none
AD DR Site Scenario - Recommended?

    Question

  • Prod Site: DC01, App Servers

    DR Site: DC02, App Servers

    App servers, on DR site, are constantly hyderated via vmware SRM and are in Protection.

    At time of DR Test Drill, our team is contemplating this design plan:

    Run a script to change IP's of all protected servers in Dr site. Name will remain same as Prod. Then, make necessary updates in DNS of production DC (DC02) in DR Site to take care of the changed IP's of the app servers.

    During the course of the DR drill, Prod Site App servers, including DC01 will be in shutdown state.

    I'm looking to see if this Design for the DR Drill test is possible and also if it is recommended?



    - thestriver

    Friday, March 3, 2017 3:35 AM

Answers

  • Team here is using latest vSphere and I understand the snapshot created will take care of the generation of the VM-GenerationID. Also, for other customers, all we have been doing is create snapshot, shutdown prod dc, seize roles, update dns records; and it has been working like a charm on W2K12.

    Didn't had to go through all these steps mentioned in your article. Perhaps, vmware takes care of them in the background while the snapshot is created. I believe those steps would be required if the hypervisor is hyper-v or others. Whats your thoughts?


    - thestriver



    • Edited by thestriver Tuesday, March 7, 2017 3:09 AM
    • Marked as answer by thestriver Tuesday, March 7, 2017 6:31 PM
    Tuesday, March 7, 2017 3:08 AM
  • Team here is using latest vSphere and I understand the snapshot created will take care of the generation of the VM-GenerationID. Also, for other customers, all we have been doing is create snapshot, shutdown prod dc, seize roles, update dns records; and it has been working like a charm on W2K12. >>> So the Vmware has same features this should be OK.

    So i beleive also Vmware has these features like Hyper-v,so maybe you need to check process on Vmware site for DC cloning.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by thestriver Thursday, March 9, 2017 4:17 PM
    Tuesday, March 7, 2017 8:27 AM

All replies

  • Of course before running the script, we will transfer the OM roles to DC02.

    - thestriver

    Friday, March 3, 2017 3:36 AM
  • Hi

     If the apps works with specific hostname and ip address then you can change dc information with script.But if the apps just need AD authentication just configure DC1 as primary and DC2 as secondary.Also then the DC1 become avaible again in a short time period,you don't need to transfer fsmo roles to other dc,but if the time period is long you should transfer roles before shut down otherwise you have to seize them.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, March 3, 2017 8:56 AM
  • This article recommends against this idea. Any thoughts?

    - thestriver

    Friday, March 3, 2017 1:12 PM
  • So you should be careful for SID dublication,if when the Prod site unavaible and all servers transfer to DR site it is OK.If there will be dublicate copies of vm's runing on domain this would be problem.Maybe you think abut for manually transfer vm's to DR site.

     But for AD authentication if all DC's configured with DS,DNS,GC role there won't be any problem cause of AD.(so already configure dns prepered dc1 and secodary as dc2 on member servers,clients.).And you can transfer roles anytime even dc1 become unavaible you can seize roles too.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, March 3, 2017 5:36 PM
  • Scenario 1 (above) Or

    Scenario 2: Clone DC2 in DR Site. Shutdown DC2. Disconnect Network connectivity to Prod Site. Seize all roles into Cloned DC. Restart cloned DC. Run script to change IP's in DNS Server in DR site for app servers and also change IP for all app servers in DR site. Test app connectivity to cloned DC.

    In Scenario2, the Prod site can keep running as the network is cut from DR site and DC2 is in shutdown state. In this case, DC1 will service the requests as usual in Prod site.So running DR drills in future will not require the Prod site be in shutdown state.

    So which solution is ideal/recommended, Scenario 1 or 2? I think Scenario 2. Please confirm.

    - thestriver





    • Edited by thestriver Monday, March 6, 2017 11:03 AM
    Monday, March 6, 2017 10:55 AM
  • In my opion scenario1 is ideal,do not clone a Domain Controller.If you will configure other Additional Domain Controller on DR site(with dns,gc),you can transfer&seize roles on them with ntdsutil,so just you can configure ADC ip address as secondary on member server and application site.

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 6, 2017 4:06 PM
  • Cloning of DC is nowadays possible via virtualization and may of our customers have gone this route. Also, customer would ideally want to keep their prod site in running state at time of dr drill in DR site. This is only possible with Scenario 2 or perhaps some other ways which I'm unaware of and need your expert advice.

    - thestriver

    Monday, March 6, 2017 5:48 PM
  • Yes,as you said DC cloning possible with Server 2012,also you should check this article for requirements;

    https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 6, 2017 9:44 PM
  • Team here is using latest vSphere and I understand the snapshot created will take care of the generation of the VM-GenerationID. Also, for other customers, all we have been doing is create snapshot, shutdown prod dc, seize roles, update dns records; and it has been working like a charm on W2K12.

    Didn't had to go through all these steps mentioned in your article. Perhaps, vmware takes care of them in the background while the snapshot is created. I believe those steps would be required if the hypervisor is hyper-v or others. Whats your thoughts?


    - thestriver



    • Edited by thestriver Tuesday, March 7, 2017 3:09 AM
    • Marked as answer by thestriver Tuesday, March 7, 2017 6:31 PM
    Tuesday, March 7, 2017 3:08 AM
  • Team here is using latest vSphere and I understand the snapshot created will take care of the generation of the VM-GenerationID. Also, for other customers, all we have been doing is create snapshot, shutdown prod dc, seize roles, update dns records; and it has been working like a charm on W2K12. >>> So the Vmware has same features this should be OK.

    So i beleive also Vmware has these features like Hyper-v,so maybe you need to check process on Vmware site for DC cloning.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by thestriver Thursday, March 9, 2017 4:17 PM
    Tuesday, March 7, 2017 8:27 AM