Spinning Up an ADDC VM "in the Cloud" - Best Practices, Tips, Tricks, Advice on Logistics, Providers, Etc?
-
What we did, before phasing out AD and our LAN/VPN completely, was use AD on Azure (not Azure AD) and Pertino.
We put our "primary" AD DC into Azure East (Virginia) and our "secondary" into Azure Iowa. We used the two vCPU option which is 2.75GB of RAM, if I remember correctly. Worked fine. Windows Server 2012 R2.
With Pertino on each server and on every node in our network everything was able to talk to both AD DCs at any time. All functions like a single normal LAN. No special configuration needed other than the DNS handling built into Pertino.
-
@scottalanmiller said:
@wrx7m said:
@Dashrender Thanks, I went enterprise with the gateway.
And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.That's new since any of us used it.
Which part is new; the gateway or the DC requirement?
-
@wrx7m said:
@scottalanmiller you never cease to amaze me
I'm the one who pushed them for the gateway appliance, too. They had had one before they went live with the product but never released it. I made them bring it out because the product really wasn't fully viable without it for 90% of customers.
-
@wrx7m said:
@scottalanmiller said:
@wrx7m said:
@Dashrender Thanks, I went enterprise with the gateway.
And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.That's new since any of us used it.
Which part is new; the gateway or the DC requirement?
The gateway. We at @ntg were using the AD system before they released it. We did the work manually to make it work, documented it and I did some work with them on designing both the AD handling and the DNS override ideas (the DNS especially) to get it to work with our design and to enhance it for better flexibility and ease of use. So the AD has been around for a long time, the gateway only recently.
-
@scottalanmiller very interesting. I completely agree that it makes the most sense to have the gateway. I am just surprised that they wouldn't include it in the lower tier business plans.
-
OK, so VPN, check.
Is SAM endorsing Azure for hosting an ADDC VM?
-
@wrx7m said:
Is SAM endorsing Azure for hosting an ADDC VM?
Azure works fine, Rackspace works fine. RS has VPS functionality which makes them far more accessible to SMBs. Amazon AWS is excellent but much harder to use, but not really harder than Azure. Rackspace is the best if you only have a box here and there. We use four cloud carriers currently plus normally multiple colo facilities. It depends on your other systems what will work best for you.
-
@scottalanmiller I should check out rackspace. Although, I am using S3 and glacier for some off-site backup and archiving.
Speaking of which, I am using VMware and Veeam for all my virtual machines. What would I use to backup the hosted DC?
-
Hosted is backed up to the hosting facility. If you choose Rackspace, for example, you would take a snapshot of your virtual machine and it will automatically export to RS Cloud Files (the same facility that hosts our images for the site here) and that is your backup. If you need a file based backup additionally you would likely use something like StorageCraft which is agent based and target any storage that you want. But typically you would just use the image backup on the host itself. Remember that you are looking at multi-regional high availability here so going to backup to do a system restore would be a truly epic situation.
-
@scottalanmiller good info. Seems pretty straight forward. Since this is a DC, I would only be concerned if RS AND my on-site infrastructure and backups AND off-site backups some how got destroyed.
I was also wondering for future projects in a general sense.
-
You are going to maintain an on premises AD DC as well?
-
@scottalanmiller I was planning on it
