Solved Hyper V replica VS Veeam B&R Replica.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
It's a best practice to include a second DC.
That's not really true. That's a case where a vendor with money to make states that somewhere, but vendors don't get to define best practice. They make money selling you extra copies, not from you having good backups.
Like all things in the HA arena, it requires an evaluation of risk and cost for each workload. AD is actually one of the least critical workloads for a normal SMB, assuming that they have it. I've seen companies go weeks without even knowing that their one DC was down, let alone lose money from it. Some companies have heavy AD dependencies that cause real problems when AD is down, others have just a little, some have effectively none.
Even companies with quite some dependency, it's rarely something that impacts them in minutes. It can be, but very rarely. Restore of a DC is very fast.
The cost of a second DC (that runs on secondary hardware) is often $600+ for the OS license and $1,000+ for the server hardware. Plus IT's time to manage and maintain that, updates in the future, another system to be secured, etc. Even if we keep the cost at $1,600, that's a lot of money for an SMB if they can't show any risk from AD downtime.
-
You can also address them directly to me in PM here. Also, I have PMed you my email in case you prefer that way of comunication
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
It's a best practice to include a second DC.
Like all things in the HA arena, it requires an evaluation of risk and cost for each workload. AD is actually one of the least critical workloads for a normal SMB, assuming that they have it. I've seen companies go weeks without even knowing that their one DC was down, let alone lose money from it.
These companies do not need AD then.
In places where active directory IS NEEDED, you can't have AD down for days or weeks. If AD can be down without any cares in the world, then these places are wasting Windows licenses on separate DHCP servers, separate DNS servers, etc. They can combine them and bring about another DC with those services on. A place you feel only needs one DC isn't big enough to not have AD/DNS/DHCP/Print/etc all on the same server/vm. So yeah, you can't have just one.
If AD (and everything else on it) can go down for an hour while you restore it and nobody will notice, and if you can do all maintenance on your DC during off hours (if there are any for said company), then fine. This isn't most SMBs. Most SMBs have DNS and DHCP set up to use the DC dns on workstations. If your computers dns server is set to a machine that is turned off, it can't get out if it's not cached.
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
I think what you mean to say is that "most very tiny shops" should only have one DC. Places where DHCP, DNS and other services don't depend on that DC. I don't think these places need AD in the first place.
There's just too many assumptions to be made to say most SMBs should only have one DC. Too many things overlooked. SMBs just don't have a single server dedicated for only AD. Bigger places, sure. Not "most SMBs".
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
It's a best practice to include a second DC.
Like all things in the HA arena, it requires an evaluation of risk and cost for each workload. AD is actually one of the least critical workloads for a normal SMB, assuming that they have it. I've seen companies go weeks without even knowing that their one DC was down, let alone lose money from it.
These companies do not need AD then.
Just because they are resilient to downtime? That's not a good indicator. Email is like that, but would you say that companies don't need email just because it is asynchronous? Or that voicemail having a ten minute delay not being a problem means that they don't need it?
Lots of things can handle minutes or hours of downtime without causes problems, that doesn't make them unnecessary.
Of course, no company needs AD, some of the biggest run without it. But of those that use it, most don't need HA.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
In places where active directory IS NEEDED, you can't have AD down for days or weeks. If AD can be down without any cares in the world, then these places are wasting Windows licenses on separate DHCP servers, separate DNS servers, etc.
Definitely. The average company either goes crazy and doesn't buy anything that they need (backups, that's just duplicates, I won't pay for that!) or the other way (we only earn $10K a year, but we feel important so every system that we have needs to be HA no matter how little money we lose if we are done!)
The average company that uses HA doesn't need it. I'd say easily 80% that have it should not have it. Money wasted everywhere. The majority of companies we see in places like SW, for example, claim that HA is a "need" and if you look, it turns out that they never had HA at all. It's just something companies say because it makes them feel good that they "can't go down", but if you are an SMB, almost certainly going down sometimes is a better financial decision than paying to make sure that you never do.
As @networknerd likes me to point out "It's like shooting yourself in the face today to avoid a headache tomorrow."
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
That may be true, but....
- We aren't talking about other services, only AD.
- It's applications, not size that determines how an AD outage impacts you.
- Small companies can easily go days without DHCP and can fail over to external DNS in many cases.
- The average SMB can go days without their fileservers more cost effectively than protecting against an outage.
- Those that can't wouldn't have them on the same VM.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I think what you mean to say is that "most very tiny shops" should only have one DC. Places where DHCP, DNS and other services don't depend on that DC. I don't think these places need AD in the first place.
I mean to say - the majority of shops under 2,000 users will not have a risk that justifies the expenditure necessary for a failover DC cluster. And almost all under 100.
-
Why do you keep bringing up HA and clustering? I'm not talking or implying anything relating to HA or clustering. I only brought it up in a previous post to say NOT to use it in the OPs usage scenario.
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
That may be true, but....
- We aren't talking about other services, only AD.
- It's applications, not size that determines how an AD outage impacts you.
- Small companies can easily go days without DHCP and can fail over to external DNS in many cases.
- The average SMB can go days without their fileservers more cost effectively than protecting against an outage.
- Those that can't wouldn't have them on the same VM.
No buts, because in all of these cases we can't Not talk about "only" AD. In every single case where a company would only run 1 DC, they are either (a) running DC/DNS/DHCP/Print/etc all "on the DC" or, (b) running multiple physical or virtual servers 1 for DC, 1 for dns, 1 for dhcp, 1 for print, etc.
There are no other cases where an SMB would be running only a single DC by itself for their entire company or AD forest.
That being said, with case (a) they would definitely in fact need a second VM/server, or in case (b) they can consolidate and use a freed up license to run the second DC (infrastructure server) with the other services on it.
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
It's a best practice to include a second DC.
Like all things in the HA arena, it requires an evaluation of risk and cost for each workload. AD is actually one of the least critical workloads for a normal SMB, assuming that they have it. I've seen companies go weeks without even knowing that their one DC was down, let alone lose money from it.
These companies do not need AD then.
Just because they are resilient to downtime? That's not a good indicator. Email is like that, but would you say that companies don't need email just because it is asynchronous? Or that voicemail having a ten minute delay not being a problem means that they don't need it?
Lots of things can handle minutes or hours of downtime without causes problems, that doesn't make them unnecessary.
Of course, no company needs AD, some of the biggest run without it. But of those that use it, most don't need HA.
That's not what I mean. You can't run AD without DNS. So this means the company is running a server with ONLY AD on it, no dns, dhcp, etc. So if AD can go down for "weeks", you simply don't need it. AD being down is not being resilient to downtime. It's simply not using a service you are running. This means the small company is still functioning just fine with their other wasted server licenses that are running the dns, dhcp, and print services. And lets hope they aren't running any services that depend on AD.
You can run dhcp just fine on a switch. Your gateway can be set to use 8.8.8.8 for dns. DHCP on your switch can tell clients to use google dns. You can share printer connections. A small number of computers can have user logins without AD.
If your company can manage without AD for a week, you do not need it. That is a fact. Nothing resilient about it.
If you have a "DC" with AD/dns/dhcp/etc on it, sure you can reboot it, it can be down for 10 minutes and maybe nobody would notice. At least not enough to complain. They may not be able to get to a website, or someone turning on their computer might not be able to get on the network (lack of dhcp)... but all in all, yeah I agree that 10 minutes down is no biggy.
But if something happens and you are down for an hour because you need to restore from backup, yes most SMBs would definitely notice and wish they had a second server with DC/DNS/DHCP/etc.
It doesn't require the maintenance everyone is thinking... It's rare that I have to do anything on one DC, let alone another one. I barely ever touch the infrastructure servers in larger medium sized businesses. I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Why do you keep bringing up HA and clustering? I'm not talking or implying anything relating to HA or clustering. I only brought it up in a previous post to say NOT to use it in the OPs usage scenario.
Because a second AD DC is an HA Cluster. That's it's function, it handles the high availability of the Active Directory functionality. That's what we were talking about... the lack of necessary need for AD to be HA.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
That may be true, but....
- We aren't talking about other services, only AD.
- It's applications, not size that determines how an AD outage impacts you.
- Small companies can easily go days without DHCP and can fail over to external DNS in many cases.
- The average SMB can go days without their fileservers more cost effectively than protecting against an outage.
- Those that can't wouldn't have them on the same VM.
No buts, because in all of these cases we can't Not talk about "only" AD. In every single case where a company would only run 1 DC, they are either (a) running DC/DNS/DHCP/Print/etc all "on the DC" or, (b) running multiple physical or virtual servers 1 for DC, 1 for dns, 1 for dhcp, 1 for print, etc.
There are no other cases where an SMB would be running only a single DC by itself for their entire company or AD forest.
That being said, with case (a) they would definitely in fact need a second VM/server, or in case (b) they can consolidate and use a freed up license to run the second DC (infrastructure server) with the other services on it.
In a normal SMB, ALL of those functions can go down and don't need HA. And the one with the biggest impact, DNS, can easily be shunted to a firewall as failover, or to Google, even. Having a second server is a relatively rare need in the SMB market. Downtime is cheap, servers are expensive when companies are small. You need to be both technology dependent and of a relatively large size for the small downtime risk of a single server to be offset by the losses from spending up front to mitigate the risk.
I've worked with a lot of companies, including some very large ones, that have run these numbers and indeed, just don't have enough impact from an outage to justify a second server.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
That's not what I mean. You can't run AD without DNS. So this means the company is running a server with ONLY AD on it, no dns, dhcp, etc. So if AD can go down for "weeks", you simply don't need it. AD being down is not being resilient to downtime. It's simply not using a service you are running.
That's not true, it just gets cached. And in the small business that was in question, they did not use AD for the only DNS and so did not notice that either. You are using several assumptions to get the idea of "not needed." AD can't run without DNS, but DNS will run easily without AD. Just because you only need something once in a while, doesn't mean that you don't need it. Need meaning "it's being used." Technically, no one "needs" AD. There is always an alternative.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
But if something happens and you are down for an hour because you need to restore from backup, yes most SMBs would definitely notice and wish they had a second server with DC/DNS/DHCP/etc.
Notice, yes. "Wish they had a second server?" No, that's where you are looking at the emotional response and not the business one. Everyone "wishes they had a second server" when it is free. But put a price tag on the hour of downtime, and put a price tag on not having had an hour of downtime and see how many "wish that they had paid to not be down" and things change dramatically.
First, for an SMB it is extremely rare that an outage from AD is a complete outage. People can still log in as normal to their own machines, with trivial effort they can still be online, for most that I know they'd still have email just the same, most would not lose phones. They only lose some functionality, how much is different for every company, but it is rarely complete. And few are totally technology dependency. So even if the computers went down totally, most can still be productive while they are getting those things fixed.
None of that says that they don't notice, only that that cost of a short outage is probably small. This is something I do with companies all of the time, make them put things like "we need HA" into actual numbers and let the math and finances make their decisions. Whether it is keeping factory floor workers busy cleaning something or sending everyone home early or shifting lunch hours or changing job tasks.... there are normally ways to keep outage costs very low in an SMB. In some cases, it can actually increase revenue because of getting people a break.
And that cost is a "maybe" that happens "sometime in the future." Buying a second server, buying a license for it, hiring someone to set it up (no one at this size should have their own full time IT) is thousands of dollars that will be lost, for sure, right now. Very easily more money than several outages and working against the time value of money. Two grand spent today is a lot more money than two grand spend four years from now.
It's all about knowing workloads, revenue, mitigation, risk, etc. And when we run these numbers for companies and have financial people use money, rather than emotion, we find that failover systems are almost never worth it financially in the SMB market. But if we just ask people their opinions, a proud CEO will always act like their many millions and hour and can't be down at all.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
It should be "most of the time." Give me some examples and, if they haven't artificially and probably foolishly created fragility that depends on AD itself, I can show that if they can justify HA, how near of a thing it actually is. And it is not about size, it's about how they are dependent on the workload. You can easily have a thousand person company that doesn't need failover.
Second servers are for getting your downtime under six hours. You can very cheaply have a very, very reliable "six hour outage" reliability with just one server and good backups.
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Why do you keep bringing up HA and clustering? I'm not talking or implying anything relating to HA or clustering. I only brought it up in a previous post to say NOT to use it in the OPs usage scenario.
Because a second AD DC is an HA Cluster. That's it's function, it handles the high availability of the Active Directory functionality. That's what we were talking about... the lack of necessary need for AD to be HA.
Both things that @Tim_G is saying to do is HA.
- Second DC = AD HA
- DFS properly replicated = Samba HA
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
I've worked with a lot of companies, including some very large ones, that have run these numbers and indeed, just don't have enough impact from an outage to justify a second server.
He already has a second server with unused licenses. He's already setting things up. To bring up another DC while you are already setting things up is only minutes of work. It can actually be 0 minutes of work if you do it during the time you are "waiting" for things to complete on the other server, instead of watching a progress bar.
I do see your point, though. If I were to consult for some random small business with nothing set up, and they didn't have much at all... lack of equipment, users, resources, etc... then yes, there's just simply no good reason at all to buy double everything JUST to have a 2nd DC. That's so obvious it should go without saying.
I don't walk in to multiple companies every day who need things set up from scratch or rearranged... or go in to different companies decommissioning their 2nd DCs. What's "MOST" or "NORMAL" for you may not be "most" or "normal" for me.
I'm talking about already established SMBs, who have an entire infrastructure set up, already have file servers, application servers, switches, Hypervisors (multiple), etc. I don't know what you call a "normal" SMB, maybe I'm just used to bigger existing establishments. But it's rare (in my location) that I would walk into a place that doesn't already have multiple Hypervisors and licenses. Or at least consolidation opportunities to free up licenses. "Most" SMBs I've come buy are large enough in the relevant aspects that a second DC/infrastructure server are already in place, or that's what they are needing.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
It should be "most of the time." Give me some examples and, if they haven't artificially and probably foolishly created fragility that depends on AD itself, I can show that if they can justify HA, how near of a thing it actually is. And it is not about size, it's about how they are dependent on the workload. You can easily have a thousand person company that doesn't need failover.
Second servers are for getting your downtime under six hours. You can very cheaply have a very, very reliable "six hour outage" reliability with just one server and good backups.
I think you had taken that sentence out of context, and also misunderstood it.
I was referring to the amount of maintenance a 2nd DC vm would require. I'm saying almost none and rarely. I so infrequently have to touch an infrastructure server vm (such as the DC) that I sometimes forget they exist. If I have to add a user to AD, I don't do it on DC1 and then on DC2 doing twice the work. You do it once, via RSAT. Updates can happen automatically during off hours. That's no maintenance requirement either. I don't know why you'd have to spend time on the 2nd DC vm increasing maintenance time.
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
That's not what I mean. You can't run AD without DNS. So this means the company is running a server with ONLY AD on it, no dns, dhcp, etc. So if AD can go down for "weeks", you simply don't need it. AD being down is not being resilient to downtime. It's simply not using a service you are running.
That's not true, it just gets cached. And in the small business that was in question, they did not use AD for the only DNS and so did not notice that either. You are using several assumptions to get the idea of "not needed." AD can't run without DNS, but DNS will run easily without AD. Just because you only need something once in a while, doesn't mean that you don't need it. Need meaning "it's being used." Technically, no one "needs" AD. There is always an alternative.
Personally, every environment that I've run and used an non AD DNS as a secondary have run into local issues. These issues come to play when the PC switches to that secondary DNS server for whatever reason (it will never fail back unless the secondary has a failure or the PC is rebooted). So, you reboot the AD box midday, you basically have to reboot every PC afterwards if you have a secondary DNS that's not also a DNS server for your internal network.
Now, that said - I completely agree with Scott, most SMBs only need one DNS server. If it goes down, then you enable DHCP on the firewall/switch, whatever and have everyone reboot, and you're back online in mins. The cost of purchasing and maintaining a second server is so rarely worth it.
Even MS considers this completely OK - they sold Small Business Server which was meant as a one server solution.
-
@Dashrender said in Hyper V replica VS Veeam B&R Replica.:
The cost of purchasing and maintaining a second server is so rarely worth it.
See! That's the thing, I never implied purchasing a whole server and Windows license and setting up everything having to do with it from scratch... JUST to have a second Active Directory instance.
-
@openit said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@openit said in Hyper V replica VS Veeam B&R Replica.:
You should never run a physical server. I can't tell if you are saying that you are, or just mentioning where your VMs are running.
Yes, we are on Physical Server. I understand how good to be with VMs in the view of Backup and Disaster recovery options.
This is the environment I got here when I joined to this company, and planning for Virtual environment. So prior to implementing, I am learning and researching.....and of course, discussing here
@Tim_G Did I miss the post where the OP said he had multiple servers and licenses? I only see the above one where he claims to have a current server with physical install.