Solved

Hyper-V host member of its VMs-domain?

Posted on 2014-02-11
4
2,777 Views
Last Modified: 2014-11-12
Hi,

I'm planning a new domain (40 Users) and need advice what's the best way:

My plan:

- one physical Hyper-V Server2012  that hosts the Virtual Machines

- and a second physical host to which the first Hyper-V replicates its VMs.

There will be about 4 Virtual machines.

My question:

should those 2 hosts be a member of the internal domain?

Or should I create a new domain just for the 2 Hyper-V hosts?


I want those hosts to be in the same domain because I did not accomplish a replication of VMs between 2 hosts that are not in the same domain. (always getting certificate/FQDN errors)(I tried that before at home, no luck).
If they are in the same domain they can use kerberos.


(And of course I know that VM-Replication is no replacement for backup, all VMs are backed up to a external LTO-5 drive)

regards

lennox


btw: there is no "Hyper-V" topic in the "Select Topics" list, am I right?
0
Comment
Question by:lenn0x
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 39851079
The best practice is to put the Hyper-V hosts in a dedicated domain but also, they could be member of the internal domain, the one where your management PC resides – that will make the management of the servers easier. The only condition is to keep at least one domain controller out of them, preferably on a physical server.
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39852038
If the DC(s) will all be running on one host then you really should leave it as a workgroup and not join it to the domain. Heck, I'm not even sure how you'd create a second domain "just" for the hosts without also running ADDS on the host, which will kill the 1+x licensing benefits and also breaks best practices of running Hyper-V alone. And if you create a new DC as a VM just for the hosts, well, you are back to the problem above where the host is dependent on a guest for domain authentication, etc. There is no difference between a separate domain for the hosts or just joining the hosts to the domain of the other VMs if the DC is a guest on that host. No benefit.

You really have three options.

Run multiple *live* (not just replicating) Hyper-V servers and have a DC VM on each so that a DC is available in case of a hardware failure on one hyper-v server. Then you can join the host to the domain just fine.

Run a physical DC alone. Something like an HP Microserver can hold this role. This is really a variation on the theme above where a DC remains available to the host. And again,  you wouldn't want the physical machine to be the only DC. A VM could step in for redundancy.

Or, suffer through getting replication working with certificates. It *can* work with both machines in a workgroup. It isn't easy. But once set up, it is pretty bullet-proof. And where you can't extend out your environment to meet either of the first two options, sometimes it is the only way to go, even with the pain.

-Cliff
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39852149
I second Cliff.

We've been in enough harrowing situations where someone had joined the host to the domain, the DC was offline, and because authentication was not available we were not able to make any changes.

HVRemote by John Howard is the best tool for the job with excellent instructions provided to set up RSAT management of the workgroup host via a domain Windows desktop OS: http://bit.ly/13pOYph

When we have two Hyper-V hosts we run one DC on each host and then we join the hosts to the domain.

Besides AD redundancy we also set up DHCP Failover (2012+) on both DCs.

If you have one file services VM that would serve well to be replicated. Just be careful with database driven apps.

Philip
0
 
LVL 1

Author Comment

by:lenn0x
ID: 39855631
Thank you!

Ok, good points.

I will try again to get replication working with certificates.

Thanks,

Lennox
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question