Hyper-V cluster with a domain controller

taverny
taverny used Ask the Experts™
on
Hi Experts,
I am setting up a virtual environment that will take over my current environment.
I have
1 server with DNS , AD, DHCP and Exchange , ... file server
1 server with SQL
1 server RDP
1 server Sharepoint.
all are 2003 servers.

I ordered 2 server Dell R620 with switches dedicated for iSCSI traffic and a storage MD 3200i.

I am planning on installing Win2008 R2 sp1 on the 2 hosts with Hyper-v and failover clustering, then I will install VM on each one of those servers
 
I have 3 questions related:
1- Do I need to have my 2 servers join the domain before installing Hyper-v and cluster?
2- Do they need to be part of the domain?
3- If they need to be part of the domain and I make them join the domain, Can my domain controller be a VM , would it cause some issue if I turn the cluster on after a power loss and the domain server is not available when they are powered on( since the AD will be part of a VM )?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1+2: Failover clustering feature requires that your servers be joined to a domain before you can install it.

3. Yes, it is highly recommended that your DC be a VM to aid in disaster recovery, primarily the ability to take snapshots. You can configure Hyper-V to automatically start a VM in the event of a restart or shutdown.

Author

Commented:
Thanks for your prompt response.

so if I understand correctly I will make those 2 servers join the domain ( my currently 2003 physical server) then I install the roles hyper-v and cluster after that , then I can install a vm that will be a 2008 domain controller and then I can retire my 2003 server.

And if I shut down the 2 cluster servers and reboot both of them , they won't have any issue starting my vm before the domain is accessible?

Microsoft recommends to make them part of the domain , but after reading the following post I got a little scared about doing that:
http://social.technet.microsoft.com/wiki/contents/articles/hyper-v-and-failover-cluster-domain-requirements.aspx
Here's my recommendation.

1. Join one of your hosts to the domain
2. Install the Hyper-V role
3. Create a VM on your host and join it to the domain and DCPROMO
4. Join the other host to the domain
5. Install the Hyper-V role
6. Create a VM on your host and join it to the domain and DCPROMO

I wouldn't get into the weeds clustering your DCs. There is some degree of fault tolerance built in with multiple DCs. They are all peers.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

bbaoIT Consultant
Commented:
1. YES
2. YES
3. No recommended.

FYI - Understanding Requirements for Failover Clusters
http://technet.microsoft.com/en-us/library/cc771404.aspx

Author

Commented:
Thanks,
i am sorry english is my second language so what you are saying is I should not install clustering?
I know the setup of a cluster hyper-v environment is beyond this post and that is why I am not asking how to do it here; but I would like to understand what would be the best scenario on converting the entire environment that I have on those 2 new servers ( just to let you know I have less than 100 clients in my environment)

you recommend me to install 2 vm on each server and have them to be DC?
If you are doing it just for you DCs, then no.

For something like SQL servers, I would configure clustering.

Yes, stand up 1 virtual DC on each host.

Author

Commented:
Thanks bbao for your reponse , my previous response was for Motnahp00.

bbao , so you don't recommend to install DC on a VM?
I'm interested in hearing bbao's response too.

Author

Commented:
I think I opened a can of woms, well I do have SQL .
I was planning on setup (split between the 2 servers) :
1 VM for DC , DHCP and DNS,
1 VM for SQL
1 VM for Sharepoint
1 VM for SCE
1 VM for Exchange
I would add the DHCP role to your DCs since they are supposed to be highly available with an 80/20 or 50/50 split.

As for SharePoint and Exchange, I cannot advise you here since that is not my specialty.
IT Consultant
Commented:
> bbao , so you don't recommend to install DC on a VM?

for enterprise environment, it is correct. as the whole cluster is dependent on the DCs, any failure or improper configuration of the cluster may cause the AD collapsed, though the DCs are fault-tolerant on each node of the cluster.

Author

Commented:
Well, apparently it's not clear if I should or not put my Domain controller inside hyper-V , or I should say it could be risky.
from what I red online the risk of loosing everything seems to be an issue on a forest with multiple domain all over the country , I just want to state that I have a very small company with less than 100 users so I don't knkow if this kind of issue applies to me.

I also found that building a cluster environment requires that the hosts join the domain.

It seems that we are getting into a loop that one service needs the other services that needs the first one.


In the following links: http://ramazancan.wordpress.com/2011/07/15/running-domain-controller-on-top-of-hyper-v-and-failover-cluster/

it says:

In Failover Cluster environments it is a “best practice” and recommended to have at least 1 physical/virtual DC available which is outside of the cluster environment as cluster service does require DC communication before starting cluster service (VCO/CNO).




Let's try to figure out what will be the best practice for my environment with the help of your expertise:

Choice #1: I do not build a failover cluster - if I don't do a failover cluster my host can reboot with no issues and I can launch my VMs.

Choice #2: I do build a failover cluster with the 2 hosts and still install DC has one of a VM

Choice #3: I do build a failover cluster with the 2 hosts and still install DC has one of a VM and also install a secondary (redundancy) DC on a small physical server.

Choice #4 I do build a failover cluster with the 2 hosts and I also put my 2hosts as DC

now I think I covered the 4 options possible unless that there is more that I am not aware.

if I go with option #1 ,  now I don't have failover so if one of my server crash how hard it is to launch those VMs from the fail server to the other machine until the other server becomes operational. ( I am not concern of HA, I don't mind if we are down for 30 min to resolve the issue)

If I go with option#2, what happens if I shut down everything gracefully or ungracefully , then I restart both of my host of the cluster, will it let me log into the host , will it let the services launch all the VMs of course starting with the DC , or it will not do anything because it can't reach the DC?

If I go with option#3, can I have a very basic computer that will have windows server 2003 on it and setup the role DC for a backup system?

If I go with option#4 , can a cluster be also a DC or it is not recommended because ...?

Thanks in advance for guiding me.

Author

Commented:
here is another post that I found interresting:
http://support.microsoft.com/kb/888794/en-us and this is what it says in there:


Note: Always have at least one DC that is on physical hardware so that failover clusters and other infrastructure can start. When you host domain controllers on virtual machines that are managed by Windows Server 2008 R2 or by Hyper-V Server 2008 R2, we recommend that you store the virtual machine files on cluster disks that are not configured as Cluster Shared Volumes (CSV) disks. This allows for easier recovery in specific failure situations. If there is a site failure or a problem that causes the whole cluster to crash and the DC on physical hardware is not available, storing the virtual machine files on a non-CSV cluster disk should enable the cluster to start. In this situation, the disks that are required by the virtual machine can be brought online. This will let you start the virtual machine that hosts the domain controller. Then, you can bring CSV disks online and start other nodes. This process is required only if there are no other domain controllers available at the time that the cluster is started.

Author

Commented:
Monaph00, on a previous post you stated to install a vm on each host and do a dcpromo for each one. I assume it was before clustering , also are you saying to install those 2 vm locally on the servers not on the MD3200i storage array ?

I think I spent most of my day reading about posts and blogs. So cluster makes more and more sence to me but still I would prefer to have experts guiding me in the correct configuration.
Thanks
My servers have 2 HDs mirrored for the OS and 4 HDs configured in a RAID 5 to hold data (the VMs). If you have a SAN solution feel free to create an iSCSI target and place your VMs on it.

As the software clustering feature in W2K8R2, I am not using it in any environment.

Author

Commented:
So if one of your server fail how do you recover your vms on the other one?
Commented:
Well, I know it's an old post but wanted to update what I did so far.
I setup my 2 servers with my SAN and join them to my 2003 domain. Then I set them up as Cluster and Hyper-V and also created my first VM that has only a small software installed on it.
I shutdown one server and the vm got transfered automatically to the next one.

I tried to disconnect the network wire where my DC can be reach from those 2 clustered servers and rebooted the server, and unfortunately the cluster didn't came back online and I couldn't start the VM as well; so that shows me that if the cluster can't reach the DC then the cluster can't reboot in case of a power failure. So I guess having the DC on a VM will not do good unless I have a physical machine seating outside of the hyper-v and and operational for my Clustered Hyper-V to restart in case I need to shutdown both of them.

Any thought on that? or work around to only have hyper-V clustered and A VM DC?
Thanks

Author

Commented:
I decided to create a VM for my DC and I also let 2 physical machine as DC so if everything goes down my cluster can reboot by contacting a DC.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial