cloud-ready operating system. During
deployment, one of the most important decisions an administrator must make is whether the organization should choose to use private cloud virtualization technology or continue to use physical servers.
Virtualizing servers provides many benefits to modern IT infrastructures. Some of these benefits are
• Specifics of physical hardware are abstracted from the guest operating system in a virtual
machine, which allows them to be more easily ported between virtualization hosts, such as Hyper-V®
in Windows Server 2012.
• Virtual machines can be moved within clusters, and across networks between clusters or stand-alone virtualization hosts.
• Recovering machines can be performed faster and more easily.
• Redundancy of virtual machines increases service levels. This can be performed regardless of whether the application supports it or not.
• Virtual machines can be scaled on demand.
• Virtual machines can use more resources during peak hours and conserve energy when they are not needed. However Servers deployed on physical hardware generally consume the same amount of electricity whether they are busy or not.
MCT USE ONL
Y. STUDENT USE PROHIBITED
Administering Windows Server® 2012 2-9
When considering whether to virtualize a domain controller or not, you must consider hardware requirements. Virtualization is very useful if you want scalable hardware. When you plan resource utilization on the host computer, remember that the host operating system requires some additional resources for running virtual machines, such as processing power, memory, network capacity, and disk space.
The following are additional considerations you should keep in mind when virtualizing domain controllers: • Time synchronization. A Windows-based AD DS domain infrastructure loosely relies on all
communicating machines being synchronized. When domain controllers and domain members have a time difference of more than five minutes, clients cannot log on or access resources on the network. To address this requirement, the Windows® operating system includes the Windows Time service,
Windows Time Service. This service ensures that the time synchronizes across the domain in the following manner:
o Domain members obtain the time from their domain controller.
o Domain controllers use the primary domain controller (PDC) emulator, an operations master role, from their own domain. Operations master roles will be covered in a later lesson.
o The PDC emulator of the forest root domain should be configured with an external time source, such as an Internet time provider based on an atomic clock, by using the Network Time Protocol. In virtualized environments, time synchronization is not as simple as on physical computers. The
virtualization engine throttles the use of the virtualization hosts’ CPUs and distributes cycles among the virtual machines as needed. The operating system clock relies on stable CPU cycles, which do not exist in virtual environments. By default, virtualization engines provide time-synchronization with the guest computers. When virtualization hosts do not participate in time synchronization, it is likely that the domain time and the virtualization host time will cease to be synchronized. When physical computers participate in time synchronization, virtual machines are synchronized to the time on the virtualization host. You must configure the virtualization host to participate in time synchronization or disable synchronization with the virtual domain controllers for time synchronization to work properly.
• Domain membership of the virtualization host. When you use Hyper-V as a virtualization host, you can configure whether or not the virtualization host is a member of the AD DS domain. If all domain controllers are virtualized on Hyper-V, the operating system of the virtualization host starts and attempts to connect to the domain before the domain controllers are available. You should have a Hyper-V infrastructure joined to the domain. Failover-clustered physical machines are dependent on AD DS because versions older than Windows Server 2012 are unable to start a cluster when the domain is not available. In this case, the virtual machines do not start when AD DS is not available. This can be solved by:
o Deploying multiple virtualization clusters or deploying a cluster and additional virtualization hosts. With this, you can ensure that there is not a single domain in which all domain controllers are running on a single virtualization cluster.
o Deploying a sufficient number of physical domain controllers per domain to allow for redundancy and to ensure that the virtualization cluster can start prior to the virtual domain controllers being available.
o Maintaining a distributed AD DS infrastructure. For example, when you have domain controllers for every domain available in branch offices or remote data centers, your virtualization hosts can use those domain controllers when they start.
• Single point of failure. AD DS domain controllers are the most important pieces of your infrastructure. If they fail, users cannot sign in, access resources or applications, and certain applications or services might not run as well as other applications or services.
MCT USE ONL
Y. STUDENT USE PROHIBITED
2-10 Maintaining Active Directory® Domain Services
When virtualizing domain controllers, it is very important to ensure that there is not a single point of failure for your domain controller AD DS infrastructure. Setting up all domain controllers as virtual machine nodes on the same virtualization cluster is considered a single point of failure. The same applies when you have an additional cluster with domain controllers in a separate data center that is connecting to a storage area network (SAN) which is replicating with the SAN in the first data center. Replicated SANs have been a single point of failure in some cases.
If domain controllers are distributed as mentioned in the domain membership section above, you must ensure that there is not a single point of failure. The following domain virtualization recommendations will prevent you from needing to perform a forest recovery if anything happens to your virtualization
infrastructure.
• Moving AD DS to the cloud. Setting up AD DS domain controllers into the Microsoft cloud platform can help avoid single points of failure. There are different ways this can be implemented that include the following:
o Backing up domain controllers in the cloud.
o Setting up at least one virtual domain controller per domain in the cloud.
o Replicating a domain controller’s virtual machine in the cloud by using Hyper-V Replica.