none
Active Directory and DNS on Hyper-V host

    Question

  • I have an old network, Windows 2000, with 7 physical servers.  We haved budgeted to replace 6 of the physical servers with 2 servers using Hyper-V.  The new hardware will be as follows:
    Dell R710 64bit Server running 2008 Hyper-V
        This host will run 4 Guest Servers (Internal IIS, External IIS, SQL 2008, File Server)
    Dell R710 64bit Server running 2008 Hyper-V
        This host will run 2 Guest Servers (SQL 2005, Sharepoint)
    Dell MD3000i SAN
    Dell 2850 32bit Server running 2008
        This server will house (Antivirus Mgnt, Fax Services, MS Data Protection Manager)

    My Question:
         I understand that you can virtualize Active Directory, there are many articles on this.  About 6 months ago I set up a single server running Hyper-V with 4 guest, one of which is a Domain Controller, and another physical server as a Domain Controller.  So that way when I have to take down my Hyper-V server it still has a physical Domain Controller to authenticate against. In the above case I cannot use my Dell 2850 as a Domain Controller because it's documentated that you cannot use AD on a server along with MS Data Protection Manager, and it's best to not use MS Data Protection Manager in a virtual guest.
    Is it acceptable to put AD and DNS on a Hyper-V host machine?  If I was to put AD and DNS each on my two Hyper-V host servers does anyone see any issues with this?
    Sunday, November 01, 2009 5:23 PM

Answers

  • You don't want to make your Hyper-V hosts Domain Controllers.
    First of all a Domain Controller will automatically disable write-back caching on the volumes on which Active Directory data is stored. This will impact the performance of your host negatively by some 30 percent. Another point is fail-over clustering Domain Controllers is unsupported, so you won't be able to use this feature in combination with Hyper-V on your Hyper-V hosts.

    The idea of a physical Domain Controller is a good idea in a Hyper-V environment. It has some useful purposes.
    One of the most useful purposes is the availability of Active Directory in case of an emergency or virtualization platform hardware/software defect. 

    For these purposes however, you can make do with the smallest, least resilient server on sale. It doesn't need to have a RAID controller or multiple spindles, it doesn't need redundant power supplies or a lot of RAM. Dells $149 rackmount discount model will do.
    Sunday, November 01, 2009 8:09 PM

All replies

  • You don't want to make your Hyper-V hosts Domain Controllers.
    First of all a Domain Controller will automatically disable write-back caching on the volumes on which Active Directory data is stored. This will impact the performance of your host negatively by some 30 percent. Another point is fail-over clustering Domain Controllers is unsupported, so you won't be able to use this feature in combination with Hyper-V on your Hyper-V hosts.

    The idea of a physical Domain Controller is a good idea in a Hyper-V environment. It has some useful purposes.
    One of the most useful purposes is the availability of Active Directory in case of an emergency or virtualization platform hardware/software defect. 

    For these purposes however, you can make do with the smallest, least resilient server on sale. It doesn't need to have a RAID controller or multiple spindles, it doesn't need redundant power supplies or a lot of RAM. Dells $149 rackmount discount model will do.
    Sunday, November 01, 2009 8:09 PM
  • Hi Sander,

    I am very interested in your performance comment of a somewhat negative 30%. I have recently been looking at a virtualised environment we currently have where a site has a 2008 server running as a DC with the Hyper-V role installed and running a further 3 virtual machines. I am looking at setting up a new site with a virtual environment which is supposed to mirror this existing setup. I would have concerns of running anything on the host other than the hyper-v role though.

    My question really is how could I measure the performance of the existing setup we have and prove the fact that server we have running there is currently suffering from negative performance due to the fact that there was AD, DNS and DHCP running on the host?

    Many thanks, John.

    Monday, March 29, 2010 1:58 PM
  • Hi Sander,

    I am very interested in your performance comment of a somewhat negative 30%. I have recently been looking at a virtualised environment we currently have where a site has a 2008 server running as a DC with the Hyper-V role installed and running a further 3 virtual machines. I am looking at setting up a new site with a virtual environment which is supposed to mirror this existing setup. I would have concerns of running anything on the host other than the hyper-v role though.

    My question really is how could I measure the performance of the existing setup we have and prove the fact that server we have running there is currently suffering from negative performance due to the fact that there was AD, DNS and DHCP running on the host?

    Many thanks, John.

    Monday, March 29, 2010 1:59 PM
  • how could I measure the performance of the existing setup we have and prove the fact that server we have running there is currently suffering from negative performance due to the fact that there was AD, DNS and DHCP running on the host?

    You can measure performance using the standard performance benchmark tools.
    (like Sisoft Sandra, HD Tune and Passmark)

    The only way to actually make a reliable case for the performance drop, is to run benchmarks on a similar virtual machine (the 'workload'), using the same benchmark tool, on the same physical hardware, using the same settings (except the settings you'd want to test). Whether this is possible in your situation to setup is for you to judge.

    Monday, March 29, 2010 9:46 PM
  • Can you send me a link where I could get these Dell $149 rackmount discount models?  I'd like to pick up a few of them but I can't seem to find them.  What model is this?

     

    Thank you!!

    Sunday, February 27, 2011 6:35 PM