Wednesday, 10 June 2009

P2V of domain controller

Summary: Cold clone P2V of domain controllers works just fine.


We had to migrate two root domain controllers the other day at work. I knew that domain controllers in particular can give you trouble when being converted / migrated, so I researched it a bit and found a useful article on yellow-bricks.com which linked to a very good VMware KB article . This KB recommends that in stead of migrating, then deploy a fresh VM and do a 'dcpromo' and then shut down the physical server after. I like this way as it moves the responsibility away from the VMware team and over to the application responsible.

However, we did not have enough time to do the recommended solution, so we whent for P2V. We did cold clone because hot migration is likely to go wrong and it is not supported by Microsoft.


There were FSMO roles on the DC's, so before we began, we had the AD guy move all the roles over to one of the servers. Then we took the other one down and P2V'ed it. We resized the disks to save SAN space which was not a problem. When it came back up, the AD guy tested and then moved FSMO roles over to the migrated DC. And then we migrated the other one. After both had been migrated, the AD guy tested again.


If your responisbility area does not cover the application layer, which it does not for me in this case, then arrange for an application responisble to test the app before it is released into production. It may sound banal, but it is sometimes overlooked when the pace is fast and only basic OS testing is done.


Time synchronization


There are several ways of setting up time synchronization. One important point is that there should be only one source for synchronization for all the DC's. There's a feature in VMware tools, where you can synchronize the VM against the ESX - this we did not use. We let Windows take care of the synchronisation. If you have a mixed environment of DCs (bare metal and virtual), then you can let a bare metal DC sync to an external source, and then let all the other DC's sync to the bare metal DC.


We had the PDC emulator sync with a dedicated physical NTP server, and then let the second DC sync with the PDC emulator. The ESX servers sync with the physical NTP server - but no synchronization between VM and ESX server. Read this article for further info on time sync.

Update: In a KB article (KB 888794) from Microsoft about considerations when hosting DC's in a virtual environment, there is one important paragraph about forced unit access (FUA) which has resulted in some confusion. The paragraph states:

"If the virtual hosting environment software correctly supports a SCSI emulation mode that supports forced unit access (FUA), unbuffered writes that Active Directory performs in this environment are passed to the host operating system. If forced unit access is not supported, you must disable the write cache on all volumes of the guest operating system that host the Active Directory database, the logs, and the checkpoint file. "

According to VMware, forced unit access (FUA) is supported on VMware. Here's the answer from VMware technical support:

-----Original Message-----
From: VMware Technical Support [mailto:webform@vmware.com]
Sent: 24. februar 2010 11:25
To: (Jakob Fabritius Nørregaard)
Subject: Re: VMware Support Request SR# 1490632591
** Please do not change the subject line of this email if you wish to
respond. **
Hello Jakob,
Forced Unit Access is supported by VMware. A large number of customer's have virtualized Domain Controllers which is evident in the community forums.
Thanks & Best Regards
Derek Collins
Technical Support Engineer
VMware Global Support Services
1-877-486-9273
VMware Technical Support Knowledge Base
http://kb.vmware.com/kb"

Monday, 1 June 2009

Best Windows Freeware/Shareware Download Sites

Outstanding Sites
 
SoftPedia A large commercial site with an excellent collection organized by platform. It features site and user star ratings for products and user comments. The search engine doesn't display any  ratings and this limits its use when selecting. The real selling point for this site is its "100% clean" guarantee.  For many that is a winning feature.
 
SnapFiles / WebAttack  Offers a huge collection, great organization and a refreshingly clean presentation. Products are briefly reviewed and carry site ratings, user rating and user comments. Excellent.
 
FileHippo  A clean site with a wide product selection and fast download rates but offering almost no guidance in selection.  A redeeming feature is they offer a full version history of most products.
 
MajorGeeks This site carries only tech tools and utilities. Guidance is limited to brief reviews and user ratings.  However, if you are looking for  tech tools this is THE place to go. One of my favorites. 
 
FileForum-Betanews  Not the largest download collection, but if you're looking for the very latest products you'll find them here long before other download sites.
 
Recommended Sites
 
ZDNet and CNet Downloads These two sites are just different faces of the same site. That site, however, offers the biggest collection of software on the web. Finding what you want is made easier by the have the best file search engine of all the download sites. There are also user star ratings for most products and site star ratings for some. The user comments are handy but beware, they are sometimes stacked with comments made by the product developers pretending to be mere users.  The downside to these sites is they now require you to install their proprietry downloader. It is not only an unnecessary step it an intrusion into your privacy.
 
Tucows  Huge collection with world-wide mirrors for fast downloading. The Classic "cow ratings" for products are not as realiable as they used to be. I can't help but feel that this once class-leading site has lost its way a little in recent times.
 
ServerFiles.com  This is the old 32bit.com site re-launched as a site specializing in server software for network administrators and IT professionals. Quite a few products have ratings, some with full reviews.  It's a unique offering and well worth visting if you fit the target market.
 
No-Nags  This was once the best freeware-download site on the web but they haven't really kept up with the competition.  There is a free service and a more helpful premium service. The shareware side is slowly being added and is not particularly  impressive.
 
topshareware.com  A good general interest download site that's competent. There are few rating or user reviews but it's nicely organized.
 
Other Sites

5 Star Shareware  This popular UK site claims to feature only the best products in each category. It cerainly started out that way but over time has drifted towards more of a general purpose download site.  The strong commercial orientation does not give me a lot of confidence
Shareware Junkies  Every product here is independently reviewed, though many of the reviews are becoming dated. Can be helpful when you are trying to decide what you need.
 
Allen's WinApps List  A fast and well organized site with a huge selection of software, but the search engine is woeful and there is little in the way of guidance as well.
 
WinPlanet The aging remnant of the once excellent Stroud's CWS Apps site, it's now part of the Internet.com mega-site. It's still a useful site with many product ratings and some reviews. Overall, though, it is but a pale shadow of its former self. 
Next previous home