Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
Posts: 1
Liked: never
Joined: Feb 12, 2019 10:51 pm

Planning for failure of domain controller

Post by broadslice »

This probably has a simply solution but here's where I am:
  • 3-node Hyper-V 2016 cluster. These are connected to the domain listed in the next item.
  • Server 2016 Essentials is installed on a VM hosted on this cluster (Essentials doesn't allow for a second domain controller.)
  • Veeam B&R running on a separate i7 machine that is not connected to the domain.
  • Another Hyper-V server exists, currently not connected to the domain, that I'd like to use for Surebackup.
  • The Hyper-V cluster is using a NAS for shared storage.
  • I have a separate NAS I'm using as a target for Veeam backups, but I'd like to use this as a place to failover to should the main storage server go down. At least until I can get the main server back up.
The problem I'm running into is with regard to the various failure modes I might face.
  • Hyper-V Server failure is handled - I had an SSD fail on one and the system had restarted the VM on another host before I'd had a chance to respond which was great.
  • The B&R machine can fail, but I can restore from backup without too much failure.
  • But what about a back-end failure? I'd love to configure replica either on Hyper-V or Veeam B&R so that should the first storage array go down VMs automatically failover to a replica housed on the secondary array, but failover in both cases appears to be a manual process.
  • Which means if the domain controller is down, I can't authenticate against the Hyper-V cluster (or Veeam can't), which increases complexity and MTTR.
  • I'd consider paying another Microsoft tax to have a second domain controller VM running (unused) with its storage on the backup array, but Server essentials only allows one domain controller per domain.
So what's the best way to plan for failure that includes the domain controller going down due to back-end server failure? After typing this I'm thinking installing Hyper-V on the machine running B&R might make the most sense - I can log into the B&R machine, initiate the failover (or just a recovery) onto the local Hyper-V instance, then authenticate against that when I recover everything else.

Am I missing something, or is this the cleanest way to go here?

Veeam Software
Posts: 606
Liked: 131 times
Joined: Nov 30, 2010 3:19 pm
Full Name: Rick Vanover
Location: Columbus, Ohio USA

Re: Planning for failure of domain controller

Post by Rick.Vanover »

Welcome Broadslice!

I usually see people have multiple domain controllers for this situation but see the bottleneck here with Essentials.

We generally see item level recovery much, much more frequently than whole system recovery from a backup or a replica due to the nature of Active Directory.

I somewhat feel a replica with a rather tight interval may be part of the solution to the local Hyper-V instance you mention, as a situation where the other DC is totally not available.

Mike Resseler
Product Manager
Posts: 6119
Liked: 711 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium

Re: Planning for failure of domain controller

Post by Mike Resseler »

To add on Rick's response...

What is your SLA? I would actually go for your specific proposal. Install the Hyper-V role on the B&R server (even on a windows 10 professional if needed) and use that to do either instant VM recovery or instant Hyper-V recovery when it is needed. Once your backend is back up and running, you can either finalize the restore (instant VM recovery) or migrate.

If you don't have that time (although it will be rather quick) I would suggest for a replica, but doing that on a B&R server might not be the best idea...

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests