto:[email protected]>
> Subject: RE: [ActiveDir] Virtual DCs
>
>
>
> Ada ,
>
>
>
> I am intrigued as to why "management" are directing you to
> do this. What benefits do they percieve? Do they understand the nature
> of the 2K3 directory and the load 7,000 users puts on it?
>
>
>
> This is not a criticism - just a curious thinking out loud
> moment...
>
>
>
> Personally - I wouldn't do it. Some would say a DC is a
> sacred thing, not to be toyed with. Proof of concept is always good in
> these scenarios... if you were to set this up in a lab, even with just
> two VMWare-ed DC's, you could show the overhead this would place on the
> machine and help them to understand the additional cost this will
> bring.
>
>
>
> Remember, a DC that is just a DC (AD, DNS, maybe DHCP)
> doesn't need to be a gutsy box - it can just be a PC rebuilt with
> Win2K3 server on it. However it does need to stay up all the time. ;)
>
>
>
> themolk.
>
>
>
>
>
>
> ________________________________
>
>
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] <mailto:ActiveDir-
> [EMAIL PROTECTED]> ] On Behalf Of Rivera, Ada
> Sent: Tuesday, 6 June 2006 9:51 PM
> To: [email protected]
> Subject: [ActiveDir] Virtual DCs
>
> We have a single domain forest with about 7,000
> users. Currently we 8 AD regional sites and one HQ AD site. The
> regional sites each have a DC serving their local regional area and
> there are multiple DCs in our HQ site. The environment is currently
> running Windows 2000 SP4 and we are looking to upgrade our DCs to W2K3.
> The direction from management is that we will put all of our domain
> controllers on VM Ware when we upgrade the DCs to W2K3. Does anyone
> have any thoughts on this? Good or Bad idea?
>
