Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

The things that are better left unspoken

a blog by Sander Berkouwer

Related

AD Manager Plus
 

Blog roll

News



Archives

Active Directory in Hyper-V environments, Part 4

Hyper-V in Windows Server 2008 Enterprise and Datacenter Edition offers the ability to make virtual machines highly available by leveraging failover clustering. This however is not a good idea in the case of Active Directory Domain Controllers.

In this post I’ll explain why Hyper-V High Availability for Domain Controllers is not a good idea and how to make Active Directory Domain Controllers highly available in a much easier, more cost effective way.

   

How Hyper-V High Availability works

When combining the Hyper-V Server Role with the Failover Clustering role in Windows Server 2008 you effectively create a High Available solution for virtual machines, stored on shared storage.

In it’s easiest (and most common) form two cluster nodes (“virtual hosts”), installed with Windows Server 2008 (Enterprise or Datacenter Edition), the Hyper-V Server Role and the Failover Clustering Server Role are attached to a shared storage device, where the files for a virtual machine (“virtual guest”) are stored.

One of the cluster nodes (“virtual host”) is the active node and runs the virtual machine (“virtual guest”). The other cluster node (“virtual host”) is the passive node. Both cluster nodes communicate through a heartbeat. That way the passive node can detect when the active node fails and become the active node. This is called a ‘failover’. The failover action can also be triggered manually.

The failover process

When a failover occurs behind the scenes the following actions occur:

  1. The virtual machine (“virtual guest”) is paused on the active node.
    The memory is written to *.vsv  and *.bin files in the process.
        
  2. The ownership of the shared storage volume on which the virtual machines files are stored, is transferred from the active node to the passive node. The active node loses its ability to access the files for the virtual machine (“virtual guest”) and effectively becomes the passive node. The former passive node gains control of the shared storage volume and can now access the NTFS file system on the shared storage device.
        
  3. The virtual machine (“virtual guest”) is resumed on the former passive node.

Another word for this behavior is called ‘Quick Migration’. The downtime for the virtual machine (“virtual guest”) depends on the amount of RAM assigned to the virtual machine (“virtual guest”).

    

Domain Controller High Availability

Doing it wrong…

The keyword above in light of Active Directory Domain Controller High Availability is paused. As you might remember from Active Directory in Hyper-V environments, Part 2 I gave the advice to:

Never save state or pause a Domain Controller
Always shut down virtual Domain Controllers properly to avoid replication errors.

When you start a Domain Controller, that is in a paused state it will take some time to regain accurate time. When the Domain Controller replicates without accurate time, replication errors occur.

Doing it right!

Within Windows Server 2008 Failover clustering you have granular control over the high availibility settings of each of the virtual machines (“virtual guests”) on each of the cluster nodes. You can choose whether to make a virtual machine highly available on a per virtual machine basis.

Choose not to make an Active Directory Domain Controller virtual machine (“virtual guest”) highly available using failover clustering. Instead deploy Active Directory Domain Controller virtual machines on at least two nodes. For this you don’t necessarily need shared storage.

This is consistent with best practices for physical deployments of Active Directory Domain Controllers: Active Directory uses a scale-out model.

   

Concluding

When you make Domain Controller virtual machines highly available using Hyper-V Failover Clustering in Windows Server 2008 you risk replication errors. Instead deploy multiple Domain Controller virtual machines and rely on the Active Directory model, like you would in a physical world. (Flexible Single Master Operations roles can be seized in case of emergency.)

Hyper-V R2, available in the Windows Server 2008 R2 timeframe will offer high availability without pausing and resuming virtual machines. (among other improvements)

Related posts

Active Directory in Hyper-V environments, Part 1 
Active Directory in Hyper-V environments, Part 2 
Active Directory in Hyper-V environments, Part 3  

Further reading

Hyper-V on Wikipedia 
Virtualization with Hyper-V 
Malcolm Davis's Blog: Scale Up vs. Scale Out
Clustering Active Directory 
Server Virtualisation - Live Migration vs. Quick Migration 
Hyper-V Quick Migration & VMware Live Migration Part 1 
Hyper-V Quick Migration & VMware Live Migration Part 2 
Hyper-V Quick Migration & VMware Live Migration Part 3

Posted: Friday, November 21, 2008 5:33 PM by Sander Berkouwer

Comments

The things that are better left unspoken said:

The Windows Server 2008 R2 timeframe will also bring the next version of the Hyper-V technology. This new version can either be seen as Hyper-V R2 or Hyper-V v2.0 (depending on your opinion on Hyper-V) and comes with a load of new features and hardware support. These get explained in this post.

# December 9, 2008 2:42 PM

The things that are better left unspoken said:

Designing and implementing a virtual environment on top of Hyper-V can be challenging. In the first four

# April 21, 2009 12:52 PM

Arņa piezīmes said:

Vēlamies virtualizēt domeina kontrolierus? Laba ideja! Tomēr ir dažas lietas, kuras ir jāizlasa un jāsaprot par virtuālo vidi un kā AD kontrolieri tur uzvedīsies.

Informācijas izklāstu sāksim ar šo oficiālo Technet rakstiņu:
Running Domain Controllers in Hyper-V
Šajā rakstā atradīsim plānošanas, ieviešanas un darbības apsvērumus.

Tomēr paliek vēl nianses par kurām būtu nepieciešams padomāt un iespējams plānošanas laikā var ieviest izmaiņas, lai izvairītos no iespējamajām problēmām, kuras aprakstītas šajā rakstu sērijā:

Active Directory in Hyper-V environments, Part 1
Active Directory in Hyper-V environments, Part 2
Active Directory in Hyper-V environments, Part 3
Active Directory in Hyper-V environments, Part 4
Active Directory in Hyper-V environments, Part 5

# July 8, 2009 2:10 AM

John Policelli's Blog » Blog Archive » Active Directory in Hyper-V Environments said:

There’s no doubt that virtualization is hot these days. The following articles, posted on the Dirteam.com Blog, will answer virtually all (no pun intended) questions that you have when it comes to Active Directory in Hyper-V environments.

  • Active Directory in Hyper-V environments, Part 1
  • Active Directory in Hyper-V environments, Part 2
  • Active Directory in Hyper-V environments, Part 3
  • Active Directory in Hyper-V environments, Part 4
  • Active Directory in Hyper-V environments, Part 5
  • Active Directory in Hyper-V environments, Part 6
# October 27, 2009 4:48 PM
Anonymous comments are disabled