Re: Snapshots - Domain Controllers and persistent ...

java_cat33 · ‎03-11-2008

I'm in the process of planning to virtualize a domain controller - my first thought is that you do not want to ever revert back to a snapshot of this VM when it is a DC. My plan is to have 2 vmdk's, 1 for the OS, the other for AD.

My intentions are to set the disk for the AD database and logs to independent disk mode and set it to be persistent. My understanding of this is that it if the VM ever has a snapshot taken, the OS volume that does not contain the AD database can have a snapshot taken with no problems and reverted to. And the other disk that contains the AD DB and logs will be left as it is since it is set as independent and persistent.

There are more than 1 DC in this domain.

Is this correct? Is this a good approach?

Message was edited by: java_cat33

ejward · ‎03-11-2008

Wow, that's a pretty scary proposition. In theory it sounds like it would work. In practice it could be disastorous. Have you checked with Microsoft? Just pretend you're using their virtualization product.

If you are planning to virtualize a domain controller, does that mean it's physical now? If it is physical, how many times have you reverted back to a snapshot on that server? Never, right? Do you forsee the way you use this VM DC changing after it's virtual? I've got 2 VM DC's and they're treated just like physical servers. There's never been a need to revert to snapshots. I understand that there could be a patch that goes nuts but, Microsoft has been better at that than it has in the past.

java_cat33 · ‎03-11-2008

Yes I completely agree - I've never had to restore an image on a DC. However it is still quite simple for an administrative user who is not very experienced (or even an experienced administrator) to accidentally revert to a snapshot on a VM that is a DC...... scary huh :smileygrin:

My thinking is that if I remove that possibility from the equation it's one less issue to deal with in a worst case scenario.

Yes the DC is currently a physical, also hosting DNS, DHCP etc. I am not going to P2V it........ I'll create a new VM, export the DHCP database, dcpromo the server etc - power off the physical, bring up the VM with the same IP, promote it to a DC etc etc

Are you saying that you do snapshot your DC's? If so, why and would you revert to it?

ejward · ‎03-11-2008

We don't snapshot DC's. We do full system backups (Both virtual and physical) including system state. And really, if the system died, I'm not sure we'd use the system state.

Are you worried about YOU accidentally reverting to a snapshot or somebody else? You can easily take away someone's rights to create or revert to snapshots. You can set up a user type that has all administrator rights except the ability to revert to a snapshot. I had a situation recently where we were migrating VMs to new storage. You can't have snapshots if you want to migrate to new disk. I had one tech that kept creating snapshots even after I told him not to. I was able to just delete that right for him.

java_cat33 · ‎03-11-2008

No I am not worried about myself doing it - I'm worried about others. It's been requested by my client that they do not want DC's to be snapshot (and I completely agree) hence my comment regarding independent persistent disks (which is only useful if a DC has a snapshot anyway). When the Production domain is virtualized it needs to mirror DEV obviously - and there will be about 8 - 10 engineers with VC admin rights.

I'm aware of the fact you can't have snapshots if you want to migrate your VM to another datastore - they must be committed - or not created :smileygrin:

What it comes down to really is that I implement what I mentioned in my first post and also advise everyone concerned not to snapshot DC's etc..... if this is followed there should be an issue anyway in regards to snapshots being reverted :smileygrin:

It'll be worthwhile looking into having a group of users that cannot revert as you mentioned.

Thanks

All

Snapshots - Domain Controllers and persistent independent disks