Is a C2758 enough for an enterprise Windows DC?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
smithse79

smithse79

Active Member
Sep 17, 2014
205
39
28
44
So, it's almost time to replace our infrastructure hardware at work and I want to propose to my boss a new way of getting our hardware. I've made significant changes to the use of our hardware since our last refresh and frankly our current hardware is not being used very efficiently. One way I think we need to change is in our physical domain controller. He has, since the last refresh, basically handed all of our Windows stuff over to me so management of it all is my responsibility. I am a firm believer of virtualizing what you can but ALWAYS have at least one physical domain controller.

Is an Atom C2758 such as this guy Supermicro | Products | SuperServers | 1U | 5018A-FTN4 sufficient for a DC? We have under 1000 Active Directory objects. It would also need to run DNS, DHCP, and AD Certificate Services. This will be running Server 2012 R2. I'd give it 8GB of RAM and 500GB of hard disk space. I spec'd it out at at CDWG and it came out well under $1000. I see this as a significant cost savings from the full blown DP servers he's been buying in the past. Does this seem plausible or am I overlooking some requirement that should take way more than this?
 
N

NetWise

Active Member
Jun 29, 2012
596
133
43
Edmonton, AB, Canada
Absolutely no need to have one physical domain controller. I realize that may be a religious debate almost.

What one should do is ensure they have a DC that is off-cluster/off-san/off-site. But there's zero reason it can't be on a standalone non-clustered box with local disk that also runs other core replicated systems (eg: DFS-r secondary, exchange DAG, etc, etc)

8gb of ram should be fine for that size of environment. The 500gb will be ssd and mirrored? Probably massive overkill that box likely won't end up larger than 60-70gb in the end will it?
 
smithse79

smithse79

Active Member
Sep 17, 2014
205
39
28
44
We're a medium sized university department with generally good funding. We only have one site, no Exchange, no SAN for the Windows side. What we do have is a VERY mixed environment. Probably 70% Windows, 20% Linux, and %10 OSX all of it authenticating to AD.

Currently we have 2 main boxes. They are nearly identical Supermicro 1U, Dual L5520 Xeons. The only major difference between the 2 is that one has 6GB of RAM (physical DC) and the second got upgraded to 24GB so that it could be turned into a Hyper-V host. It houses our second DC, SCCM Server, and a Windows 7 VM.

I'm hoping to get him to purchase the Atom box to replace the physical DC, then purchase a beefy box to replace the Hyper-V host (I'm thinking 2P E5-v3) and use the 24GB box we already have to offload the SCCM SQL DB. In an ideal world, the SQL box would get purchased new as well, but this is higher-ed, and frankly the box still works just fine.
 
smithse79

smithse79

Active Member
Sep 17, 2014
205
39
28
44
MiniKnight said:
Can you get some kind of edu discount on Azure and run an AD as a service?
Click to expand...
Probably could and it would probably be super cheap, but I'm about 98% certain that wouldn't work with my boss. He's a Linux guy through and through and frankly tries to avoid Microsoft whenever possible. That's one of the reasons I wound up being responsible for it, I have a background in MS stuff and started taking it over bit by bit then he just let me have it all.
 
HotFix

HotFix

Member
May 20, 2015
87
23
8
Silver Spring MD
blogs.technet.com
NetWise said:
Absolutely no need to have one physical domain controller. I realize that may be a religious debate almost.

What one should do is ensure they have a DC that is off-cluster/off-san/off-site. But there's zero reason it can't be on a standalone non-clustered box with local disk that also runs other core replicated systems (eg: DFS-r secondary, exchange DAG, etc, etc)

8gb of ram should be fine for that size of environment. The 500gb will be ssd and mirrored? Probably massive overkill that box likely won't end up larger than 60-70gb in the end will it?
Click to expand...
Speaking to the Exchange DAG reference above , in general it's not recommended to install Exchange on a domain controller. There are multiple reasons for this:
Installing Exchange on a domain controller is not recommended: Exchange 2013 Help
The last bullet points out that it's not supported to run an Exchange on a clustered node (DAG) that is also a DC.

Then from a performance POV, by default all DCs disable disk write cache which really hurts applications like Exchange that want/need it.

So in short please do not install other major applications on your DC, especially Exchange. Leave your DCs as DCs so you can harden them as such w/o impacting other major applications. Installing supporting services such as DHCP or WINS is fine as they aren't major applications that are sensitive to performance issues like Exchange is.

Now on to smithse79's sizing question. As for the processor being good enough, 8 cores is generally more than enough for a DC even at a very large scale. The issue comes down to the speed/performance of those cores. Since you said you had 1000 objects in AD, I would classify that as a small to medium size business, and I am pretty sure that processor can keep up with that load from the load testing I looked into on that processor. Please don't be offended by that statement, I work in environments of 100K+ users alone. :)

As for the amount of memory, a good rule of thumb is to take the size of your AD database file (the NTDS.DIT file) and double it. So if the DIT file is 2GB, you would want a minimum of 4GB of RAM for your DC's operations (not including other memory requirements placed on the server by other applications such as monitoring/backup/antivirus/IDS/etc...).
There is detailed sizing guidance here:
Capacity Planning for Active Directory Domain Services - TechNet Articles - United States (English) - TechNet Wiki
I have a link for the 2x the size of your DIT file recommendation somewhere too but I can't seem to locate it at the moment.

I really recommend every environment have at least 1 DC per domain not be virtual so you can boot it up and get authentication working independent of any virtual environment (including storage infrastructure) issues that may be occurring. The boxes don't have to be heavy hitting as you have discovered, and personally I would rather have it and not need it then need it and not have it. :)
 
N

NetWise

Active Member
Jun 29, 2012
596
133
43
Edmonton, AB, Canada
To be clear - I meant a standalone virtualized host running those VM's No one in their right mind would run them all on one VM/Operating System. It's my opinion that you tried very hard to make that direct connection ;).

I mean that having a non-San virtualized host with local disk is an excellent way to provide a separate failure domain and also allow maintenance of the San, San fabric, cluster hosts, etc.

A standalone host could quite easily boot the DC VM first and the virtualization layer isn't going to matter much. All of which goes sideways from the sizing discussion, as noted.

8gb and 4 cores even low powered, will run a 1000 object DC just fine. Heck, I've seen numerous sites with twice that many objects on half as much resources without issue. Other than the software RAID and old OS and poor backup/restore capability - all of which being virtualized fixed handily.
 
HotFix

HotFix

Member
May 20, 2015
87
23
8
Silver Spring MD
blogs.technet.com
NetWise said:
To be clear - I meant a standalone virtualized host running those VM's No one in their right mind would run them all on one VM/Operating System. It's my opinion that you tried very hard to make that direct connection ;).

I mean that having a non-San virtualized host with local disk is an excellent way to provide a separate failure domain and also allow maintenance of the San, San fabric, cluster hosts, etc.

A standalone host could quite easily boot the DC VM first and the virtualization layer isn't going to matter much. All of which goes sideways from the sizing discussion, as noted.

8gb and 4 cores even low powered, will run a 1000 object DC just fine. Heck, I've seen numerous sites with twice that many objects on half as much resources without issue. Other than the software RAID and old OS and poor backup/restore capability - all of which being virtualized fixed handily.
Click to expand...
I tried hard to make that direct connection? Why would I bother to try to make any connection? I took this statement at face value:
"But there's zero reason it can't be on a standalone non-clustered box with local disk that also runs other core replicated systems (eg: DFS-r secondary, exchange DAG, etc, etc)"
I guess I was supposed to infer you meant everything running under a VM on that box even though you said "standalone". My bad I guess...

As for the amount of cores and more importantly the amount of RAM, I would be cautious about making blanket statements like that but rather refer to sizing guidance. 8GB will likely be sufficient for the OP's needs, but they need to check the sizing guidance against their environment to be sure.
 
smithse79

smithse79

Active Member
Sep 17, 2014
205
39
28
44
Looking at the size of our database, it's a whopping 86MB. I think that is plenty of RAM for us. Thanks for the guidance!!
 
You must log in or register to reply here.
Top Bottom