?
Solved

VM topology - How many VMs do I need?

Posted on 2012-09-14
11
Medium Priority
?
995 Views
Last Modified: 2012-09-14
To what level is it best to separate servers between different VMs? Our physical environment was a single Windows server, but now that we have migrataed it to VMWare we going to begin using Sharepoint server. Should everything be split between differnet VMs (ie. Domain Controller, SQL, Sharepoint, Exchange) or should we still keep some services on the same (virtual) server?

Thanks.
0
Comment
Question by:jostick
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 2

Assisted Solution

by:WotanAU
WotanAU earned 800 total points
ID: 38397966
Not taking into account licensing, it is often best to separate your servers into roles. It allows for the most effective and efficient management. Obviously not doubling up can increase your server licensing costs, so it is acceptable to group similar tasks together eg Utility server (Monitoring/DHCP, AD/DNS/DHCP) etc.

Larger roles should ideally be separated out, especially Terminal Services if you are using it. Security and managbility are big advantages of that approach.
0
 

Author Comment

by:jostick
ID: 38397974
We chose Server Datacentre to avoid licensing limitations in the future. I'm thinking:

Domain Controller (DHCP, DNS, AD etc)
SQL
Exchange
Project Server
Sharepoint Server

Any reaon not to go with this? Are there perfomance issues if roles are on different hosts (albeit virtual)?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 38397976
I always try to follow the one server one role (or at least associated roles) approach.

When you virtualise, if you buy a Windows Server Enterprise license and it's a supported hypervisor (which VMware is) then you can actually use that single license for four virtual instances. Just Google Microsoft virtualisation licensing.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 26

Assisted Solution

by:Tony J
Tony J earned 400 total points
ID: 38397982
Just seen your post. Good choice on datacenter licensing.

There are performance considerations when you virtualise of course - you are running multiple instances on a single host BUT this is mitigated by the fact that it is very rare for a single server role to utilise anything like 100% of the resources of hardware. The only potential bottlenecks I see there could be SQL and/or Exchange depending on their sizes
0
 
LVL 26

Expert Comment

by:Tony J
ID: 38397986
By the way - be careful with licensing SQL in a virtual environment. You have to license it for every potential CPU (or core - can't remember off-hand) that it could possibly be hosted on and that rapidly makes it expensive in a multi-host virtual environment.
0
 
LVL 125

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 400 total points
ID: 38397987
depends on your licensing, for each Microsoft VM, you may require additional Licenses for your OS, but also be careful of server sprawl.

Having specific services on specific VMs, makes patching easier, as it does not effect all services on your network.

So, as for roles...simple quick for your question

1. Sharepoint Server
2. SQL Server (for Sharepoint use)
3. Exchange Server.
4. DC1 (DNS & DHCP)
5. DC2 (DNS)
0
 
LVL 2

Assisted Solution

by:WotanAU
WotanAU earned 800 total points
ID: 38398012
Your layout looks good. That is pretty much how I would do it. VMware is pretty good at sharing resources. Performance is going to be at its best if you split your servers into roles. It means that VMware will be making the calls as to what server gets the most resources, and that means that it will be easy to manage from the VMware console. In that situation I imagine most of your servers will sit idle and won't consume much resources. Your SQL and Exchange will likely be your workhorses and end up with most of the resources. If you are worried about resourcing, you can specify maximum resource allocations so that they don't potentially swamp your ESX hosts.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 400 total points
ID: 38398046
Unless you are using an SBS server, where things except SQL and Terminal Services run on the same server, you should make sure that SQL server, Exchange Server and Terminal Server never run on a DC. I don't know about sharepoint.

Also, as has been mentioned above, SQL and Exchange both need high resources, so it makes sense to put those on different VM's. This means that you will need at least 3VM's for your setup. I'd add an additional DC, if possible on a different Host than your original DC, for AD replication.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38398162
I most certainly agree with all what has been said by the above experts.

I would like to add the reasons behind not adding roles other than DNS and DHCP to a domain controller:

Domain controllers, by default, have security configurations higher than other member servers. In many cases this wouldn't be ideal for other roles like terminal services; and unless these security configurations are relaxed would cause an endless amount of errors that would take you 'ages' to troubleshoot. Moreover, it is strongly recommended not to tamper with security configurations on your DCs as they host all your critical domain components. Needless to say, hosting other roles where clients connect to with interactive sessions like terminal set vices or Sharepoint would raise security concerns.

Therefore, the factors to determine the number of VMs and how to split your roles should be availability of resources, licensing, performance, resilience and fault tolerance, security. Taking all of these into consideration should eventually help you in determining the number of VMs in your environment.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 38398170
And then of course there is supportability - in the event you ever have to raise a call with Microsoft, the moment you tell them your Exchange server is on a DC they won't help until the roles are split and at that point it could impossible to do this.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38398200
Of course!! :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question