I guest this is my first post in the community
I'm trying to deploy ESXi, vCenter Server (virtual appliance), VCOPS, SRM, vSphere Replication, and VDP in a customer (all in version 5.1). They currently have no access to Active Directory Domain Services (or other directory services, such as LDAP) because the AD is managed by IT in HO (a multinational company). They also have no access to the authorized DNS servers.
For this deployment, I have a few (I hope) fundamental questions about VMware products implementation.
These questions have been on my nerve since last week. I don't have the resource to try and answer my own questions, so I hope you can share your thoughts and experiences with me.
I can really only speak to vSphere Replication, and the answer is no - you don't need it. Everything works fine with local auth and literal addresses (no DNS or ADDS in one of my environments, which is used solely as a replication target). SRM might be a little more tricky. Hopefully someone with SRM experience can shed some light on that for you.
Thank you for your response.
I'm still waiting to confirm my other concerns.
Does anyone has any experience for this matter?
I thought about this a little more and wanted to add a few things.
1.) Will you be using the vCenter Server appliance? If so, then you'll likely run into some issue configuring email alerts with no ADDS/DNS if you'll be using a mail server that exists in another domain. VMware KB: Emails sent from VMware vCenter Server Appliance 5.x are rejected
2.) Will any of the components sit on separate networks (across WAN), and will any of these networks have DNS?
3.) Since you're asking about SRM I am assuming you will have a replication/recovery target offsite somewhere? With no DNS, how do the users access the systems being run in the vSphere environment (the systems you are protecting)? Literal IP's? The idea with SRM is to be able to failover to a hotsite and do so with relative transparency to the users. Without a DNS server I'm thinking that you would probably be losing a lot of the automation in failover/failback that SRM can offer. SRM can update all of your DNS records during failover in order to redirect traffic. Without DNS I would imagine the process of updating IP's is a manual one. Hopefully someone with firsthand SRM experience can shed some light on this.
4.) Page 20 of the VCOPS implementation guide only states that domain accounts are recommended for users. Nothing about being required. I'm thinking you'll probably find a few hiccup as DNS seems to be largely assumed these days. http://www.vmware.com/pdf/vcops-5-installation-guide.pdf
Hi Blabarbera, thank you for your great thoughts.
1. Yes, it will be the virtual appliance. Email alerts will not be used, instead solely rely on SNMP.
2. All the components will sit on the same network. This network will have DNS server. The problem is, the new deployed DNS server will use the same domain name / zone as the authorized DNS server. I think this deployment model will not have impact to all the components. However, it will be an inconvenience for operations staff.
3. Yes, there will be a recovery target offsite. The systems that will be protected is using the authorized DNS. I guess I am going to learn more about SRM...
4. Thank you for this information. I have also read the VDP administration guide, and it said that DNS is mandatory or else there will be some problems. The key thing is that if we are not using DNS, VMware will not support it.
Just some updates.
I have implemented VDP & VCOPS without Active Directory and they work just fine (I use DNS though).
I will post the update after I have implemented SRM.