Suggest Virtualization scenario for Windows Server 2012

bigbangtech used Ask the Experts™
I've inherited a server running windows 2003 server enterprise, with a domain setup, but over the years, all the clients and replacement clients stopped using domain authentication and just use simple file share.

8 local w10 clients access a simple shared folder of scans on the server.
3 local w10 clients login to the server using TS to access quickbooks, a title companny application (magram TACS), and redvision
4 remote clients login to the server using TS to access a title companny application (magram TACS), and redvision

We need to replace the server with newer hardware, bring all the clients into AD for security and group policy management, and lock everything down. A few more clients will be using TS to access applications on the server in the near future.

I've had little experience with virtualization besides experimentation.

Looking at Windows Server 2012 R2 Standard, it has 2 vm's initially available on teh base license

I am curious as to how people normally virtualize small setups like ours, or theirs, basically, the question is, virtualize what, and keep what on the physical server?

Keep the physical server as the domain controller, then run 1 hyper-v VM to server for RDS access to apps/file server?

Or run the DC in one VM, and RDS/file server in another VM?

What about running a secondary DC on a retired box?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

We usually start with Domain Controllers (at least 2), as Domain Controllers and no other roles, and then a File and Printer Server, and RDS server if required.

As for your old server, it really depends in it's age, and whether it can support a modern operating system, and does it have resilient hardware, e.g. dual power supplies, RAID controller, and disks.
Philip ElderTechnical Architect - HA/Compute/Storage

I have an EE article that may help: Some Hyper-V Hardware and Software Best Practices.

Host is Hyper-V only.

If hosting client's environments SPLA (Service Provider Licensing Agreement) is required.

For a 10 client setup with four VMs:
+ DC
+ Exchange
+ LoB (files, print, QBs/Sage Db manager, WSUS, ETC)

1U server with:
+ E3-1270v5
+ 64GB ECC
+ Hardware RAID with 1GB non-volatile cache
+ (8) 300GB 10K SAS spindles (size accordingly) in RAID 6
+ (2) Intel i350-T4
++ (2) Ports Management (spanning two NICs)
++ (6) Ports dedicated vSwitch (spanning two NICs)

That should give you more than enough horsepower and IOPS to run the setup.


Most of the data that the file server serves to local users, belongs to the apps/users connected by RDS. Does it make sense to split the file/print server from the RDS server? Local clients rarely do heavy work on those files and no complex/lengthy print jobs.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Philip ElderTechnical Architect - HA/Compute/Storage

For the cost of the extra license it makes sense to split things up.

In a consolidated setting an update toasting the VM brings the client down.

In a role specific setting the client can usually keep working.
Technology and Business Process Advisor
Most Valuable Expert 2013
I virtualize ALL networks whenever possible.  The question that should be asked is why SHOULDN'T I virtualize, not why should I.  There are a FEW instances where you can't but MOST situations can be.

Think about what virtualization gives you... TWO server installs on the same hardware.  DR flexibility using Hyper-V Replica and/or (assuming the disks don't die) the ability to literally move the server to a laptop for a time if the main server fails.  The ability to export the VMs and subsequently test things as necessary - including, for example, new versions of the title management software.

As for config, If MOST data is used on the RDS server then PERHAPS you could leave it on the RDS server.  I'd still shy away from that - you might have to reboot the RDS server occasionally and less frequently the DC/File Server... if ANYONE is storing files who is not on the network, then you COULD be introducing a problem for them by not separating RDS and file server roles.

Lots of people talk about ensuring you have two DCs... I USED to be one of them.  BUT, if you don't understand AD backup and ESPECIALLY AD Restore, then just make sure you backup your servers and don't bother with a second DC.  As a matter of practice, export the VMs once per month to an external disk and then perform regular OTHER backups (and test the exported VMs on a Win10/Win8 system with Hyper-V role to ensure they work) and you'll have a perfectly usable backup of AD for a small environment.

If you DO understand AD backup and restore, then fine, have a second DC.  Just make sure the old hardware can handle that as previously suggested.

When configuring the VMs DO NOT go crazy with CPU allocation.  I'd START with 2 vCPU per VM and increase if needed (assuming you have at least a 4 core server).  You can have bad performance issues if you overprovision CPUs on a given VM.  (Google virtualization over provisioning penalty)

And as Philip says, the host can ONLY run Hyper-V, not a DC, not DNS, not DHCP, not file sharing - ONLY Hyper-V role.


At the current time, we will run 1 VM as the domain controller (with good backup practices), and 1VM as the server for files and any users that need to remotely access title software.

It's a big jump between 2003 and 2012, so I am unfamiliar with all of the TS/RDS options available in 2012 R2 Standard. Which would be a good TS/RDS option for at most 6 users remotely logging in to access one title application on the server?


Also, wouldn't RAID6 give a bigger write penalty compared to RAID5 since each there are two parity stripes on each drive?
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

RAID 5 is deemed no longer suitable for enterprise requirements, as it can only tolerate 1 disk failure!

It also depends on your workload.

You can calculate the theoretical IOPS of a RAID6 versus RAID 5 datastore, depends, what fault tolerance you desire.

There is a write performance advantage with RAID 5, but the penalty is, if you lose more than 1 disk, your RAID set is broken.
Philip ElderTechnical Architect - HA/Compute/Storage

We run a minimum of eight 10K SAS disks. Throughput averages about 800MB/Second and IOPS average about 250-400 per disk depending on how the stack is formatted.

We have no issues with RAID 6.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial