2010-06-20

Virtualization Domain Controllers - #2

I received a number of comments on my previous post and offline as well I want to clear up some things regarding the previous post.

I am not against virtualizing domain controllers - not at all. I am against trying to P2V a domain controller. It seems that was not clear enough from the last post. I do still advise that if your risk analysis - you should do that before virtualizing your domain controllers (or anything else for that matter) comes out that it is more cost effective to keep one Physical DC then do so. There are a number of reasons to go either way - it all depends on your environment and what you are willing to risk.

It will save you so much headache and anguish - if you would just promote a new clean VM to a Domain controller.

Now lets go into a a good reason (or two) why you should actually virtualize your domain controllers

  1. Domain Controllers do not need that many resources

    image 
    Of course there is a whole science behind this and a good amount planning guides out there - you can see that a domain controller does not need that many resources. It has relatively stable RAM usage (loading the AD database into RAM is mostly what it does) - CPU usage will depend on the authentication traffic - same with Network and Disk IO.
    The resource usage can be predicted very well - so you can plan the resources for such a Machine.
  2. You should have more than one - if you don't then you are not doing your job correctly. But that means if your one of your Domain controllers fail - because your ESX host failed - then you are still up and running - because you have another DC running (either on an ESX host or physical).
  3. Testing purposes. You need to prepare your AD Schema for the upgrade to Exchange 2010. Even though the schema extension is a Microsoft product, and has probably been tested countless amount of times with all levels of AD Domains. But of course every domain is different. And no matter how many times Microsoft have tested it - it has not been tested on my domain, in my environment, with my applications.
    So for this I would need to test the upgrade. So what better way to do it on a replica of my Production Environment.
    All I need need to do is to power off the DC, copy the VM to a closed lab environment, power them both back on, fix up a whole bunch of stuff to get it working in the lab without access to the outside world, and hey I have a full replica of my production domain that I can test.

So as you can see there are benefits to virtualizing your DC's - just a few of them above.

What other benefits would you add to the above list? I would appreciate your comments.