• From: India
  • Registered: 2004-09-01
  • Posts: 1,979

Topic: virtual server in production environment

Hi guys, A friend of mine is being asked to create a w2k3 server in vmware in existing doamin in a way so that it replicate the Active directory and provide fault tolerance in case the main server goes down. He is asked to do so by his IT manager stating that copying and then deploying virtual disk is easier that restoring a physical server. Now what I want to ask you guys have any of you come across such a problem? also is this idea really worth applying?

सत्यमेव जयते!
  • From: United States
  • Registered: 2004-03-05
  • Posts: 2,192

Re: virtual server in production environment

Yeah it is worth applying, not to mention that it cuts down on $ and on the physical hardware. The Bank that used to be one of my clients has 2 physical servers and 6 VMware servers.

"It's not stupid, it's advanced." -Space Invader Zim

"Possum non errare, falli, decipi." -Nostradamus
  • From: India
  • Registered: 2004-09-01
  • Posts: 1,979

Re: virtual server in production environment

After reading the suggestion from the said friend, what I was thinking is. You create a virtual machine and install the windows2003 server in it and add it to the existing domain in a way so that It hold/replicate the active directory information. The manager asked to create this machine on the same server and asked to make backup only of the virtual disk. He told that if our main server get fail this virtual disk can be installed on other computers so that at least domain activity will not suffer and everyone know that this can be done much faster than installing/reinstalling the whole new server.

Last edited by whoiam55 (2010-02-12 05:42:08)

सत्यमेव जयते!
  • From: 404
  • Registered: 2004-02-09
  • Posts: 2,256

Re: virtual server in production environment

doesn't the sid of the said vm change when you restore vm disk only to a brand new vm... i was under impression that one needs to make a backup of the config of the vm as well... that just might fsck up your domain backup/restore plans. lol

fx64 is a Fedora 12 x86_64 spin features software for audio, video, graphics, office, internet, filesharing, instant messaging, and system administration. Post install script automatically installs Java, Flash, Skype and VirtualBox; 10K+ applications, games and utilities available from RPMFUSION. FREE!!!

gr00ve's Website

  • From: United States
  • Registered: 2004-03-05
  • Posts: 2,192

Re: virtual server in production environment

gr00ve wrote:

doesn't the sid of the said vm change when you restore vm disk only to a brand new vm... i was under impression that one needs to make a backup of the config of the vm as well... that just might fsck up your domain backup/restore plans. lol

I'm pretty sure you can make a backup of the VM itself (sort of like a ghost image of a physical disk, only for vm instead of physical)

"It's not stupid, it's advanced." -Space Invader Zim

"Possum non errare, falli, decipi." -Nostradamus
  • From: India
  • Registered: 2004-09-01
  • Posts: 1,979

Re: virtual server in production environment

using vmware you can use a virtul disk in single file, multiple files or on  completely dedicated disk or partition.

@gr00ve : I can setup a test lab to create a disaster situation, how can I know if machine's SID has change?

Last edited by whoiam55 (2010-02-12 05:37:38)

सत्यमेव जयते!
  • From: 404
  • Registered: 2004-02-09
  • Posts: 2,256

Re: virtual server in production environment

switch of the active dc, switch on the virtual. wait for kerberos attempt to issue new tickets, couple of account/password changes, watch the logs grow red [kidding, if you do that, you will actually be fscked domain wide lol, because when you switch the active dc back on, it will be unaware of the state of things during the time it was switched off]

on a serious note "ADSI Edit"

if the sid would be to change, pretty much most thing with domain authentication would be skewed. worst case scenario you'd end up rejoining each machine to the domain, sysprep'ing all the workstation, ouch...

http://i89.photobucket.com/albums/k221/ev00rg/welcome-to-hell.gif

fx64 is a Fedora 12 x86_64 spin features software for audio, video, graphics, office, internet, filesharing, instant messaging, and system administration. Post install script automatically installs Java, Flash, Skype and VirtualBox; 10K+ applications, games and utilities available from RPMFUSION. FREE!!!

gr00ve's Website

  • From: United States
  • Registered: 2004-03-05
  • Posts: 2,192

Re: virtual server in production environment

gr00ve wrote:

switch of the active dc, switch on the virtual. wait for kerberos attempt to issue new tickets, couple of account/password changes, watch the logs grow red [kidding, if you do that, you will actually be fscked domain wide lol, because when you switch the active dc back on, it will be unaware of the state of things during the time it was switched off]

on a serious note "ADSI Edit"

if the sid would be to change, pretty much most thing with domain authentication would be skewed. worst case scenario you'd end up rejoining each machine to the domain, sysprep'ing all the workstation, ouch...

http://i89.photobucket.com/albums/k221/ev00rg/welcome-to-hell.gif

*shrug* rejoining the machines to the domain can be done with a skript. (and yes I know how I spelled that) Just set it as a startup skript on the local admin account, then when you boot each machine and use that login it will automatically rejoin.

"It's not stupid, it's advanced." -Space Invader Zim

"Possum non errare, falli, decipi." -Nostradamus
  • From: India
  • Registered: 2004-09-01
  • Posts: 1,979

Re: virtual server in production environment

gr00ve wrote:

worst case scenario you'd end up rejoining each machine to the domain, sysprep'ing all the workstation, ouch...

rejoining each machine is not a pain, real pain is changing of the whole \document and setting\user folder.

gr00ve what are the real world solutions people use for such situation?

सत्यमेव जयते!