Oh, the other product(s) you asked about is likely VMware Server http://www.vmware.com/products/ - Note that the virtualization software is also listed as a freely available option, although I have not personally seen what that entails at this point. They tend to make quality stuff though.
As others have suggested, virtualizing your DCs is obviously a viable option.
However, before doing so, I think you (or your management) first need to identify what you are trying to get out of it. Companies implement virtualization mainly for hardware consolidation reasons. There are other valid reasons such as saving time & $$ in server provisioning/administration, redundancy, and disaster recovery.
Speaking from experience with my clients, the decision to go virtual or not should be based on two factors: the physical requirement for the server and number of users or amount of activity on the server. The rule of thumb is to virtualize a server if it is currently under-utilized from CPU/Memory standpoint. So except for heavily used Exchange, SQL, or Citrix servers, almost all servers can be good candidates to be virtual. Almost all AD DCs fall within this category.
If your management is considering building a solid virtualization environment, I would recommend going with VMware (ESX) solution, especially if you have SAN.
It may not be free and there is a bigger learning curve involved, but you get the best bang for your buck especially in an enterprise environment because of its many advanced features and complementing technologies such as Virtual Center, VMotion, P2V, etc. To me it's like the difference between using Terminal Server and Citrix.
If however this is a one-time, ad-hoc effort, you can go with either VMware or MS server solutions. In either case, if your box is beefed up (has at least 2GB of RAM), with VMware Server you can get away with putting all DCs as VMs on one box. If you have SAN and ESX, you can even boot all your VMs from it and resolve your redundancy concerns. With MS, I would probably split them across 2 boxes.
Just my 2 cents!
Alex
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Brad Smith
Sent: Wednesday, July 19, 2006 6:51 AM
To: [email protected]
Subject: RE: [ActiveDir] Virtual DCs
I would definitely back the use of VM's on this one, although I would definitely keep one or two DC's present. I have personally done the rounds with MS on this, and we ended up wit 5 physical DC's, and 38 Virtual ones. There were two reasons we retained physical DC's:
1) At the time (a couple of months ago), different staff in MS interpreted their own support policy differently, and they couldn't (and still haven't) resolved it. To ensure we had a supported environment we retained some physical DC's.
2) We were uncertain how much Exchange would pull on the DC's for it lookups, and to minimise risk of deploying VM's we gave the bigger sites (where our Exchange boxes were) physical DC's
Ada , I say go for it, but keep one, possibly two physical DC's.
Brad
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Lucas, Bryan
Sent: 08 June 2006 14:05
To: [email protected]
Subject: RE: [ActiveDir] Virtual DCs
Along these lines, has anyone seen an actual best practices whitepaper for MS Virtual Server? How to configure disk arrays, controller cache, how many VHDs per volume, memory allocation, etc.
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Presley, Steven
Sent: Wednesday, June 07, 2006 10:23 AM
To: [email protected]
Subject: RE: [ActiveDir] Virtual DCs
This is absolutely true. I know virtualization scares a lot of people, but the fact is that in some environments virtualizing systems saves a great deal of money and actually makes managing systems much easier (here it has reportedly saved a "significant" amount in hardware cost for the enterprise). I have been closely watching my Exchange servers ever since our AD side of the house started virtualizing DC's and with domain controllers running on ESX servers in an optimized configuration the performance is very close to hardware. I have noticed that in terms of LDAP performance that VM's are a tad bit slower then hardware, but that "tad" is well within the range of performance that applications like Exchange require. After over a year of having virtualized DC's we have not had any problems with virtualized domain controllers (placed globally on ESX servers around the world). We do, however, work on the side of caution and do maintain a few hardware DC's in our HQ that own FSMO roles, but I've seen nothing to suggest that they could not be on VM's to date (it's just a precaution).
I have to admit at first I totally dismissed virtualization because I considered it, like others, as more of a development\test environment solution, however I have since been convinced after working with virtualized OS's that it has it's place (we have 100's if not 1000's of virtualized hosts currently in production). I/O intensive applications are not a good place for virtualization in production, but other less I/O intensive applications work great with it. Brian does have a point in that it has to be "done correctly" and with the right understanding of how to build a high performing virtualization environment it will work just fine for domain controllers\global catalog servers.
Regards,
Steven
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Brian Desmond
Sent: Wednesday, June 07, 2006 12:04 AM
To: [email protected]
Subject: RE: [ActiveDir] Virtual DCsI have no problem with VMWare or Virtual Server DCs if done correctly. Frankly, 7K users is like pocket change if you ask me. Really, the users generate no load – they logon to the PC and change their password. Things like Exchange (and OLK), machines, and other AD aware apps do. If properly written and the virtual hardware properly configured everything should still jive. If I had to make a one off guess with no more info I'd say go for it. The price war with MS and EMC on virtualization has made this far more economical, and if you're going to be doing branches, you can play your sacred card and virtualize stuff and quasi isolate it. There have been a couple lengthy discussions on that subject recently – Tony has a search widget on the website for this DL. :)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Molkentin, Steve
Sent: Tuesday, June 06, 2006 8:50 AM
To: [email protected]
Subject: RE: [ActiveDir] Virtual DCs
Ada ,
I am intrigued as to why "management" are directing you to do this. What benefits do they percieve? Do they understand the nature of the 2K3 directory and the load 7,000 users puts on it?
This is not a criticism - just a curious thinking out loud moment...
Personally - I wouldn't do it. Some would say a DC is a sacred thing, not to be toyed with. Proof of concept is always good in these scenarios... if you were to set this up in a lab, even with just two VMWare-ed DC's, you could show the overhead this would place on the machine and help them to understand the additional cost this will bring.
Remember, a DC that is just a DC (AD, DNS, maybe DHCP) doesn't need to be a gutsy box - it can just be a PC rebuilt with Win2K3 server on it. However it does need to stay up all the time. ;)
themolk.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Rivera, Ada
Sent: Tuesday, 6 June 2006 9:51 PM
To: [email protected]
Subject: [ActiveDir] Virtual DCsWe have a single domain forest with about 7,000 users. Currently we 8 AD regional sites and one HQ AD site. The regional sites each have a DC serving their local regional area and there are multiple DCs in our HQ site. The environment is currently running Windows 2000 SP4 and we are looking to upgrade our DCs to W2K3. The direction from management is that we will put all of our domain controllers on VM Ware when we upgrade the DCs to W2K3. Does anyone have any thoughts on this? Good or Bad idea?
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind 1E Ltd to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
----------------------------------------------------------------------------------------
