Solved

Hyper-V host member of its VMs-domain?

Posted on 2014-02-11
4
2,616 Views
Last Modified: 2014-11-12
Hi,

I'm planning a new domain (40 Users) and need advice what's the best way:

My plan:

- one physical Hyper-V Server2012  that hosts the Virtual Machines

- and a second physical host to which the first Hyper-V replicates its VMs.

There will be about 4 Virtual machines.

My question:

should those 2 hosts be a member of the internal domain?

Or should I create a new domain just for the 2 Hyper-V hosts?


I want those hosts to be in the same domain because I did not accomplish a replication of VMs between 2 hosts that are not in the same domain. (always getting certificate/FQDN errors)(I tried that before at home, no luck).
If they are in the same domain they can use kerberos.


(And of course I know that VM-Replication is no replacement for backup, all VMs are backed up to a external LTO-5 drive)

regards

lennox


btw: there is no "Hyper-V" topic in the "Select Topics" list, am I right?
0
Comment
Question by:lenn0x
4 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
Comment Utility
The best practice is to put the Hyper-V hosts in a dedicated domain but also, they could be member of the internal domain, the one where your management PC resides – that will make the management of the servers easier. The only condition is to keep at least one domain controller out of them, preferably on a physical server.
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
Comment Utility
If the DC(s) will all be running on one host then you really should leave it as a workgroup and not join it to the domain. Heck, I'm not even sure how you'd create a second domain "just" for the hosts without also running ADDS on the host, which will kill the 1+x licensing benefits and also breaks best practices of running Hyper-V alone. And if you create a new DC as a VM just for the hosts, well, you are back to the problem above where the host is dependent on a guest for domain authentication, etc. There is no difference between a separate domain for the hosts or just joining the hosts to the domain of the other VMs if the DC is a guest on that host. No benefit.

You really have three options.

Run multiple *live* (not just replicating) Hyper-V servers and have a DC VM on each so that a DC is available in case of a hardware failure on one hyper-v server. Then you can join the host to the domain just fine.

Run a physical DC alone. Something like an HP Microserver can hold this role. This is really a variation on the theme above where a DC remains available to the host. And again,  you wouldn't want the physical machine to be the only DC. A VM could step in for redundancy.

Or, suffer through getting replication working with certificates. It *can* work with both machines in a workgroup. It isn't easy. But once set up, it is pretty bullet-proof. And where you can't extend out your environment to meet either of the first two options, sometimes it is the only way to go, even with the pain.

-Cliff
0
 
LVL 38

Expert Comment

by:Philip Elder
Comment Utility
I second Cliff.

We've been in enough harrowing situations where someone had joined the host to the domain, the DC was offline, and because authentication was not available we were not able to make any changes.

HVRemote by John Howard is the best tool for the job with excellent instructions provided to set up RSAT management of the workgroup host via a domain Windows desktop OS: http://bit.ly/13pOYph

When we have two Hyper-V hosts we run one DC on each host and then we join the hosts to the domain.

Besides AD redundancy we also set up DHCP Failover (2012+) on both DCs.

If you have one file services VM that would serve well to be replicated. Just be careful with database driven apps.

Philip
0
 
LVL 1

Author Comment

by:lenn0x
Comment Utility
Thank you!

Ok, good points.

I will try again to get replication working with certificates.

Thanks,

Lennox
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now