Advice please: 2012 R2 Server, Need to run Active Directory, RDS, and File server on same physical server.


I will be configuring a server this week and I want to make sure that i set it up correctly. I have messed with Hyper-V a bit in the past, but i want to make sure I start this setup the correct way. As I understand it, on my new Dell Server with 2012 R2 Standard, I have a license that covers 1 physical installation, and 2 virtual servers.  After researching this setup, it appears that most advise to run only Hyper-V services on the physical installation, and running everything else in Hyper-V virtual servers.

The server is being setup for a small company that will have very basic needs.  I will be running DHCP, DNS, Active Directory, and will be doing file sharing on this server for a couple of programs (one SQL express based), and the other QuickBooks. The other service I will need to run is RDS for one remote user which I plan to do with the Remote App functionality. Can someone please advise how I should set this up so that I will maintain the best functionality overall?

Any help would be greatly appreciated!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
I'm just going to say it, NEVER install AD on a box that will be browsing the internet.
Steve WhitcherSystems AdministratorCommented:
Based on the parameters given, I would create one VM for AD, DNS, and dhcp.  A second VM would be your remoteapp server, and have any user applications installed on it.  The file shares could be created on the domain controller.  I assume your host won't be a domain member, since the only DC will be the VM, which won't be available when the host boots. . .

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
Two VMs. One running ADDS. The other running RDS. As those two roles should never coexist. The file services role could go on either VM. Putting it on the DC increases the threat footprint, but putting it on the RDS server has performance implications. Neither solution is ideal, and which way you go is a personal decision based on the uniqueness of your environment and risk and performance tolerances. There id no correct "do this" answer or even recommendation for that role.
Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
Best practice says that in a basic Hyper-V scenario you should have “at least”:

-      1 physical host for your Hyper-v management (I will suggest System Center 2012 R2 Virtual Machine Manager but I don’t know your budget :-) ) with a dedicated NIC for your VMs, another NIC for your (future) shared storage (if you decide to turn on HA features) and another NIC for exclusive management…

-      1 physical host containing your VMs with a Windows Server CORE VERSION (without the GUI) with RSAT tools enabled to reduce “Windows OS impact” to almost zero for your production environment (no restarts for windows updates, less hacking issues, and so on…).

Your management server could be a simple microserver with a discrete CPU/RAM amount…

Your Hyper-V node server instead has to be pushed up talking about Disk IOPs and RAIDs...

For example…I should setup 2 RAID 1 in which I will split up my VMs accordingly…a RAID 1 with fast SAS spindles for “mission critical” apps and another RAID 1 with less fast spindles for FILESERVER and other “less performance” VMs…remember always not to put all the eggs in the same basket :-)

I’m only assuming…

-      1 single VM for AD DS, DNS, DHCP to put inside your FAST SAS RAID (I would suggest to un-deploy DHCP as a Windows role, but to use instead your firewall infrastructure….this because usually it’s rare a firewall crash in comparison with a OS crash :-) ).

-      1 single VM for your FILESERVER (it’s a best practice to separate this role…..) to put inside your SLOW RAID.

-      1 single VM for your “quick deploy” RDS server to put inside your SLOW RAID  (by the way… access from the outside to your REMOTE APP infrastructure remember to buy a mandatory ssl certificate, otherwise you will really struggle with configuration!!)

-      1 single VM for your Veeam Backup Server :-) to put inside your FAST SAS RAID (I don’t know how you would protect your Hyper-V infrastructure from damages…)

Let me know your thoughts…obviously this is not the law…it’s only an opinion…

You may re-arrange this scenario according to your “physical budget” :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Virtual Server

From novice to tech pro — start learning today.