2nd Domain Controller, or vMotion / HA

[ARNiTECT]

It’s a small network, but for redundancy, I have 2 Domain Controllers on separate hosts. The secondary DC is useful when I’m rebooting and making changes to the main server.

Could I effectively get rid of the secondary DC and instead use vMotion or vSphere HA to achieve the same results? So if the DC goes down on Host1 (controlled, or through fault etc) an exact replica takes over on Host2 with no loss of service?

Host1 is ESXi 6.7U2 with DC1 VM (Windows Server 2019), vCentre Server Appliance VM, OmniOS storage VM and lots of other VMs.
Host2 is ESXi 6.5U2 with DC2 VM & OmniOS storage VM.
(all VMs are version 6.5 to allow me to move them from Host1 to 2, if required)

 

[Peanuthead]

You can keep one DC if you are doing work on a host and vmotion it to the online host. If you are doing work on the DC then you need to run a second DC with a rule to keep it on the other host.

 

[DavidRa]

From a "doing it the right way" perspective, you should have 2 DCs with appropriate rules (DRS for VMware I think) that schedule them on separate hosts.

 

[ARNiTECT]

Thanks!
The reason I am investigating losing the secondary DC, is the storage VM (OmniOS/napp-it) can only accept one AD entry and the primary DC is stored on the OmniOS VM, so there is no AD when OmniOS boots and the SMB shares don't work until the AD is up and the SMB service is manually restarted. This doesn't mean I need to lose the secondary DC, just that the primary DC needs to be on before OmniOS.

I know very little about vMotion / HA / DRS at the moment. I would need to replicate the processing and storage of the primary DC VM on both hosts.

 

[StevenDTX]

Thanks!
The reason I am investigating losing the secondary DC, is the storage VM (OmniOS/napp-it) can only accept one AD entry and the primary DC is stored on the OmniOS VM, so there is no AD when OmniOS boots and the SMB shares don't work until the AD is up and the SMB service is manually restarted. This doesn't mean I need to lose the secondary DC, just that the primary DC needs to be on before OmniOS.

I know very little about vMotion / HA / DRS at the moment. I would need to replicate the processing and storage of the primary DC VM on both hosts.

Use the domain name itself, instead of a Specific DC.it will use dns to find a working DC.

 

[ARNiTECT]

It doesn't look like it is possible in OmniOS

The options I have in Napp-it are:
name of domain: eg domain.local
IP of ad-domain-server: eg 192.168.0.1
LM authentication level: [options: - , 1, 2, 3, 4]
domainadmin: username
password: password

secondary DC can be entered for Solaris OS only

 

[StevenDTX]

What version of NappIt are you running? Mine has a spot for a second DC.

 

[Rand__]

How about Fault Tolerance? Been doing that for a while with my DC

 

[ARNiTECT]

What version of NappIt are you running? Mine has a spot for a second DC.

Napp-it 20.01 pro, but I'm using OmniOS, only Solaris allows a second DC.

How about Fault Tolerance? Been doing that for a while with my DC

Not sure what you mean, I'm new to multiple DCs, having used SBS2011 for years. Is it possible to have a second DC using the same IP address as the primary, which only activates when it sees the other one is down?

 

[Rand__]

VMWare Fault Tolerance

 

[StevenDTX]

Napp-it 20.01 pro, but I'm using OmniOS, only Solaris allows a second DC.

im using OmniOS

 

[ARNiTECT]

VMWare Fault Tolerance

I imagine ideally DC1 has primary Host1 and failover Host2.
VMware Fault Tolerance, HA and vMotion all sound like similar services, which is the most straightforward to implement?
Host 2 only has a couple of 1Gb NICs, are there any specific hardware requirements?

 

[ARNiTECT]

im using OmniOS

Do you have any issues with SMB service when the primary DC is down for a length of time? I understand it can cope with short outages.

 

[StevenDTX]

Do you have any issues with SMB service when the primary DC is down for a length of time? I understand it can cope with short outages.

Sorry, .i only use it as a SAN. No SMB. I was just curious about the AD settings.

 

[Rand__]

VMware Fault Tolerance, HA and vMotion all sound like similar services, which is the most straightforward to implement?
Host 2 only has a couple of 1Gb NICs, are there any specific hardware requirements?

FT is the one you'd want but If you're not familiar with it vmWare I wouldn't recommend to run it

 

[ARNiTECT]

FT is the one you'd want but If you're not familiar with it vmWare I wouldn't recommend to run it

I had a look at a couple of videos on youtube. Functionally FT would be useful and I'm sure I could get it working, but its not as simple as I'd hoped. Will move DC1 to another datastore and start it first..

 

[Rand__]

And it has some caveats when its not working as expected

 

[gb00s]

Am I wrong if you have both DC's virtualized in a VM on ESXi? What if both VM's go down due to a 'bug' in ESXi 6.5 & 6.7 (worst case)? I want at least one physical DC.

 

[StevenDTX]

Am I wrong if you have both DC's virtualized in a VM on ESXi? What if both VM's go down due to a 'bug' in ESXi 6.5 & 6.7 (worst case)? I want at least one physical DC.

Its fine as long as they arent in the same cluster, physical datacenter, storage, etc.

 

[Rand__]

Its a matter of preparation as always - similar as you wouldnt upgrade both DCs (phys or virt) at the same time [if you can prevent it] for the fear that M$ borked an update again so you wouldnt upgrade your vSphere cluster at the same time (or with appropriate tests).
The beauty of VMs is that its fairly easy to spin up a new Box where you can run the DC VM (from backup if need be) to at least get basic services up and running again.
O/c there are dependency chains to watch out for (think vCenter AD integration without emergency user)