Thursday, 2 October 2014

Cluster: Why We Always Deploy a Physical DC in a Cluster Setting

A somewhat new feature with Windows Server was the ability to cold-boot a cluster after a full shutdown thus “eliminating the need for a physical DC” in a cluster setting.

While this feature is indeed there and does indeed work we have found that there are a number of very key reasons why we have taken up the practice of always having a physical DC in cluster deployments.

  • AD may be needed in the event of a cluster failure
  • DNS IS required in the event of a cluster failure
  • Physical DC is our time authority (Critical in a virtualized environment especially with high-load VMs where time skews)
  • Point of management in the event of a problem

The third point is probably the most important in the mix. Keeping time in a domain is absolutely critical. One cannot configure a time authority to continually poll NTP.ORG without receiving a Kiss-of-Death packet from the polled server.

So, we have a physical DC polling NTP.ORG at the standard interval and all domain members looking to it for time. Then, any VM that requires a much more frequent polling frequency can be configured to poll the DC without being shut down.

For obvious reasons if a VM’s time hits the five minute mark for variance it loses its ability to continue serving whatever services and/or LoBs that may be running on it to the domain.

We make sure to install an iDRAC Enterprise, HP iLO Advanced, or Intel RMM in that physical DC so that we can have out-of-band access to the server along with KVM over IP to manage from the “console”.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

No comments: