I was working on a customer design recently for Hyper-V Replica. The customer was going to have their own dedicated DR site, using Hyper-V Replica for DR replication. It looks something like this:
All production VMs would run in the primary site on a WS2012 Hyper-V cluster. Hyper-V Replica would replicate VMs to the DR site, and remain in the cold offline state until the business continuity plan (BCP) was invoked in response to a disaster. Test failovers could be conducted (this uses copies of the replica VMs). All good so far!
The DCs in the primary site would run WS2012. Using VMGeneration-ID and cluster bootstrapping, those DCs can be virtualised. This bootstrapping works for both the primary and secondary site clusters. Excellent! Less hardware is required. That VMGeneration-ID feature also means we can consider replicating virtual WS2012 DCs using Hyper-V Replica to the secondary site.
What happens if we have a disaster and for some reason the primary site virtual DCs refuse to come online after being failed over to the DR site? I know, it’s a longshot. But so is the disaster that could shut down the primary site. If this happens then there goes your business because all of your on-premises services are tied to that domain.
When it comes to AD, I am very cautious. I like having it available and online. And AD replication is pretty solid.
Run a virtual DC in the public cloud? Sure, you could. There’s a cost to that. But, if there is a disaster, and like with 9/11, the Internet becomes swamped, good luck at authenticating and authorizing against a DC across a VPN link. If that happens, your BCP fails.
What about running a DC in the DR site? Yes, a virtual DC could be installed in the secondary site and left to replicate via normal means via a VPN across the DR link. That will do the trick … if you’re ultra-cautious like myself.
The problem I’m countering with this design option is a very low risk. I’m being very conservative and keeping my options open, e.g. if I ran a mid/large environment again, I’d run virtual DCs and back them up as VMs (VMGeneration-ID), use an agent in a single DC to get a system state backup, and use Windows Server Backup to also get a system state backup. In my mind, you can’t have enough options for restoring an AD. It’s like triple-insuring yourself, but at least I would have contingency plans when Murphy comes calling and the brown stuff hits the fan.