Friday, 9 September 2016

Virtualizing Active Directory

Along time ago I wrote that is was a good idea to have virtual active directory servers, as this is a very quick way to recover in a disaster recovery.

What I forgot to mention at the time are the things you need to think about to have in place for this to work.
For example, Microsoft doesn't like supporting you unless the platform is hyper-v however VMware will support you.

but sorry to say you have limited or no support on other platforms.

Also to avoid dirty writes and this is something I hope you have already done for your databases and application servers that are virtualized, to disable the write cache.
This should be less of an issue if you are using a SAN.

Last but not least do test the restores, create at least one isolated VLAN to restore active directory to so that you are sure current backup works, and you can do this at least once a month as finding out you have a corrupt active directory and can't restore it is a nightmare you don't want to ever have.
That said the benefits of being able to do restores quickly and being able to script even the disaster recovery tests make this it worth it.

As an example, a disaster recovery test used to take 6 hours for active directory restoring it and then being able to bring up applications.
With scripting and backups on the SAN, virtual tape library, it was now done with only a few commands in under 40minutes.

No comments: