2 Replies Latest reply on Mar 30, 2018 4:12 PM by Sateesh_vCloud

    Active Directory servers with same IP address in two Data Centers

    gecon27 Lurker

      https://community.spiceworks.com/topic/2124302-active-directory-servers-with-same-ip-address-in-two-data-centersThe scenario we are interested in is a migration of ~1000 VMs (an MS Active Directory/Domain Controller and hundreds of Windows & Linux VMs with Java applications and their databases, with strong dependencies between several of the applications, i.e. an application may consume a number of REST API services offered by other applications and/or connect directly to some of the databases of these applications; all applications use the MS Active Directory for authentication) from Data Center A to Data Center B. The distance between the 2 Data Centers is ~3000 kilometers. Migration has to be performed in an active-active manner, meaning that both Data Centers will be offering services during the migration which is anticipated to last 6-9 months. Another requirement is that the IP addresses of the VMs remain the same. In order to cope with these requirements we plan to have some gateway at each site that will do NAT. We also plan to migrate the VMs in waves, trying to group as much as possible in each wave VMs that depend strongly between each other. Special handling will be needed for the MS Active Directory server which will have to be “duplicated” (multi-master replication) to Data Center B (say AD2) and remain in sync with that in Data Center A (say AD1), so that throughout the migration process, applications/services already migrated to Data Center B use AD2, while applications/services still in Data Center A continue using AD1. Keeping in mind that both AD1 and AD2 will have the same IP address, we are not sure how to handle routing in this case, as MS Active Directory is reported to have problems with NAT (refer to  https://support.microsoft.com/en-us/help/978772/description-of-support-boundaries-for-active-directo.... Any ideas are welcome. You may also want to check https://cloudblogs.microsoft.com/enterprisemobility/2009/04/22/dcs-and-network-address-translation/.

        • 1. Re: Active Directory servers with same IP address in two Data Centers
          Sateesh_vCloud Hot Shot

          I understand Data center migration is heavy topic:


          If you are looking for easy methods - look at the solutions like Zerto (I'm not promoting this product) which has features like sandbox testing and can carry network stack features.


          I'm not AD expert but pretty sure this is a general scenario for most of the customers to extend the AD functionalities to Recovery/Remote/DR sites.


          If you are not planning for version change but only Lift & Shift to save the VM's state - think of storage level replication (pre-seed - replicate - final cutover) and failover VM's in waves (assumption all are VM's)


          Keeping in mind that both AD1 and AD2 will have the same IP address - Do you mean same IP range or exact same IP value?  Also ~3000 kilometers is considered as a remote site (not sure of latency that you have and pipe connectivity)


          Having said that - preserving network schema for VM's Vs maintain consistent AD replication between sites seems tricky requirements


          As this is consultation work - depending on DC migration tools/companies may through brighter ideas


          To conclude -  list the individual dependencies like AD replication/VM grouping/Network NAT and list possible options with pros & cons of each method rather than treating this as a whole scenario as a puzzle to break.

          • 2. Re: Active Directory servers with same IP address in two Data Centers
            Sateesh_vCloud Hot Shot

            I found this from NSX material and thought of sharing which talks about DR but may be useful for migration scenario.


            Screen Shot 2018-03-30 at 4.09.49 PM.png