This can be a huge issue if you are using CSV and failover. That requires the host servers to be part of AD and be able to access it otherwise it fails and nothing is available in the cluster, and none of your virtuals will come on. Even a BIGGER problem if your AD servers are in that cluster. We have a client with 2 host servers running about 18 guests between the two on an EQ SAN, each has an AD guest and both hosts are AD joined, we spun up a 3rd physical DC just for the fault tolerance in the event we cant talk to the AD guest servers.
I suppose we could create a 2nd domain, join the Host servers and the 3rd physical to that new domain and all the guests would be on their own domain internally. But..then I have to worry about a second DC for fault tolerance and backups of this new perimeter domain. My customers would have to have some serious security needs or compliance issues to deal with that cost addition though. Where we play this isn’t as big of a concern. Greg Sweers CEO ACTS360.com<http://www.acts360.com/> P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: David Lum [mailto:[email protected]] Sent: Tuesday, July 03, 2012 11:22 AM To: NT System Admin Issues Subject: RE: VMM/Hyper-V question Not a big deal to join or disjoin them, as long as you know local admin creds. From: Christopher Bodnar [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, July 03, 2012 7:38 AM To: NT System Admin Issues Subject: Re: VMM/Hyper-V question No, security is not the main consideration in this particular situation. Small office environment. I had always heard, not specifically read, that the Hyper-V hosts should not be domain joined. Should have done more reading before I set this up. Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: "Andrew S. Baker" <[email protected]<mailto:[email protected]>> To: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Date: 07/03/2012 10:35 AM Subject: Re: VMM/Hyper-V question ________________________________ If you are concerned about security, consider a separate domain for the perimeter guests vs the internal guests, depending on your architecture. We configured totally different hosts for our DMZ guests than for our internal guests. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Harnessing the Advantages of Technology for the SMB market… On Tue, Jul 3, 2012 at 8:56 AM, Christopher Bodnar <[email protected]<mailto:[email protected]>> wrote: Curious if anyone out there is keeping their Hyper-V hosts in a perimeter network. Or are most people domain joining them. My initial thought was to have them all in a perimeter network with no domain, but with VMM inside the domain. Finding some limitations to this configuration. Specifically in regards to the libraries. you can't transfer VM's from a host in a perimeter network to a library on the VMM server in the domain. Can't see thumbnails either, but that seems minor in comparison. Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459<tel:610-807-6459> 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:[email protected]> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
