Servers to virtualize - is it worth Virtualizing DC's?

Hello,

I currently have 8 servers in production (we are 75 employees) and I am considering virtualizing our entire infrastructure using VMWare's ESXi server to host the Virtual Servers.

The following servers are used in production:

1. Domain Controller 1 (Windows 2003)
2. Domain Controller 2 (Windows 2003)
3. Front End Exchange 2003 server (and mail anti Virus program), (windows 2003)
4. Back End Exchange server 2003 (windows 2003 server)
5. File server (Windows 2003)
6. Blackberry Enterprise server (Windows 2003)
7. ISA server 2006 (Windows 2003)
8. Anitvirus console and management for Workstations / Servers, Microsoft Deployment Server

We are only 75 employees. Exchange is accessed using cached mode and .ost files.

Is there any reason not to virtualize all these servers? Initially I was thinking of virtualizing all servers except back end exchange server and ISA server, but after reading user comments I am unsure.

I also do not understand why techies recommend not virtualizing DC's. Can someone explain why I should not virtualize my DC's?

I should also not that are company servers are approaching their 5th year of use and will scheduled to be replaced in some capacity (either as virtualization or physical box).

Any comments and recommendations would be appreciated.

Thanks,

Mark
LVL 1
mbudmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
I'd say go virtual on some of them

Some good activedir archives to check out previous discussions on virtualization
http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/38204/view/topic/Default.aspx
http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/40024/view/topic/Default.aspx 

Running virtual DCs is supported but watch out for the issues described in those threads (time being a big one with virtual DCs)

We just went through P2Vs where I am with DCs and we used the offline/cold clone method using VMware converter and it worked fine.  We did run into 13559 FRS events (easily fixed).  On the next set I'm going to use VolumeID to change the volume ID to match the original disk.

Our back end has good redundancy and our data centers are 2,000 miles apart so we are also not in danger of losing all of our DCs with a single SAN failure or a single host failure.
With a small office like yours you may not have the redudancy on the back end so I'd keep one of the DCs as physical (don't put all your eggs in one basket)

So far we have not noticed any performance issues

The DS team wrote a good blog series that may help you too

http://blogs.technet.com/b/askds/archive/2010/06/10/how-to-virtualize-active-directory-domain-controllers-part-1.aspx 

http://blogs.technet.com/b/askds/archive/2010/06/15/how-to-virtualize-active-directory-domain-controllers-part-2.aspx 
 

Thanks

Mike
0
TolomirAdministratorCommented:
Vmware and other virtualisation tools are made for servers that don't have a high workload. Like ftp servers, webservers etc.

On the contrary windows SBS servers, database servers etc. should only be virtualized if you want to get rid of all of your physical servers. This is because such a powerserver has a high demand on resource.

Also keep in mind that if the physical vmware sever has some issues more than one virtual server (even with HA)  is affected. We got such an issue right now, our SAN had some problems (little free diskspace left, we are about to identify the problem...) Resulting in a downtime for about 10 servers longer than 3 hours... (we got about 300 altogether, mostly webservers though)

If we had them running as physical servers with direct attached store, for sure fewer servers (if any) would be affected. On the other hand, patching is much more easy right now. You create a snapshot of the virtual server, apply the patch and if it breaks your server, you simply revert to that snapshot. So I will not miss virtualization.

--
Another thing - check your software licenses, OEM licenses cannot be transferred to a virtual server. Also keep in mind that if you buildup a cluster with HA (high availability) support you have to buy windows licenses for each physical server they possible can run on.  See http://www.microsoft.com/licensing/about-licensing/virtualization.aspx  and the license calculator http://www.microsoft.com/windowsserver2008/en/us/hyperv-calculators.aspx

Tolomir
0
Mike KlineCommented:
Virtualization can be used for high workloads,  definitely need to monitor your disk space :)
Make sure you don't have any lingering snapshots.
Thanks
Mike
 
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

CGretskiCommented:
Be careful with DCs

If all your DCs are virtual what happens if they're stopped on the VM host - you could lose the ability to authenticate to the VM host to log in and start them.
0
Mike KlineCommented:
That is why in his case I suggested having at least one physical.  In the case where I am we have the spread over 16 hosts in the data center here on the east coast and another similar datacenter west of the Mississippi.
...you would generally have more than one host though.
 
Thanks
Mike
0
mbudmanAuthor Commented:
My initial idea is to have two host servers, and split the virtual machines amongst each one. This way, if one fails, then the vm's could easily be imported into the other.

Thanks,

Mark
0
Mike KlineCommented:
Good plan Mark...shared storage too (NFS/ISCSI/Fibre Channel)  
...thanks to my coworker Jonathan  for the assist on this question :)
0
mbudmanAuthor Commented:
Mike,

Just so I can make an efficient infrastructure, are you suggesting one shared storage for both Host servers? (altough each server would connect to its own dedicated partition).

Would that not cause a problem if you lose the SAN or if it fails?

Cuurently, in my test environment, I connect to a SAN and use iSCSI.

Thanks,

Mark

0
Mike KlineCommented:
Yes the hosts connected to the shared storage
There should be built in redudancy features in the SAN infrastructure...but yes if a bomb went off (worst case) and you lost the entire SAN then you are down; but with the SAN that is the only way you get the HA capabilities, and Distributed Resource Scheduler (DRS).   If you are concerned about storage redudancy you can setup Continuous Data Protection (CDP) between two SANS...probably overkill for your small enviornment but it gives you more redudancy.
Thanks
Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TolomirAdministratorCommented:
As addon worth a try:

Veeam Backup & Replication for VMware
http://www.veeam.com/vmware-esx-backup.html

Should help in one of those bomb-went-off-cases...

---

You should also keep in mind that one physical vmware server should be able (after business hours) to host all virtual machines for patching and general maintenance of the other server.
A server in maintenance mode is not able (naturally) to host any virtual machine...



0
mbudmanAuthor Commented:
Hi Mike,

I am not an expert at all with SAN. Can you explain how you mean that a SAN provides HA capabilities and what DRS is?

My company has 2 SANs - one that is a simple one that runs iSCSI to connect to it and has it's own O/S (Windows 2003 server 64, one controller, multiple NICS, which I manage) and a second one belonging to Dev dept (which I cannot touch), Dell PowerVault MD300i which has two controllers, two management ports and 2 NICs per controller. I see the differences in the physical make up and features between the two, but outside of providing RAID (and a second controller in one) I do not see the HA capabilities.

Thanks,

Mark
0
Mike KlineCommented:
The high availability (HA) and DRS are part of VMWare, you will be able to take advantage of them with your two hosts and shared storage.  Good overview

http://www.vmware.com/files/pdf/VMwareHA_twp.pdf

Thanks
Mike
0
justadadCommented:
If you use 1 shared storage I would still put 1 of your DC's on another storage...ie local drive inside your VMWare server.  While fully redundant you could still lose the shared storage and losing your AD just would not be fun. I have virtualized our entire set with 1 Host handling 80% of the servers and the other host handling the second DC and two lightly used Linux boxes. Host 1 is ESXi 4.1. Host 2 is a Windows server with VMWare Server.  Host 2 may be replaced by another 32bit host running ESXi 3.5 to save a windows license.

We have one more Physical Windows which does monitoring and Windows data backups.
0
Vaseem MohammedCommented:
Check out this video

Best Practice for Successfully Virtualizing Active Directory
http://www.fileserve.com/file/uDpKhBE/Best_Practice_for_Successfully_Virtualizing_Active_Directory.rar

Hope this will clear some of the known issues that people discuss on virtualizing AD.
0
mbudmanAuthor Commented:
Wasim,

I get an error when accessing the link. It does not seem to work. Please assist.

Thanks,

Mark
0
Vaseem MohammedCommented:
I think fileserve is having some problem today, even i am not able to browse through my control panel.
Anyways, download it from hotfile
http://hotfile.com/dl/50849607/45dd726/Best_Practice_for_Successfully_Virtualizing_Active_Directory.rar
0
mbudmanAuthor Commented:
Thank you for your assistance.

Cheers,

Mark
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.