Active Directory in Hyper-V environments, Part 4

This entry is part 4 of 10 in the series Active Directory in Hyper-V environments

Hyper-V in Windows Server 2008 Enterprise and Datacenter Edition offers the ability to make virtual machines highly available by leveraging failover clustering. This however is not a good idea in the case of Active Directory Domain Controllers.

In this post I’ll explain why Hyper-V High Availability for Domain Controllers is not a good idea and how to make Active Directory Domain Controllers highly available in a much easier, more cost effective way.

 

How Hyper-V High Availability works

When combining the Hyper-V Server Role with the Failover Clustering role in Windows Server 2008 you effectively create a High Available solution for virtual machines, stored on shared storage.

In it’s easiest (and most common) form two cluster nodes (“virtual hosts”), installed with Windows Server 2008 (Enterprise or Datacenter Edition), the Hyper-V Server Role and the Failover Clustering Server Role are attached to a shared storage device, where the files for a virtual machine (“virtual guest”) are stored.

One of the cluster nodes (“virtual host”) is the active node and runs the virtual machine (“virtual guest”). The other cluster node (“virtual host”) is the passive node. Both cluster nodes communicate through a heartbeat. That way the passive node can detect when the active node fails and become the active node. This is called a ‘failover’. The failover action can also be triggered manually.

The failover process

When a failover occurs behind the scenes the following actions occur:

  1. The virtual machine (“virtual guest”) is paused on the active node.
    The memory is written to *.vsv  and *.bin files in the process.
  2. The ownership of the shared storage volume on which the virtual machines files are stored, is transferred from the active node to the passive node. The active node loses its ability to access the files for the virtual machine (“virtual guest”) and effectively becomes the passive node. The former passive node gains control of the shared storage volume and can now access the NTFS file system on the shared storage device.
  3. The virtual machine (“virtual guest”) is resumed on the former passive node.

Another word for this behavior is called ‘Quick Migration’. The downtime for the virtual machine (“virtual guest”) depends on the amount of RAM assigned to the virtual machine (“virtual guest”).

 

Domain Controller High Availability

Doing it wrong…

The keyword above in light of Active Directory Domain Controller High Availability is paused. As you might remember from Active Directory in Hyper-V environments, Part 2 I gave the advice to:

Never save state or pause a Domain Controller
Always shut down virtual Domain Controllers properly to avoid replication errors.

When you start a Domain Controller, that is in a paused state it will take some time to regain accurate time. When the Domain Controller replicates without accurate time, replication errors occur.

Doing it right!

Within Windows Server 2008 Failover clustering you have granular control over the high availibility settings of each of the virtual machines (“virtual guests”) on each of the cluster nodes. You can choose whether to make a virtual machine highly available on a per virtual machine basis.

Choose not to make an Active Directory Domain Controller virtual machine (“virtual guest”) highly available using failover clustering. Instead deploy Active Directory Domain Controller virtual machines on at least two nodes. For this you don’t necessarily need shared storage.

This is consistent with best practices for physical deployments of Active Directory Domain Controllers: Active Directory uses a scale-out model.

 

Concluding

When you make Domain Controller virtual machines highly available using Hyper-V Failover Clustering in Windows Server 2008 you risk replication errors. Instead deploy multiple Domain Controller virtual machines and rely on the Active Directory model, like you would in a physical world. (Flexible Single Master Operations roles can be seized in case of emergency.)

Hyper-V R2, available in the Windows Server 2008 R2 timeframe will offer high availability without pausing and resuming virtual machines. (among other improvements)

Further reading

Hyper-V on Wikipedia
Virtualization with Hyper-V
Malcolm Davis’s Blog: Scale Up vs. Scale Out
Clustering Active Directory
Server Virtualisation – Live Migration vs. Quick Migration
Hyper-V Quick Migration & VMware Live Migration Part 1
Hyper-V Quick Migration & VMware Live Migration Part 2
Hyper-V Quick Migration & VMware Live Migration Part 3

Series Navigation<< Active Directory in Hyper-V environments, Part 3Active Directory in Hyper-V environments, Part 5 >>

leave your comment