Make a VM server and host part of the domain?
Until recently, a client has had a single server that had the roles of PDC and file server. This supported the office staff of a homeowners' association for approximately 1500 homes. A 3rd party vendor provides the accounting software, the data of which is hosted on this server. Also, the homeowners can log into their own account through a web portal to make authorization and repair requests, and the data for these requests is integrated into the 3rd party financial software. There are 7 PCs on this domain, so it is not a big company.
Recently we migrated to a new server, 2019 Standard, set up as a host to 2 VMs using VMware. One VM is the DC and file server, and the other VM is hosting the software provided by the 3rd party vendor. My two questions are 1) Should I join the host and the 2nd VM to the same domain VM1 is on? I've researched and see conflicting opinions. Also, 2) should I make VM2 a BDC or is that not necessary? Thank you in advance for your assistance.
Recently we migrated to a new server, 2019 Standard, set up as a host to 2 VMs using VMware. One VM is the DC and file server, and the other VM is hosting the software provided by the 3rd party vendor. My two questions are 1) Should I join the host and the 2nd VM to the same domain VM1 is on? I've researched and see conflicting opinions. Also, 2) should I make VM2 a BDC or is that not necessary? Thank you in advance for your assistance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The best practice is having 2 DC for redundancy (I would go for it) and not running anything on them + having separate servers for services they provide. Under ideal conditions, you would have four servers in your situation - 2 DCs (ADDS, DNS, DHCP), one file server, and one application server. But this is not a large environment. If you don't have licenses for more virtual servers, I would choose one of these options:
Scenario 1:
VM1 - DC
VM2 - DC + file server + application server
Scenario 2:
VM1 - DC + file server
VM2 - DC + application server
Scenario 3 (in case you can have 3VMs):
VM1 - DC
VM2 - DC + file server
VM3 - application server
Scenario 1:
VM1 - DC
VM2 - DC + file server + application server
Scenario 2:
VM1 - DC + file server
VM2 - DC + application server
Scenario 3 (in case you can have 3VMs):
VM1 - DC
VM2 - DC + file server
VM3 - application server
Q1a) The virtualization host should not be part of the domain, cause it would create a cyclomatic dependency in your case.
Q1b) When the 3rd party software supports Windows authentication or needs to share files via shares, then yes.
Q2) The VM2 should only host the 3rd party software. In most cases DC/BDC should run only in its own VM. This allows better resource control on the additional virtualization layer. And backup and disaster recovery is much quicker. RTO for a DC only is faster then for DC+FileServer.
Q1b) When the 3rd party software supports Windows authentication or needs to share files via shares, then yes.
Q2) The VM2 should only host the 3rd party software. In most cases DC/BDC should run only in its own VM. This allows better resource control on the additional virtualization layer. And backup and disaster recovery is much quicker. RTO for a DC only is faster then for DC+FileServer.
For question 2, it's a matter of which recommendation should be given more weight; to have redundant DCs, or to not run additional applications on a DC. Personally in that small of an environment I come down on the latter side, so I would not recommend making VM2 a DC while it is also hosting the vendor software.
why build 2 dc's on a single host ?
if the host fails, there all gone.
if the host fails, there all gone.
ASKER
So I left the host off the domain, joined VM2 to the domain, have a single DC on VM1, and am still considering if I will put a DC on VM2. Thank you all for the help.
Though I appreciate the points, my comment was adding to Seth's good advice. He answered part of your question before my post and should get some credit.
I agree with most of what people have said here, but you can add the host to the domain. but before doing that I would make sure you have another DC outside of your VM host. if later on down the line you need high availability you would need the host on the domain to support hyper-v clustering for high Availability. As said one server with all VMs on is a single point of failure. As 1500 homes connect to this service I would really look at making it Highly available.
ASKER