Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions
-
This is my first migration and Hyper-V setup. So, I've got a lot of lingering questions. Although many have told me virtualize, virtualize, virtualize, I almost feel more comfortable of sticking with having a physical DC/File Server.
-
Right now I do have one physical, but that is just because it was pre-virtualize. However, I'm in the process of rolling out another one. The key is that it will be on a separate host. I have two production hosts and one DC will be on one and one will be on the other.
One tip is make sure time for the DC does NOT sync with the host.
-
Join to the existing domain. You aren't making a new domain here, just updating the controller. So just join, promote and run side by side.
When you are ready move the FSMO roles and shut down the old one.
-
DCs use very few resources. Start with a single vCPU and adjust up if this isn't enough. It is very easy to tweak the CPU up.
-
I would start with ~3GB and see how much that you use. If running core you might easily be able to reduce down to closer to 2GB.
-
Now that you will be virtual you can do some segmentation of services. What are moving to, 2012 R2?
-
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
-
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
DNS is going to be part of the DC anyway. File Server won't be heavily reliant on more RAM or processor cores, but IOPS and Bandwidth, but for a small server, no big deal. The RAM/CPU should be adjusted upwards based on the requirements of the A/V and Backup applications. Why not just leave it a DC and build another VM for the other stuff?
-
@DenisKelley said:
My virtual DC is just 2 cores (EDIT: it is actually only one core) and 3GB RAM and that might be overpowered. I've decided to not join my VMware hosts to Active Directory so I can connect to them in an unfortunate event when all DCs may be unavailable. I only have 3, so not really a big deal.
You realize that you still have access with the local users to VMWare if needed.
-
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
I have SBS 2008 in Hyper-V and VMWare as well as SBS 2011 in VMWare at various clients. They all have 2 vProcs and 8GB of vRAM assigned to them. If I was not using Exchange on those boxes I would cut it down to 4GB of vRAM.
-
@JaredBusch said:
@DenisKelley said:
My virtual DC is just 2 cores (EDIT: it is actually only one core) and 3GB RAM and that might be overpowered. I've decided to not join my VMware hosts to Active Directory so I can connect to them in an unfortunate event when all DCs may be unavailable. I only have 3, so not really a big deal.
You realize that you still have access with the local users to VMWare if needed.
Yeah, I do now. I was thinking about that when I wrote it, but yeah, you're right. At the time, it seemed much simpler.
-
@DenisKelley said:
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
DNS is going to be part of the DC anyway. File Server won't be heavily reliant on more RAM or processor cores, but IOPS and Bandwidth, but for a small server, no big deal. The RAM/CPU should be adjusted upwards based on the requirements of the A/V and Backup applications. Why not just leave it a DC and build another VM for the other stuff?
So, say:
VM1: Domain/DNS
VM2: File Server/Web Services/Print Server/Backup Services/Anti-Virus SuiteHow much memory for the VM2 would you suggest then for VM2?
-
@garak0410 said:
So, say:
VM1: Domain/DNS
VM2: File Server/Web Services/Print Server/Backup Services/Anti-Virus SuiteHow much memory for the VM2 would you suggest then for VM2?
I would start with 4
-
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
You'll want to increase allotments as you add things but not very much. Those roles typically use very few resources. Although you want to separate stuff to some degree, not be all one server.
-
I agree. 4GB in the second VM is a good starting point. Remember that you can adjust anytime. There is nothing locking you down.
-
You guys are forcing me to think. LOL. I've gotten so spoiled to the one stop shop of Small Business Server. So if I separate them, how does that affect my files and permissions? I know that sounds like a rudimentary question but as Scott said earlier, my nerves are showing and I am perhaps more capable and more knowledgeable than I think I am. If I serve my files on another server, how does that come into play when I do the migration. That is, when promoted, how will my new domain server know to assign permission to the new file server? I know that sounds like a dumb question and it may not be clear, but trying to cross every T and dot every I...
-
If they are just DC's you can get away with running 2GB RAM, 1 vCPU and 60-80GB's disk space, thin provisioned and using dynamic memory allocation.
-
File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.
When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.
Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.
-
@Dashrender said:
File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.
When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.
Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
-
@garak0410 said:
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.
