Solved

Virtualization

Posted on 2010-11-17
4
647 Views
Last Modified: 2012-05-10
Hello,

I recently reviewed the VMware  video file , “Best Practices for virtualizing Active directory”, presented by Chris Skinner of VMware  at  VMworld in February 2009. It is remarkable presentation and extremely informative.

Since this presentation was made, ESXi has changed and the products that work with it are also different.
I have some  questions concerning virtualizing Domain Controllers and in particular backups (for recovery and / or Disaster recovery).

I run a small environment for 70 users and there are 7 Physical Servers (Windows 2003 Server is the O/S):

2 x domain controllers
1 file server
1 Firewall server (ISA 2006)
1 Front End Exchange Server (Exchange 2003)
1 Backend Exchange server (Exchange 2003)
1 application servers (Blackberry Enterprise Server, which has SQL installed)

I would like to virtualize all servers (I have done so in a test environment) using ESXi 4.1 along with the license for vSphere Essentials Plus (which is perfect for our environment), using two ESxi servers connected to a SAN and employing HA. My goal would be to virtualize all servers. do not want to keep (if it is recommended) any of the current servers. I would implement 2 ESXi servers connected to a SAN.
In my test Virtual environment, for the ESXi server ,  in terms of backup, I would like to use Symantec Backup Exec 2010, with all the necessary agents – SQL, Exchange, Active directory, and the VMware agent (which interfaces with the VCB for backup) as I am using this software to currently backup my physical machines (and it seems to work well).
Regarding the ESXi server and VM Server image backups,  I spoke with my technical contact at Symantec concerning the VMware agent. He explained that this agent will allow full backups of each server image as well as differential backups as long as the appropriate agents are installed (which I have installed). It can also perform granular restore (i.e. restore  individual files). I would schedule a full backup once per week and a differential backup for the remaining 6 days.

In the presentation, Mr. Skinner explains Disaster Recovery best practices for Domain controllers and identiifes several issues to be aware of. If I understand correctly, it is mentioned not to recover from a backup copy of an old virtual disk.  

In my environment,  if I need to restore a DC, and if I do not have to go to offsite storage, then I would (in theory) be able to restore to an image that is no more than 24 hours old. So I have the following questions:

1. Is it necessary to perform system state backups if I have a complete virtual image of the DC backed up?

2. Would there be issues of update sequence number and issues when referencing USN (or USN out of sync)?

3. For non-authoritative Restore of a DC, would it not be sufficient to use the DC image that is 24 hours old?  Would it still replicate with the other DC (I have two DC’s, and only had to restore 1) ? Would it be better just to build a server from scratch , and then DCPromo it since I have one good DC?

4. If I had to perform an Authoritative restore of the DC, could I not restore the VM of the DC, boot into Directory Services Restore Mode,  run ntdsutil and follow the steps for an authoritative restore? Would it coomunicate properly with the second DC?

I just completed the initial training for vSphere 4.1, install, configure, and manage. I found it to be excellent.

Any information or recommendations that you could provide would be appreciated.

Best Regards,

Mark
0
Comment
Question by:mbudman
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 34154868
1.   Yes, do not restore from images, it is not a valid form of recovery and you can run into issues USN roll back issues.  Either system state or have multiple DCs and if one goes down you just wipe it and build a new one and promote

3.  Yes build from scratch

4.  The steps are the same for an auth restore but don't use an image

Some other things.  

Look at this question I was a part of.  We debated a lot of this there and I don't want to type it all again   http://www.experts-exchange.com/Software/VMWare/Q_26571188.html

Dean Wells from the Microsoft AD team just gave a great presentation at Tech Ed Europe last week on cloning and virutalization   http://www.msteched.com/2010/Europe/SIA320

Thanks

Mike
0
 
LVL 22

Expert Comment

by:Luciano Patrão
ID: 34155177
Hi

Well last moth I needed to restore 2 DCs from a costumer. Using Veeam Backup and Replication.

The backup was 3 days old, and I restore both DCs with no issues. This was the only two DCs in the AD.

The only problem with this restore with 3 days old, was that if some workstations have added to the domain, needed to be removed, and added again. Or any user that may change the password between that 3 days of the backup.

Besides this I have seen no issues with the restore.

Jail
0
 
LVL 22

Assisted Solution

by:Luciano Patrão
Luciano Patrão earned 250 total points
ID: 34155239
Hi

Here is some good articles about Virtualizing Active Directory

http://blogs.technet.com/b/askds/archive/2010/06/10/how-to-virtualize-active-directory-domain-controllers-part-1.aspx

http://www.windowsitpro.com/article/active-directory/Virtualizing-Active-Directory.aspx

There is s very good book about this(I have boughed and is very good and with very good examples for AD, Exchange, SQL, SharePoint, etc.), "Virtualizing Microsoft Tier 1 Applications with VMware vSphere 4"

Jail
0
 
LVL 1

Author Closing Comment

by:mbudman
ID: 34293179
Thank you for the information. The comments and advice are excellent.

Best,

Mark
0

Join & Write a Comment

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now