Hi all,
I would like to convert my DC's to VM's.
My PDC Emulator is also the NTP server and all ESX servers are configures to use it.
Do you see any problem with configuring ESX servers to use a guest VM that is an NTP server?
Thanks, Yair
Leaving aside the idea of converting a domain controller into a VM, putting an NTP server in a VM does not make a lot of sense. NTP requires close access to the processor and hardware clock, the former to measure time intervals between clock updates and network delay between itself and upstream servers and the latter to calibrate and slew the clock. Since the VM has access to neither by virtue of being in a virtualised environment, all of the measurements performed by the virtualised NTP server are therefore suspect and should not be trusted -- garbage in, garbage out.
Only one, where does the DC get it's time from? If you can get the source direct to the ESX host, it would better. The VM time will stil drift, so it won't be accurate time piece.
Currently the DC reads time from it's own physical server clock, so if I convert it to a VM and install VMWare tools it will update from the ESX server.
I'm new to ESX and from what I understand there will be an endless loop of time updates, because the VM clock are not always synchronised with the ESX. Am I correct?
And if so, the DC will have a slight time gap and then the ESX servers would be updated with this gap (because the DC is their NTP) and later the DC could have another time gap and update the ESX servers with this gap also.
Is it true or am I going too far with this?
I have seen conflicting whitepapers on this issue, some say to use the VMware tools to time sync due to time drift, however some say to use Windows Time to your PDC then use a GPO to sync your PDC to a hardware source i.e. router. We use the latter option and seems to work well.
I would seriously review converting all your DC's into virtual machines though. A DC should not be resource intensive and can run on in-expensive hardware. I would try and keep them physical, or at least one of them. If you choose to virtualise some or all DCs then spent time planning the admin of them. VMware makes it all too easy to roll back using snapshots... bad idea for DC's Maybe you should use independent disks that are not affected by snapshots? Just a thought.
Hello,
The DCs time source should be a physical system, i.e. router, etc. There is absolutely no reason a DC can not be virtualized. Just make sure its time source is not a VM. But some physical source inside your company which may sync to outside the company.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354
As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
Leaving aside the idea of converting a domain controller into a VM, putting an NTP server in a VM does not make a lot of sense. NTP requires close access to the processor and hardware clock, the former to measure time intervals between clock updates and network delay between itself and upstream servers and the latter to calibrate and slew the clock. Since the VM has access to neither by virtue of being in a virtualised environment, all of the measurements performed by the virtualised NTP server are therefore suspect and should not be trusted -- garbage in, garbage out.
I have to agree with aremmes, i wouldn't use the NTP time from the VM.
I also have had a lot of issue with using the "Time Sync" with Tools, i would get clock drifts of minutes. I noticed this when trying to run my VMmark Testing.
I set up an NTP source on my Virtual Center server, which is also a DC, this works great.