Solved

Hyper-V host member of its VMs-domain?

Posted on 2014-02-11
4
2,741 Views
Last Modified: 2014-11-12
Hi,

I'm planning a new domain (40 Users) and need advice what's the best way:

My plan:

- one physical Hyper-V Server2012  that hosts the Virtual Machines

- and a second physical host to which the first Hyper-V replicates its VMs.

There will be about 4 Virtual machines.

My question:

should those 2 hosts be a member of the internal domain?

Or should I create a new domain just for the 2 Hyper-V hosts?


I want those hosts to be in the same domain because I did not accomplish a replication of VMs between 2 hosts that are not in the same domain. (always getting certificate/FQDN errors)(I tried that before at home, no luck).
If they are in the same domain they can use kerberos.


(And of course I know that VM-Replication is no replacement for backup, all VMs are backed up to a external LTO-5 drive)

regards

lennox


btw: there is no "Hyper-V" topic in the "Select Topics" list, am I right?
0
Comment
Question by:lenn0x
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 39851079
The best practice is to put the Hyper-V hosts in a dedicated domain but also, they could be member of the internal domain, the one where your management PC resides – that will make the management of the servers easier. The only condition is to keep at least one domain controller out of them, preferably on a physical server.
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39852038
If the DC(s) will all be running on one host then you really should leave it as a workgroup and not join it to the domain. Heck, I'm not even sure how you'd create a second domain "just" for the hosts without also running ADDS on the host, which will kill the 1+x licensing benefits and also breaks best practices of running Hyper-V alone. And if you create a new DC as a VM just for the hosts, well, you are back to the problem above where the host is dependent on a guest for domain authentication, etc. There is no difference between a separate domain for the hosts or just joining the hosts to the domain of the other VMs if the DC is a guest on that host. No benefit.

You really have three options.

Run multiple *live* (not just replicating) Hyper-V servers and have a DC VM on each so that a DC is available in case of a hardware failure on one hyper-v server. Then you can join the host to the domain just fine.

Run a physical DC alone. Something like an HP Microserver can hold this role. This is really a variation on the theme above where a DC remains available to the host. And again,  you wouldn't want the physical machine to be the only DC. A VM could step in for redundancy.

Or, suffer through getting replication working with certificates. It *can* work with both machines in a workgroup. It isn't easy. But once set up, it is pretty bullet-proof. And where you can't extend out your environment to meet either of the first two options, sometimes it is the only way to go, even with the pain.

-Cliff
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39852149
I second Cliff.

We've been in enough harrowing situations where someone had joined the host to the domain, the DC was offline, and because authentication was not available we were not able to make any changes.

HVRemote by John Howard is the best tool for the job with excellent instructions provided to set up RSAT management of the workgroup host via a domain Windows desktop OS: http://bit.ly/13pOYph

When we have two Hyper-V hosts we run one DC on each host and then we join the hosts to the domain.

Besides AD redundancy we also set up DHCP Failover (2012+) on both DCs.

If you have one file services VM that would serve well to be replicated. Just be careful with database driven apps.

Philip
0
 
LVL 1

Author Comment

by:lenn0x
ID: 39855631
Thank you!

Ok, good points.

I will try again to get replication working with certificates.

Thanks,

Lennox
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question