I'm sure this question has come up before but I haven't been able to find much discussion of it in the forums.
Basically I have created a new domain controller at the recovery site and am using standard Active Directory replication to keep this host up to date. To enable testing of systems in the SRM Recovery Plan I need a copy of this domain controller in the test network, obviously this will provide the test systems with a source of authentication, name resolution etc.
My first thought was to use a SRM command call-out to a powershell script, it would initiate a clone of the VM and then another script to seize the FSMO roles etc.
Not a bad idea but I was interested to hear what others in the group are doing to achieve similar results or if anyone had a better idea.
Thanks in advance.
We're basically doing the same, although no FSMO seizing...no need for those roles when we're testing failover. We make sure the DC we're cloning is a GC and handles DNS for the AD specific zones.
Appears cloning the DC is a popular way to go, will give it a try as the only other option I could think of was to leave a DC in the recovery site and add a domain controller to the recovery plan.
I started off with replicating the AD using the array...
But later moved over to having DCs in the Recovery Site using standard MS AD Replication...
The dependency (being able to login to vCenter via AD) convinced me this was the more appropriate way to go...
Author of the SRM Book:http://stores.lulu.com/rtfm
Free PDF or at-cost Hard Copy
I'm using a hybrid, or shotgun, approach with A.D. servers holding all FSMO roles in my production environment. I also have 2 A.D. servers in my DR site on the same network as my VC/ESX servers using MS A.D. replication between sites. The production site A.D. servers are necessary for all recovery plans due having hard coded IP addresses in non-Windows hosts in my environment. I'm doing bi-directional storage replication to protect all A.D. servers. For various reasons that might rhyme with laziness I want to avoid customization scripts to alter DNS properties since I can't automate the same with physical servers.
i am curious about the test network you attach the cloned DC to.
I have a client that would like to do a test failover, but also go to the DR site and check applications from client machines.
My intial thoughts were to clone the DC and other VMs into a VLAN (which the clients are located in) that cant break out from its own sunbet.
I'm curious as to what other people are doing in this type of scenario?
Having an isolated VLAN and a couple of clients on that VLAN would work. If working on the VM console is ok then you could easily spin up a couple of client VMs and just have those connected to the isolated VLAN, which will alreday exist on the hosts.
Something that popped into a chat i was having with a friend about SRM and fencing off recovered FSMO role holder DC's etc. He mentioned currently his company cut the link between protected and recovered and block certain ports on the firewall during a test just to be sure.
One thing popped into my mind was vshield zones. Then i read mikes article http://searchvirtualdatacentre.techtarget.co.uk/news/column/0,294698,sid203_gci1381418,00.html
about cross networking fencing. Has anyone tried using vshield zones in a test failover to isolate VMs etc?
I would be interested to hear any thoughts.