Friday, 19 July 2013

Some Thoughts on the Need for a Physical DC for Windows Server 2012 Hyper-V Clusters

Introduced in Windows Server 2012 was the ability to cold-boot a Hyper-V cluster without a DC present outside of the cluster setup.

One still needs Active Directory up and running _prior_ to standing up a new cluster in a greenfield deployment but that is pretty much the only “requirement” as far as DCs and clusters go.

The above KB tells us that we can make an exception in that greenfield setup to actually DCPromo _all_ of the nodes prior to standing up the cluster. Then we have our AD and are good to go so to speak.

We, however, prefer to have a standalone DC in place prior to running a greenfield cluster setup or introduce a new physical server box with Windows Server Standard that will be DCPromod into the existing domain and remain after the existing server systems are retired.

Why do we do this?

  • A separate/independent DC is needed for standing up a new cluster.
    • We don’t support the idea of running a DCPromo on all of the nodes in a new cluster and then backing them out afterwards.
  • DNS is absolutely critical when working on a cluster in a recovery/systems down situation.
    • No DNS can mean no RSAT management of the nodes.
  • AD can be needed for authentication purposes when making changes on the nodes.
    • We don’t log into the nodes very often. So, in a setting where domain admin credentials change on a somewhat regular basis we could be locked out.
  • Constrained Delegation for access to resources hosted elsewhere on the network can break without a live DC.
    • No access to that recovery ISO that we needed yesterday. :(
  • A physical DC is needed for high load VMs where timing gets skewed****.

For the cost of a small server and a Windows Server Standard license we can avoid so many headaches in the event that something goes wrong and we need to go into troubleshooting and recovery mode with our cluster.

Depending on the situation one can also build a fairly robust server configuration for that independent DC with a lot of storage. This is our preference where our cluster storage is fairly close to 100% utilized with dedicated LUNs for those VHD/VHDX files.

Then, if we run into a situation where an admin accidentally snapshots something and the VM goes Paused-Critical (previous blog post) we have some free storage to combine the AVHD and VHD files.

Keep in mind that we are talking about a two, three, or four node cluster running in a smaller setting where there may not be any other DCs present beyond the main office.

If there are branch offices with a local domain controller present one needs to carefully evaluate as to whether that standalone DC in the main office should be left out of the picture. Even in this type of situation we prefer to have an independent DC in the main office.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

No comments: