When You Think That You Need a Physical Server...


  • Service Provider

    Stop. That's the answer. If you get the feeling that you need a physical server it is time to stop and think about what chain of logic (or emotions) is bringing you to this thought, because something has gone wrong. There really are no reasonable cases where you are going to have cause for even entertaining, let alone selecting, a physical install today.

    There are extreme edge cases, like the worlds top 1% of low latency trading applications, where physical is warranted, but these are rare and you would never be in a situation of wondering what should be done when that comes up. Don't fall into the trap of thinking that you are special and that all IT knowledge does not apply to you, keep your servers physical.

    There are loads of misconceptions around virtualization that might be at fault from thinking that there is a direct association with consolidation, that virtualization requires special licensing or other costs, that a SAN or other external storage device is needed, that virtualization has significant overhead, that your application is special and can't be virtualized, that just because you don't know why virtualization is important that it isn't for you or that you are not big enough (or small enough) to use virtualization. The list of misconceptions could go on all day. I've even seen people believe that login timeouts or other factors so unrelated to virtualization that they could never be anticipated being believed to be reasons to deploy physically.

    These things are all myths and ones that are generally shot down in classes, forums, sessions and publications every day, yet remain persistent. Dealing with individual myths is difficult, if not impossible, as you can see some myths are simply unreasonable to anticipate. What is better is to understand that physical deployments are simply not reasonable and should not be considered. When you get that feeling... stop. If you are so uncertain that you feel that you need explanation reach out and ask for peer review to help you understand why virtualization makes sense or, more importantly, why not virtualizing is a bad idea. But if you lack peer review or your peers cannot figure out the reason, do not accept that as justification for going physical. Dig deeper until you have the reason, because going physical is simply not a reasonable solution at the end of the day.



  • @scottalanmiller said in When You Think That You Need a Physical Server...:

    Don't fall into the trap of thinking that you are special and that all IT knowledge does not apply to you, keep your servers physical.

    I agree, but this is still a "funny" way to explain that virtualizing or cloud hosted are the only rational options.



  • the only reason I had not to virtualize were Asterisk servers using PRI/BRI/POTS cards. It was problem and not supported while ago (I do not know if something changed lately), when those lines where still in majority comparing to SIP. However, thanks God, it is SIP world now :)


  • Service Provider

    @triple9 said in When You Think That You Need a Physical Server...:

    the only reason I had not to virtualize were Asterisk servers using PRI/BRI/POTS cards.

    I do a lot of SIP stuff and the normal answer there is that even if you have physical PBXs, you don't want line cards like that in the PBX, you want a separate gateway unit that does only that task and turns everything into VoIP anyway. So even back when we had POTS lines, circa 2004, we were able to have virtual PBXs because we abstracted the POTS lines earlier in the infrastructure.



  • I was secretly hoping all that would be in the body of your post was "think again." :)


  • Service Provider

    @NetworkNerd said in When You Think That You Need a Physical Server...:

    I was secretly hoping all that would be in the body of your post was "think again." :)

    I thought about it.



  • Our compute nodes are still physical but everything else is virtualized.



  • @scottalanmiller said in When You Think That You Need a Physical Server...:

    @triple9 said in When You Think That You Need a Physical Server...:

    the only reason I had not to virtualize were Asterisk servers using PRI/BRI/POTS cards.

    I do a lot of SIP stuff and the normal answer there is that even if you have physical PBXs, you don't want line cards like that in the PBX, you want a separate gateway unit that does only that task and turns everything into VoIP anyway. So even back when we had POTS lines, circa 2004, we were able to have virtual PBXs because we abstracted the POTS lines earlier in the infrastructure.

    I just saw an ad that said "Want to virtualize your phone system? Now you can." I'm pretty sure we were able to do just that before now. It was interesting nonetheless.



  • I'm thinking about the setup in our office. We have two servers: one that's a hyper-v hypervisor that's hosting several VMs, one of which is a domain controller; one that's a server by name / desktop by hardware that's also a domain controller and is the server for our accounting software.

    On my list of things to eventually get done is to spin up another VM that would be a server for our accounting software. I know there is a best practice that discourages an environment with only one domain controller. Is it worth keeping the old box as a second domain controller, or having two domain controllers as VMs?

    It seems to make sense to keep one on its own physical server as if the hyper-v host goes down, there's still a functional box serving as a failover domain controller. On the other hand, since all of the other services would be on VMs on said host, what good is having a functional domain controller when there are no other services available to use?



  • @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?



  • @EddieJennings said in When You Think That You Need a Physical Server...:

    Is it worth keeping the old box as a second domain controller, or having two domain controllers as VMs?

    I think there is a thread here that you should always virtualize. Domain controllers use little to no resources so having dedicated hardware to the lightest of loads makes little to no sense.



  • @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.



  • @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Right. On the other hand how usable is the old box? Could it be a VM host?


  • Service Provider

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Who cares what some paper from the company selling you the licensing says.

    What does your company need?

    I have never used two domain controllers in the SMB space. Even before virtualization at my clients.

    It is simply not something needed.



  • @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Right. On the other hand how usable is the old box? Could it be a VM host?

    Possibly. It's a 7 year old machine with a Intel Q8400 processor, 8 GB (max) RAM, and Intel FakeRAID. It was purchased when I was still a band director.



  • @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Right. On the other hand how usable is the old box? Could it be a VM host?

    Possibly. It's a 7 year old machine with a Intel Q8400 processor, 8 GB (max) RAM, and Intel FakeRAID. It was purchased when I was still a band director.

    Haha. Nope.



  • @JaredBusch Oh the things I've learned, realized, and finally thought through during my first 3 years in IT.



  • @coliver But, but. It still powers on, and "runs like a charm." :P



  • @JaredBusch said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Who cares what some paper from the company selling you the licensing says.

    What does your company need?

    I have never used two domain controllers in the SMB space. Even before virtualization at my clients.

    It is simply not something needed.

    You don't think the downtime justified the cost for a SMB I'm assuming and load balancing isn't a concern



  • @wirestyle22 said in When You Think That You Need a Physical Server...:

    @JaredBusch said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Who cares what some paper from the company selling you the licensing says.

    What does your company need?

    I have never used two domain controllers in the SMB space. Even before virtualization at my clients.

    It is simply not something needed.

    You don't think the downtime justified the cost for a SMB I'm assuming and load balancing isn't a concern

    Rarely is downtime worth the cost of mitigating it in an SMB environment. They often don't actually understand what the true cost of downtime is and exaggerate it more often then not. If you're getting enough requests that you're hitting a performance threshold on the domain controller then you may be out of the SMB space.



  • @coliver said in When You Think That You Need a Physical Server...:

    @wirestyle22 said in When You Think That You Need a Physical Server...:

    @JaredBusch said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Who cares what some paper from the company selling you the licensing says.

    What does your company need?

    I have never used two domain controllers in the SMB space. Even before virtualization at my clients.

    It is simply not something needed.

    You don't think the downtime justified the cost for a SMB I'm assuming and load balancing isn't a concern

    Rarely is downtime worth the cost of mitigating it in an SMB environment. They often don't actually understand what the true cost of downtime is and exaggerate it more often then not. If you're getting enough requests that you're hitting a performance threshold on the domain controller then you may be out of the SMB space.

    If you're getting enough requests that you're hitting a performance threshold on the domain controller then you are out of the SMB space.



  • @travisdh1 @coliver Right. Makes sense to me.


  • Service Provider

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    At best that is a "standard pattern", it is not even exactly a rule of thumb and absolutely not a "best practice."

    The best practice that would apply here is to "evaluate the risk/cost/reward for a second DC vs. AD downtime" to determine what value there is in a second DC.


  • Service Provider

    @EddieJennings said in When You Think That You Need a Physical Server...:

    It seems to make sense to keep one on its own physical server as if the hyper-v host goes down...

    Thats the point of the article here... if you feel that way, step back because somewhere there is confusion. There definitely should never be a physical DC.


  • Service Provider

    @EddieJennings said in When You Think That You Need a Physical Server...:

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    Yes, they sell those, so they recommend buying more of them :)


  • Service Provider

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Right. On the other hand how usable is the old box? Could it be a VM host?

    Possibly. It's a 7 year old machine with a Intel Q8400 processor, 8 GB (max) RAM, and Intel FakeRAID. It was purchased when I was still a band director.

    That definitely can be. That's like double the necessary memory for this, but nice to have that much obviously. That it is FakeRAID actually is a point towards the importance of virtualizing as that will provide a path to fixing that.



  • @scottalanmiller said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    It seems to make sense to keep one on its own physical server as if the hyper-v host goes down...

    Thats the point of the article here... if you feel that way, step back because somewhere there is confusion. There definitely should never be a physical DC.

    Yep. Such articles give still-learning folks like me some clarity and confirmation about things we've considered. Since joining Mangolassi, my eyes have been opened to many things -- inside and outside the scope of this article.


  • Service Provider

    @travisdh1 said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @wirestyle22 said in When You Think That You Need a Physical Server...:

    @JaredBusch said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Who cares what some paper from the company selling you the licensing says.

    What does your company need?

    I have never used two domain controllers in the SMB space. Even before virtualization at my clients.

    It is simply not something needed.

    You don't think the downtime justified the cost for a SMB I'm assuming and load balancing isn't a concern

    Rarely is downtime worth the cost of mitigating it in an SMB environment. They often don't actually understand what the true cost of downtime is and exaggerate it more often then not. If you're getting enough requests that you're hitting a performance threshold on the domain controller then you may be out of the SMB space.

    If you're getting enough requests that you're hitting a performance threshold on the domain controller then you are out of the SMB space.

    Way out :) That would be hugemongous. And you can scale up a lot before you scale out. Add SSDs, add RAM... one DC can do a LOT.


  • Service Provider

    @coliver said in When You Think That You Need a Physical Server...:

    @wirestyle22 said in When You Think That You Need a Physical Server...:

    @JaredBusch said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    @coliver said in When You Think That You Need a Physical Server...:

    @EddieJennings said in When You Think That You Need a Physical Server...:

    I know there is a best practice that discourages an environment with only one domain controller.

    Why? Do you really need two domain controllers? How many authentications are you doing? How much downtime can you afford? Would it be better to have a single domain controller on a VM that you can backup and restore in a few minutes versus having two running at all times?

    Why = because a document from Microsoft said so and at the time when I made our domain I didn't know any better :).

    What you're asking me is what I'm asking myself, which moves me to the conclusion that when it's time to make the VM for the accounting software, the old box should just go away. Especially since my tiny number of users would be able to log into their workstations with cached credentials until I can get the domain controller VM functioning again.

    Who cares what some paper from the company selling you the licensing says.

    What does your company need?

    I have never used two domain controllers in the SMB space. Even before virtualization at my clients.

    It is simply not something needed.

    You don't think the downtime justified the cost for a SMB I'm assuming and load balancing isn't a concern

    Rarely is downtime worth the cost of mitigating it in an SMB environment. They often don't actually understand what the true cost of downtime is and exaggerate it more often then not. If you're getting enough requests that you're hitting a performance threshold on the domain controller then you may be out of the SMB space.

    And authentication often has a near zero impact for short durations. A DC down could easily go 30 minutes and literally have no one notice.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.