Active Directory servers with same IP address in two Data Centers
The scenario we are interested in is a migration of ~1000 VMs (an MS Active Directory/Domain Controller and hundreds of Windows & Linux VMs with Java applications and their databases, with strong dependencies between several of the applications, i.e. an application may consume a number of REST API services offered by other applications and/or connect directly to some of the databases of these applications; all applications use the MS Active Directory for authentication) from Data Center A to Data Center B. The distance between the 2 Data Centers is ~3000 kilometers. Migration has to be performed in an active-active manner, meaning that both Data Centers will be offering services during the migration which is anticipated to last 6-9 months. Another requirement is that the IP addresses of the VMs remain the same. In order to cope with these requirements we plan to have some gateway at each site that will do NAT. We also plan to migrate the VMs in waves, trying to group as much as possible in each wave VMs that depend strongly between each other. Special handling will be needed for the MS Active Directory server which will have to be “duplicated” (multi-master replication) to Data Center B (say AD2) and remain in sync with that in Data Center A (say AD1), so that throughout the migration process, applications/services already migrated to Data Center B use AD2, while applications/services still in Data Center A continue using AD1. Keeping in mind that both AD1 and AD2 will have the same IP address, we are not sure how to handle routing in this case, as MS Active Directory is reported to have problems with NAT (refer to https://support.microsoft.com/en-us/help/978772/description-of-support-boundaries-for-active-directo.... Any ideas are welcome. You may also want to check https://cloudblogs.microsoft.com/enterprisemobility/2009/04/22/dcs-and-network-address-translation/.