Solved Hyper V replica VS Veeam B&R Replica.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Why do you keep bringing up HA and clustering? I'm not talking or implying anything relating to HA or clustering. I only brought it up in a previous post to say NOT to use it in the OPs usage scenario.
Because a second AD DC is an HA Cluster. That's it's function, it handles the high availability of the Active Directory functionality. That's what we were talking about... the lack of necessary need for AD to be HA.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Keep in mind that places who only would have one DC, would also have their other infrastructure services running on it as well... such as DNS, DHCP, Print, maybe FS.
That may be true, but....
- We aren't talking about other services, only AD.
- It's applications, not size that determines how an AD outage impacts you.
- Small companies can easily go days without DHCP and can fail over to external DNS in many cases.
- The average SMB can go days without their fileservers more cost effectively than protecting against an outage.
- Those that can't wouldn't have them on the same VM.
No buts, because in all of these cases we can't Not talk about "only" AD. In every single case where a company would only run 1 DC, they are either (a) running DC/DNS/DHCP/Print/etc all "on the DC" or, (b) running multiple physical or virtual servers 1 for DC, 1 for dns, 1 for dhcp, 1 for print, etc.
There are no other cases where an SMB would be running only a single DC by itself for their entire company or AD forest.
That being said, with case (a) they would definitely in fact need a second VM/server, or in case (b) they can consolidate and use a freed up license to run the second DC (infrastructure server) with the other services on it.
In a normal SMB, ALL of those functions can go down and don't need HA. And the one with the biggest impact, DNS, can easily be shunted to a firewall as failover, or to Google, even. Having a second server is a relatively rare need in the SMB market. Downtime is cheap, servers are expensive when companies are small. You need to be both technology dependent and of a relatively large size for the small downtime risk of a single server to be offset by the losses from spending up front to mitigate the risk.
I've worked with a lot of companies, including some very large ones, that have run these numbers and indeed, just don't have enough impact from an outage to justify a second server.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
That's not what I mean. You can't run AD without DNS. So this means the company is running a server with ONLY AD on it, no dns, dhcp, etc. So if AD can go down for "weeks", you simply don't need it. AD being down is not being resilient to downtime. It's simply not using a service you are running.
That's not true, it just gets cached. And in the small business that was in question, they did not use AD for the only DNS and so did not notice that either. You are using several assumptions to get the idea of "not needed." AD can't run without DNS, but DNS will run easily without AD. Just because you only need something once in a while, doesn't mean that you don't need it. Need meaning "it's being used." Technically, no one "needs" AD. There is always an alternative.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
But if something happens and you are down for an hour because you need to restore from backup, yes most SMBs would definitely notice and wish they had a second server with DC/DNS/DHCP/etc.
Notice, yes. "Wish they had a second server?" No, that's where you are looking at the emotional response and not the business one. Everyone "wishes they had a second server" when it is free. But put a price tag on the hour of downtime, and put a price tag on not having had an hour of downtime and see how many "wish that they had paid to not be down" and things change dramatically.
First, for an SMB it is extremely rare that an outage from AD is a complete outage. People can still log in as normal to their own machines, with trivial effort they can still be online, for most that I know they'd still have email just the same, most would not lose phones. They only lose some functionality, how much is different for every company, but it is rarely complete. And few are totally technology dependency. So even if the computers went down totally, most can still be productive while they are getting those things fixed.
None of that says that they don't notice, only that that cost of a short outage is probably small. This is something I do with companies all of the time, make them put things like "we need HA" into actual numbers and let the math and finances make their decisions. Whether it is keeping factory floor workers busy cleaning something or sending everyone home early or shifting lunch hours or changing job tasks.... there are normally ways to keep outage costs very low in an SMB. In some cases, it can actually increase revenue because of getting people a break.
And that cost is a "maybe" that happens "sometime in the future." Buying a second server, buying a license for it, hiring someone to set it up (no one at this size should have their own full time IT) is thousands of dollars that will be lost, for sure, right now. Very easily more money than several outages and working against the time value of money. Two grand spent today is a lot more money than two grand spend four years from now.
It's all about knowing workloads, revenue, mitigation, risk, etc. And when we run these numbers for companies and have financial people use money, rather than emotion, we find that failover systems are almost never worth it financially in the SMB market. But if we just ask people their opinions, a proud CEO will always act like their many millions and hour and can't be down at all.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
It should be "most of the time." Give me some examples and, if they haven't artificially and probably foolishly created fragility that depends on AD itself, I can show that if they can justify HA, how near of a thing it actually is. And it is not about size, it's about how they are dependent on the workload. You can easily have a thousand person company that doesn't need failover.
Second servers are for getting your downtime under six hours. You can very cheaply have a very, very reliable "six hour outage" reliability with just one server and good backups.
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
Why do you keep bringing up HA and clustering? I'm not talking or implying anything relating to HA or clustering. I only brought it up in a previous post to say NOT to use it in the OPs usage scenario.
Because a second AD DC is an HA Cluster. That's it's function, it handles the high availability of the Active Directory functionality. That's what we were talking about... the lack of necessary need for AD to be HA.
Both things that @Tim_G is saying to do is HA.
- Second DC = AD HA
- DFS properly replicated = Samba HA
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
I've worked with a lot of companies, including some very large ones, that have run these numbers and indeed, just don't have enough impact from an outage to justify a second server.
He already has a second server with unused licenses. He's already setting things up. To bring up another DC while you are already setting things up is only minutes of work. It can actually be 0 minutes of work if you do it during the time you are "waiting" for things to complete on the other server, instead of watching a progress bar.
I do see your point, though. If I were to consult for some random small business with nothing set up, and they didn't have much at all... lack of equipment, users, resources, etc... then yes, there's just simply no good reason at all to buy double everything JUST to have a 2nd DC. That's so obvious it should go without saying.
I don't walk in to multiple companies every day who need things set up from scratch or rearranged... or go in to different companies decommissioning their 2nd DCs. What's "MOST" or "NORMAL" for you may not be "most" or "normal" for me.
I'm talking about already established SMBs, who have an entire infrastructure set up, already have file servers, application servers, switches, Hypervisors (multiple), etc. I don't know what you call a "normal" SMB, maybe I'm just used to bigger existing establishments. But it's rare (in my location) that I would walk into a place that doesn't already have multiple Hypervisors and licenses. Or at least consolidation opportunities to free up licenses. "Most" SMBs I've come buy are large enough in the relevant aspects that a second DC/infrastructure server are already in place, or that's what they are needing.
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I can't imagine how infrequent it would be in a small enough shot where someone would consider a single DC.
It should be "most of the time." Give me some examples and, if they haven't artificially and probably foolishly created fragility that depends on AD itself, I can show that if they can justify HA, how near of a thing it actually is. And it is not about size, it's about how they are dependent on the workload. You can easily have a thousand person company that doesn't need failover.
Second servers are for getting your downtime under six hours. You can very cheaply have a very, very reliable "six hour outage" reliability with just one server and good backups.
I think you had taken that sentence out of context, and also misunderstood it.
I was referring to the amount of maintenance a 2nd DC vm would require. I'm saying almost none and rarely. I so infrequently have to touch an infrastructure server vm (such as the DC) that I sometimes forget they exist. If I have to add a user to AD, I don't do it on DC1 and then on DC2 doing twice the work. You do it once, via RSAT. Updates can happen automatically during off hours. That's no maintenance requirement either. I don't know why you'd have to spend time on the 2nd DC vm increasing maintenance time.
-
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
That's not what I mean. You can't run AD without DNS. So this means the company is running a server with ONLY AD on it, no dns, dhcp, etc. So if AD can go down for "weeks", you simply don't need it. AD being down is not being resilient to downtime. It's simply not using a service you are running.
That's not true, it just gets cached. And in the small business that was in question, they did not use AD for the only DNS and so did not notice that either. You are using several assumptions to get the idea of "not needed." AD can't run without DNS, but DNS will run easily without AD. Just because you only need something once in a while, doesn't mean that you don't need it. Need meaning "it's being used." Technically, no one "needs" AD. There is always an alternative.
Personally, every environment that I've run and used an non AD DNS as a secondary have run into local issues. These issues come to play when the PC switches to that secondary DNS server for whatever reason (it will never fail back unless the secondary has a failure or the PC is rebooted). So, you reboot the AD box midday, you basically have to reboot every PC afterwards if you have a secondary DNS that's not also a DNS server for your internal network.
Now, that said - I completely agree with Scott, most SMBs only need one DNS server. If it goes down, then you enable DHCP on the firewall/switch, whatever and have everyone reboot, and you're back online in mins. The cost of purchasing and maintaining a second server is so rarely worth it.
Even MS considers this completely OK - they sold Small Business Server which was meant as a one server solution.
-
@Dashrender said in Hyper V replica VS Veeam B&R Replica.:
The cost of purchasing and maintaining a second server is so rarely worth it.
See! That's the thing, I never implied purchasing a whole server and Windows license and setting up everything having to do with it from scratch... JUST to have a second Active Directory instance.
-
@openit said in Hyper V replica VS Veeam B&R Replica.:
@scottalanmiller said in Hyper V replica VS Veeam B&R Replica.:
@openit said in Hyper V replica VS Veeam B&R Replica.:
You should never run a physical server. I can't tell if you are saying that you are, or just mentioning where your VMs are running.
Yes, we are on Physical Server. I understand how good to be with VMs in the view of Backup and Disaster recovery options.
This is the environment I got here when I joined to this company, and planning for Virtual environment. So prior to implementing, I am learning and researching.....and of course, discussing here
@Tim_G Did I miss the post where the OP said he had multiple servers and licenses? I only see the above one where he claims to have a current server with physical install.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@Dashrender said in Hyper V replica VS Veeam B&R Replica.:
The cost of purchasing and maintaining a second server is so rarely worth it.
See! That's the thing, I never implied purchasing a whole server and Windows license and setting up everything having to do with it from scratch... JUST to have a second Active Directory instance.
Yes you have.
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
First, you don't want to replicate DC's. Have two DC's, both virtualized, on different physical servers, non-replicated.
-
@Tim_G The OP specifically stated they have a single Physical server doing AD + file shares.
There is not currently anything else, but he was looking at a second server for redundancy. Some gave various other opinions, I gave my opinion.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@Dashrender said in Hyper V replica VS Veeam B&R Replica.:
The cost of purchasing and maintaining a second server is so rarely worth it.
See! That's the thing, I never implied purchasing a whole server and Windows license and setting up everything having to do with it from scratch... JUST to have a second Active Directory instance.
Perhaps not (I'd have to re-read the whole thread, tl;dwra), but you're clearly on the side that says if the option allows, definitely have two DCs. And most of use are saying that that's crazy.
You mention your customers - I wonder, do you not think any of your customers will ever get to the point where the power in a single server will hold their entire company?
I have 90 users, I only need one server and a few VMs. My situation should be
VM host
.....AD (DNS, DHCP)
.....File server
.....backup server
.....WSUS (if I even really need this anymore - my bandwidth is high enough I probably don't)I don't need a second server for failover of my fileserver.
-
@openit said in Hyper V replica VS Veeam B&R Replica.:
This is my future plan to setup Windows Server Redundancy ( DC+File Server).
Go back and decide if you need redundancy from a business point of view.
-
@JaredBusch said in Hyper V replica VS Veeam B&R Replica.:
@openit said in Hyper V replica VS Veeam B&R Replica.:
This is my future plan to setup Windows Server Redundancy ( DC+File Server).
Go back and decide if you need redundancy from a business point of view.
Exactly - as mentioned - a good backup might be all that you need. Though you should image your current server and install a hypervisor under it.
-
@JaredBusch said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G The OP specifically stated they have a single Physical server doing AD + file shares.
There is not currently anything else, but he was looking at a second server for redundancy. Some gave various other opinions, I gave my opinion.
I just went back and re-read everything. I feel like an idiot now. Yes you are right there's only one physical server running Windows that is doing AD and file services.
But in my defense, all that talk of replication, HA, clustering, failover, Veeam replica, Starwind, vSAN, etc... I was under the impression that we were talking about an already established environment and infrastructure with existing multiple hypervisors. Because my line of thought was why all that, for just a single server running one instance of Windows, unless there's already an existing establishment that makes talk of all that worth it.
Honestly, with his current "single server setup"... there's no way I would recommend going out and buying more servers and Windows licenses just to set up another DC. That's just crazy.
-
I get most of my experience from SMBs with multi-sites over slow WANs... sometimes fast WANs, but still not fast enough to be considered the same site. Most of my cases are instances consisting of servers at each site, or an RODC if it's small enough and without necessary security. I couldn't make due with only one DC in almost all of my "normal SMB" experiences.
Though, I can imagine a small shop of only one hypervisor that hosts everything it needs, and can get by without multiple DCs. In that case backups couldn't be any more valuable. If I walked in to a place like that, I would definitely never suggest purchasing a second hypervisor to make AD "HA".
I think I was going down a different path than everyone else.
I also believe that it comes down to the needs of the business and other factors. I just hate seeing things like "ALL" or "MOST SMBs"... blanket statements and the like. Because if I see that, then that means you or whoever is referring to all or most of my cases, too. And if it isn't true for me, I think it needs to be corrected.
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
@JaredBusch said in Hyper V replica VS Veeam B&R Replica.:
@Tim_G The OP specifically stated they have a single Physical server doing AD + file shares.
There is not currently anything else, but he was looking at a second server for redundancy. Some gave various other opinions, I gave my opinion.
I just went back and re-read everything. I feel like an idiot now. Yes you are right there's only one physical server running Windows that is doing AD and file services.
But in my defense, all that talk of replication, HA, clustering, failover, Veeam replica, Starwind, vSAN, etc... I was under the impression that we were talking about an already established environment and infrastructure with existing multiple hypervisors. Because my line of thought was why all that, for just a single server running one instance of Windows, unless there's already an existing establishment that makes talk of all that worth it.
Honestly, with his current "single server setup"... there's no way I would recommend going out and buying more servers and Windows licenses just to set up another DC. That's just crazy.
Gotcha, that makes more sense then
-
@Tim_G said in Hyper V replica VS Veeam B&R Replica.:
I get most of my experience from SMBs with multi-sites over slow WANs... sometimes fast WANs, but still not fast enough to be considered the same site. Most of my cases are instances consisting of servers at each site, or an RODC if it's small enough and without necessary security. I couldn't make due with only one DC in almost all of my "normal SMB" experiences.
Before we killed off AD, we spent a long time doing single server AD over WAN. AD was hosted on Azure (bad idea, but only because it was Azure) and it worked great.
-
I had 4 external locations, now only 2 with VPN links between them. The main office was on a 10/10 internet connection. We only had one AD DC at the main office, had no need for a DC at the remote branches.
Printing was all kept local at the branch, no print server, just direct IP Printing. There was very little need for files from the main site, so this worked well for 8 years.
I can definitely understand needing a local server if you had a lot of local file usage, but AD shouldn't have been needed to be provided onsite.
