Could I virtualize win2008R2 DC with root CA to hyper V? RRS feed

  • Question

  • Hei all,

    I have a closed domain with 2 failover clusters. one is hyper V failover cluster, with 3 nodes, in a Dell VRTX enclusure. The other failover cluster is a two-node VMware cluster with a direct-attached storage box. I have 3 DC in my environment: one physical DC-1 in a blade chassis with windows 2012R2, a virtual DC-2 on the VMware cluster running windows 2008R2, a third DC-3 physical blade running windows 2008R2. DC-3 used to be the DC with all the FSMO roles and enterprise root CA function. I have migrated FSMO roles to DC-1 (which is newer).

    Now my primary wish is to virtualize DC-3 to hyper V cluster such that I can easily failover should anything happen. I read a few posts and have the feeling that to migrate root CA is a very cumbersome process and I just want a easier and safer way to guard hardware failure of the aging DC-3.

    the security concern is not the major issue, as the domain is closed with no internet connection, and the servers are in a secure locked location with very few persons that can access. the users connect to the domain and RD session hosts/VDI thorough RDP. the domain is guarded with firewall, with only port 443 open for RDP gateway server.

    My question is: is it OK to virtualize root CA? in my case if I use P2V, and put the virtualized DC-3 to hyper v failover cluster, would it be any problem /issue?

    thanks a lot for help.


    Thursday, October 11, 2018 11:23 AM

All replies