2009-12-21 06:53 AM
Both of my Domain Controllers are virtualized. Right now I am using SMVI 2.0 to backup my VMs including my Domain Controllers. I am doing the VMWare snapshot on the DCs before doing a Netapp shapshot on the NFS datastore. Will I run into problems using this method? My worry is two fold:
- I will start running into problems these DCs that somehow doing the VMWare snapshot and/or the Netapp snapshot will cause problems
- I will run into problems if I ever have to restore one or both of these DCs from the snapshot
My other choice is to take them out of the entities listed for backup in SMVI and put a backup agent directly on them and back them up that way
Solved! SEE THE SOLUTION
2009-12-22 12:25 AM
I'm sorry to say that you are bound to run into trouble one way or the other with this setup, if you ask me.
First off: I'd never virtualize all my DC's. Always keep one physical to mitigate any problems with your virtual infrastructure.
Second: NEVER, and I mean NEVER use snapshots of any kind to restore a DC! It's not just against Microsofts recommendations, it's also simply a very bad idea. You could get into a world of hurt if you try to restore a DC from a snapshot.
Third: in my experience NetApp snapshots (SMVI) with or without(!) taking a VMware-snapshot works pretty well on all servers. That is, if you want to backup the OS and static data. To backup active (often open) data like databases (such as an AD!), you'll always need some sort of agent, being it SMSQL, SMO or a traditional backup agent. In your case you should definitely use a traditional backup agent.
Hope this helps.
2009-12-22 03:45 AM
Thanks for your insights. I will be pulling my DCs out of the SMVI job and just using a backup agent on them. I backup overnight so if I have to restore a DC it will still have data that is a bit stale. If I only have to restore one, when it comes back online it is my understanding that it will catch up by getting data from the other DC.
The other scenario is some type of big disaster like a fire or flood that takes out my main data closet. I have a disaster recovery site across campus with another instance of VMWare running. My thought was to bring online another DC in this site. If my production site goes offline I still have one DC in my disaster recovery site that is working and up to date. I can then just take the VMs in my disaster recovery site (they are there because of Snapmirror), turn them into read/write copies and bring up the other two DCs along with my other VMs. The two DCs being brought up will have stale data but should get up to date data from my third DC. Does this plan seem sound?
2009-12-22 04:40 AM
I understand your position, bu again: NEVER restore a DC from a snapshot. I had a AD troubleshooting workshop from Microsoft once where the teacher explained in detail what could (and probably will) happen if you do and it's not a pretty sight! It doesn't matter if there are current DC's where the restored DC could get it's information from, because the restored DC will behave differently. Especially stale objects in AD could become ghost object you might never get rid of. You should know that restoring from a snapshot is quite different than restoring from a backup.
Why running that risk? It's far more 'cleaner' and very quick to install a couple of new DC's based on the one still running, when performing a disaster recovery. You could even reserve a few fully installed vm's without dcpromo that you keep turned off, just for that purpose.
2009-12-22 05:33 AM
I did not realize that restoring from a snapshot is that different than restoring from a backup done with a backup agent. It sound like if I have one or even two DCs go south I am better off building new ones and letting the one or two left standing copy records to the new ones. This might even be preferable to trying to restore the downed ones via a restore from a traditional agent based backup. Your thoughts? I know that DCs (my run DNS and DHCP as well) have a lot in common but there are also a few unique roles they play. What I do not know is if my production DCs go south do to a big disaster like a fire, would the third one keeping on providing these services until I could bring up two new ones? This is more of an AD question and not an SMVI question.
2009-12-22 06:44 AM
Indeed this is hardly related to any NetApp technology anymore. :-)
FSMO roles, DHCP services and non-ADintegrated DNS zones do complicate things a bit. However FSMO can be easily seized. DR for DHCP is very dependant on your (network) configuration. DNS zones would preferrably be ADintegrated but if that's not possible/desirable, then it also depends on your specific situation. Personnaly I would make sure I have enough DC/DHCP/DNS services available at my DR site to survive the initial blow of a DR. You can always set up more later. But I would not use a backup of any kind for DR puproses, only to be able to recover objects that are (accidently) deleted/altered from AD, and such. And even for that snapshot-backups are not usable.
Don't get me wrong: I'm a HUGE fan of snapshots in general and NetApp snapshots in particular, but this is the one case I have to make an exception. :-)
2009-12-22 08:11 AM
Thanks for your insight. I will pursue getting another DC setup in my DR site that has the neccesary services so if my main production closet goes offline I can easily switch things to my DR site.