Completely Virtualised Windows Server 2012 Domain?
-
Saturday, November 17, 2012 10:23 PM
I was wondering if Microsoft now support virtualising all Servers in a Windows Server 2012 domain? (for a small installation)
I think previously they always recommended at least one physical DC? Which can be inconvenient for small businesses not running SBS that cannot afford multiple Servers.
I was wondering if it is now considered "OK" to have 1 server running hyper-v (perhap that is not in the domain) and run on it: a DC, an RDS Server and an application Server – all of which would be in the same domain?
Any advice would be much appreciated!
- Edited by Ian Willson Saturday, November 17, 2012 10:24 PM
- Edited by Ian Willson Saturday, November 17, 2012 10:25 PM
All Replies
-
Sunday, November 18, 2012 12:00 AM
They have always supported a completely virtualized domain. But, there were, and still are, some caveats that you should be aware of. It is always recommended to have at least one DC that is available. This could mean a DC on a physical host or on one of multiple Hyper-V hosts. With 2008/R2, it was NOT recommended to have all your DCs set up as HA VMs on a single cluster. But, if you had multiple clusters, having HA DCs was not a major issue, unless there was the possibility of all machines going down at once. It was a really big job to get such an environment back up and running, so it was recommended to have at least one DC on physical or at least on a Hyper-V system that could boot without access to a DC so that when that machine finished coming up, the DC would be available.
Windows Server 2012 has changed this in that it still needs access to a DC to initially create a cluster, but after that, the cluster nodes can boot and form the cluster without need for access to a domain.
But, in a small environment without any clusters, it's not as much to worry about. The key is ensuring that you always can get access to a domain controller. So, minimally, I always recommend at least two domain controllers on two different systems, if at all possible.
tim
-
Sunday, November 18, 2012 6:08 PM
Thanks for the reply - much appreciated.
I recently came across a web page that has a set of links to many items relating to this topic (mostly for 2008 not 2012 but still quite relevant):
(This may prove useful to anyone else searching around for similar information!)
Also - if anyone out there has any related info or feedback on how they have previously setup a small office's domain on a single server (with multiple VMs) - preferably one that has been used for production (ie not lab or DEV/UAT) purposes - that would be great. Has it proven reliable? Were there any pitfalls? Any advice?
-
Sunday, November 18, 2012 11:03 PM
I set up what you're describing. You just have to follow the approach of deciding what risks you have and what you're prepared to accept. If you have one physical machine with all your DCs on it for example then you absolutely must build and test a DR scenario that allows you to recover your DCs in isolation - there's a lot of backup software that will let you achieve that.
If your security policies can allow it, one thing you might want to look at is sticking a secondary DC in a small azure instance or other hosted instance at the end of a VPN tunnel, having a DC 'elsewhere' will make almost any DR scenario easier.
- Proposed As Answer by Yan Li_Microsoft Contingent Staff, Moderator Wednesday, November 21, 2012 6:31 AM
- Marked As Answer by Yan Li_Microsoft Contingent Staff, Moderator Monday, November 26, 2012 2:07 AM
- Unmarked As Answer by Ian Willson Monday, November 26, 2012 9:41 AM
- Marked As Answer by Ian Willson Monday, November 26, 2012 9:42 AM
.png)
