I was working on a customer design recently for Hyper-V Replica. The customer was going to have their own dedicated DR site, using Hyper-V Replica for DR replication. It looks something like this:
All production VMs would run in the primary site on a WS2012 Hyper-V cluster. Hyper-V Replica would replicate VMs to the DR site, and remain in the cold offline state until the business continuity plan (BCP) was invoked in response to a disaster. Test failovers could be conducted (this uses copies of the replica VMs). All good so far!
The DCs in the primary site would run WS2012. Using VMGeneration-ID and cluster bootstrapping, those DCs can be virtualised. This bootstrapping works for both the primary and secondary site clusters. Excellent! Less hardware is required. That VMGeneration-ID feature also means we can consider replicating virtual WS2012 DCs using Hyper-V Replica to the secondary site.
What happens if we have a disaster and for some reason the primary site virtual DCs refuse to come online after being failed over to the DR site? I know, it’s a longshot. But so is the disaster that could shut down the primary site. If this happens then there goes your business because all of your on-premises services are tied to that domain.
When it comes to AD, I am very cautious. I like having it available and online. And AD replication is pretty solid.
Run a virtual DC in the public cloud? Sure, you could. There’s a cost to that. But, if there is a disaster, and like with 9/11, the Internet becomes swamped, good luck at authenticating and authorizing against a DC across a VPN link. If that happens, your BCP fails.
What about running a DC in the DR site? Yes, a virtual DC could be installed in the secondary site and left to replicate via normal means via a VPN across the DR link. That will do the trick … if you’re ultra-cautious like myself.
The problem I’m countering with this design option is a very low risk. I’m being very conservative and keeping my options open, e.g. if I ran a mid/large environment again, I’d run virtual DCs and back them up as VMs (VMGeneration-ID), use an agent in a single DC to get a system state backup, and use Windows Server Backup to also get a system state backup. In my mind, you can’t have enough options for restoring an AD. It’s like triple-insuring yourself, but at least I would have contingency plans when Murphy comes calling and the brown stuff hits the fan.
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.