bntech
asked on
Vmware and Domain controllers, and exchange
What are best practices for running Exchange 2007 and/or Windows 2008 Domain controller in a virtual (vmware environment)
What are recommended guest Os settings \ Tweaks.
Thanks
What are recommended guest Os settings \ Tweaks.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In recap I should do as follows:
•have one physical DC -- I cant do this, as all dcs are virtualized (however spread across multiple host)
•Disable time synchronization for the domain controllers. (Is this unchecking the time sync box in vmware tools) we use vmware
•Balance FSMO roles -- what is best practice on spliting
•configure startup/shutdown on guest Oses for dcs
•Dont use snapshots
So no known registry or system setting tweaks?
What is recommended for write cache and disabling, i read it in one of the articles, but didnt follow it
Any other tweaks or best practices in general for any kind of dc. I want it to be fast, reliable, and stable
•have one physical DC -- I cant do this, as all dcs are virtualized (however spread across multiple host)
•Disable time synchronization for the domain controllers. (Is this unchecking the time sync box in vmware tools) we use vmware
•Balance FSMO roles -- what is best practice on spliting
•configure startup/shutdown on guest Oses for dcs
•Dont use snapshots
So no known registry or system setting tweaks?
What is recommended for write cache and disabling, i read it in one of the articles, but didnt follow it
Any other tweaks or best practices in general for any kind of dc. I want it to be fast, reliable, and stable
1. Actually, no...you don't need 1 phys (I don't). VMware recommends it, but I think it's not needed.
2. For time sync -> configure an ATS in your domain...in this case it would be your sole DC. Then, configure your ESX/i host to see your ATS to get its time. Actually, you'll need to verify that time sync with ESX/i host is UNCHECKED in VMware Tools within your VMs (I believe it is by default). All clients and servers will 'see' your domain ATS as its time server (see this MS KB: http://support.microsoft.com/kb/816042)
3. Balancing FSMO roles requires you to have > 1 DC. If you don't have that, then you can't. This MS KB explains best placement: http://support.microsoft.com/kb/223346
The only registry tweak would be for your ATS, if W2K8 is similar to configure for ATS as it is in W2K3 (not implemented W2K8 yet).
Hope that helps.
Regards,
~coolsport00
2. For time sync -> configure an ATS in your domain...in this case it would be your sole DC. Then, configure your ESX/i host to see your ATS to get its time. Actually, you'll need to verify that time sync with ESX/i host is UNCHECKED in VMware Tools within your VMs (I believe it is by default). All clients and servers will 'see' your domain ATS as its time server (see this MS KB: http://support.microsoft.com/kb/816042)
3. Balancing FSMO roles requires you to have > 1 DC. If you don't have that, then you can't. This MS KB explains best placement: http://support.microsoft.com/kb/223346
The only registry tweak would be for your ATS, if W2K8 is similar to configure for ATS as it is in W2K3 (not implemented W2K8 yet).
Hope that helps.
Regards,
~coolsport00
ASKER
sorry for my ignorance but what is ATS and how do you configure ATS on both ESX and Domain
No worries...I apologize for not clarifying...it means "authoritative time server". I provided the link in how to configure for your domain above. For ESX, you configure under Configuration tab -> Time Configuration, and add your time server host name or IP. It will then sync its time with your ATS.
~coolsport00
~coolsport00
ASKER
Yea -- I already did this, and pointed to an external time source server, us.pool.ntp.org
The thing is i also configured ESX to use the same external time source -- should esx point to the internal DC.. If the DC is down then it wont be able to sync its time
The thing is i also configured ESX to use the same external time source -- should esx point to the internal DC.. If the DC is down then it wont be able to sync its time
Yeah..see, for you, it would indeed be different being that you only have 1 DC. Yes, I recommend doing that for your ESX hosts.
~coolsport00
~coolsport00
ASKER
i actaully have two dc's -- sorry i might of been clear and mis wrote. Both are virtual
To clarify you would make esx point to the internal dc or external time source (which)
To clarify you would make esx point to the internal dc or external time source (which)
Oh...thought you had 1. Yes, point to the internal. If it goes down...your other DC would 'take over' time sync until you get your primary back online.
~coolsport00
~coolsport00
http://www.petri.co.il/domain-controller-virtualization-options.htm
:)
~coolsport00