|
Agree. Due to the number of servers some of
our guys have to look at virtualisation. I've said a flat no to the DCs
though. We're standardising on x64 with 32 GB RAM for our DCs.
There's no way we're going to take a perf hit because someone much further up
the chain wants fewer boxes.
I understand that virtualisation is a big thing
and that most companies are taking it seriously enough to at least allocate
resource to look into what can and can't be done in their, or their customers,
environments. For me, however, it only has two places:
-- The lab
-- Consolodation.
The former is probably where everyone here at
least has some experience of virtualisation. The latter is great in
transformation projects whereby a customer has a large number of legacy database
servers, for example. Consider a customer with nearly 200 SQL 7
databases. The cost (in time and effort) of migrating those databases, and
their front-end apps, to a newer version of SQL is considerable.
Consolodating those onto a big VM is a huge bonus with no perf hit as they're
running on 233 MHz Pentium Pros. In the case in question we decided to
purchase two Unisys ES7000 32-way servers, carve them up into four partitions
and have a whole bunch of VMs running as 2k with SQL 7.
So, my pennies worth is virtualisation has its
place, but that place isn't for DCs -unless, as Matt says, we're talking about
small DIT files that can be more or less loaded into memory on a 32-bit system
(in other words, < 2.7 GB).
--Paul
----- Original Message -----
Sent: Thursday, July 20, 2006 3:26
AM
Subject: Re: [ActiveDir] Virtual
DCs
I'd say that it should depend on the size of your
environment.
I've seen the difference in performance between a 64-bit
DC and a 32-bit DC in a large environment and unless a VM can run with enough
RAM to load your entire DIT database in RAM, then a VM would be a poor idea,
IMO.
In other words:
Small environments, go virtual with 2-4GB
of RAM and you should be fine.
Larger environments where the DIT
database is getting over 2GB in size, you will probably be better off going
with physical machines and considering 64-bit DCs if your DIT is breaking 3GB
of size.
The only recommendation that I'd put out there is to make
sure that the physical boxes you're running your VMs on has more than enough
bandwidth to do the job. In other words: Test a whole lot before you go
forward with a plan to do it and make sure that you've got redundancy in place
because you now have 2 more points of failure on a single DC: The OS that it's
sitting on and the VMWare application.
On 7/19/06, Al
Mulnick <[EMAIL PROTECTED]>
wrote:
The voice of reason? WTF? ;-)
Identifying return on effort is a great way to start any project.
I highly recommend (and get beaten soundly for) it.
Brett, one additional thought on the "Forest-On-A-Box" idea: for remote
sites that need a single server from a performance perspective, but need
multiple forest NC's represented, this presents an opportunity to deploy
more Microsoft DC's without additional hardware constraints. Since
some of your brethren are advocating multiple forest deployments where once
multiple domains existed, and because of WAN traffic limitations,
virtualization offers a great way to make this happen without 4 extra
physicals in the geo. This scenario requires an all-or-nothing approach to
the DC - it either works or doesn't and that's all they really care
about. Backups of that particular set of DC's wasn't likely going to
happen anyway, and they very likely would not have anyone local that they'd
trust to restore the machine either and may not even want those people to
have local server access. Offering a way to add in F/P plus the other
forests and it's a compelling branch office forest-on-a-box with F/P
solution.
Oh, the other product(s) you asked about is likely VMware Server http://www.vmware.com/products/ - Note that the
virtualization software is also listed as a freely available option,
although I have not personally seen what that entails at this point. They
tend to make quality stuff though.
-ajm
On 7/19/06, Alex
Alborzfard <
[EMAIL PROTECTED]> wrote:
As others have
suggested, virtualizing your DCs is obviously a viable
option.
However, before
doing so, I think you (or your management) first need to identify what you
are trying to get out of it. Companies implement virtualization mainly for
hardware consolidation reasons. There are other valid reasons such as
saving time & $$ in server provisioning/administration, redundancy,
and disaster recovery.
Speaking from
experience with my clients, the decision to go virtual or not should be
based on two factors: the physical requirement for the server and number
of users or amount of activity on the server. The rule of thumb is to
virtualize a server if it is currently under-utilized from CPU/Memory
standpoint. So except for heavily used Exchange, SQL, or Citrix servers,
almost all servers can be good candidates to be virtual. Almost all AD DCs
fall within this category.
If your
management is considering building a solid virtualization environment, I
would recommend going with VMware (ESX) solution, especially if you have
SAN.
It may not be
free and there is a bigger learning curve involved, but you get the best
bang for your buck especially in an enterprise environment because of its
many advanced features and complementing technologies such as Virtual
Center, VMotion, P2V, etc. To me it's like the difference between using
Terminal Server and Citrix.
If however this
is a one-time, ad-hoc effort, you can go with either VMware or MS server
solutions. In either case, if your box is beefed up (has at least 2GB of
RAM), with VMware Server you can get away with putting all DCs as VMs on
one box. If you have SAN and ESX, you can even boot all your VMs from it
and resolve your redundancy concerns. With MS, I would probably split them
across 2 boxes.
Just my 2
cents!
I would
definitely back the use of VM's on this one, although I would definitely
keep one or two DC's present. I have personally done the rounds with
MS on this, and we ended up wit 5 physical DC's, and 38 Virtual
ones. There were two reasons we retained physical DC's:
1)
At the time (a
couple of months ago), different staff in MS interpreted their own support
policy differently, and they couldn't (and still haven't) resolved
it. To ensure we had a supported environment we retained some
physical DC's.
2)
We were uncertain
how much Exchange would pull on the DC's for it lookups, and to minimise
risk of deploying VM's we gave the bigger sites (where our Exchange boxes
were) physical DC's
Ada , I say go for
it, but keep one, possibly two physical DC's.
Brad
Along these
lines, has anyone seen an actual best practices whitepaper for MS Virtual
Server? How to configure disk arrays, controller cache, how many
VHDs per volume, memory allocation, etc.
Bryan
Lucas
Server
Administrator
Texas Christian
University
(817)
257-6971
This is
absolutely true. I know virtualization scares a lot of people, but
the fact is that in some environments virtualizing systems saves a great
deal of money and actually makes managing systems much easier (here it has
reportedly saved a "significant" amount in hardware cost for the
enterprise). I have been closely watching my Exchange servers ever
since our AD side of the house started virtualizing DC's and with domain
controllers running on ESX servers in an optimized configuration the
performance is very close to hardware. I have noticed that in terms
of LDAP performance that VM's are a tad bit slower then hardware, but that
"tad" is well within the range of performance that applications like
Exchange require. After over a year of having virtualized
DC's we have not had any problems with virtualized domain
controllers (placed globally on ESX servers around the world). We
do, however, work on the side of caution and do maintain a few
hardware DC's in our HQ that own FSMO roles, but I've seen nothing to
suggest that they could not be on VM's to date (it's just a
precaution).
I have to admit
at first I totally dismissed virtualization because I considered it, like
others, as more of a development\test environment solution, however I have
since been convinced after working with virtualized OS's that it has it's
place (we have 100's if not 1000's of virtualized hosts currently in
production). I/O intensive applications are not a good place for
virtualization in production, but other less I/O intensive applications
work great with it. Brian does have a point in that it has to be
"done correctly" and with the right understanding of how to build a high
performing virtualization environment it will work just fine for domain
controllers\global catalog servers.
Regards,
Steven
From:
[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] ] On Behalf Of Brian
Desmond
Sent:
Wednesday, June 07, 2006 12:04 AM
To: [email protected]
Subject: RE: [ActiveDir] Virtual
DCs
I have
no problem with VMWare or Virtual Server DCs if done correctly. Frankly,
7K users is like pocket change if you ask me. Really, the users generate
no load – they logon to the PC and change their password. Things like
Exchange (and OLK), machines, and other AD aware apps do. If properly
written and the virtual hardware properly configured everything should
still jive. If I had to make a one off guess with no more info I'd say
go for it. The price war with MS and EMC on virtualization has made this
far more economical, and if you're going to be doing branches, you can
play your sacred card and virtualize stuff and quasi isolate it. There
have been a couple lengthy discussions on that subject recently – Tony
has a search widget on the website for this DL. :)
Ada
,
I am intrigued
as to why "management" are directing you to do this. What benefits do
they percieve? Do they understand the nature of the 2K3 directory and
the load 7,000 users puts on it?
This is not a
criticism - just a curious thinking out loud moment...
Personally - I
wouldn't do it. Some would say a DC is a sacred thing, not to be toyed
with. Proof of concept is always good in these scenarios... if you
were to set this up in a lab, even with just two VMWare-ed DC's, you
could show the overhead this would place on the machine and help them to
understand the additional cost this will bring.
Remember, a DC
that is just a DC (AD, DNS, maybe DHCP) doesn't need to be a gutsy box -
it can just be a PC rebuilt with Win2K3 server on it. However it does
need to stay up all the time. ;)
themolk.
From:
[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] ] On Behalf Of Rivera,
Ada
Sent: Tuesday, 6
June 2006 9:51 PM
To:
[email protected]
Subject: [ActiveDir] Virtual
DCs
We have a single domain
forest with about 7,000 users. Currently we 8 AD regional sites and
one HQ AD site. The regional sites each have
a DC serving their local
regional area and there are multiple DCs in our HQ site. The
environment is currently
running Windows 2000 SP4 and we are looking to
upgrade our DCs to W2K3. The direction from management is
that we will put all of
our domain controllers on VM Ware when we upgrade the DCs to W2K3.
Does anyone have any thoughts on this? Good or Bad
idea?
----------------------------------------------------------------------------------------
This is a PRIVATE message. If
you are not the intended recipient, please delete without copying and
kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of
content, this e-mail shall not operate to bind 1E Ltd to any order or
other contract unless pursuant to explicit written agreement or government
initiative expressly permitting the use of e-mail for such purpose.
----------------------------------------------------------------------------------------
|
