How the brave virtualize DNS, AD and other core IT services

Critical IT infrastructure services -- DNS, DHCP servers -- don't need to live in the physical realm.

If the virtual platform is sufficient to host critical applications, why aren't all infrastructure services virtualized?

Not all IT infrastructure services are created equal. Some services are less critical, like a PXE boot server used occasionally to build new servers. Others are highly critical, like DNS services that locate everything inside and outside the company.

Most IT organizations have already virtualized those less important services, while some of the critical infrastructure services remain on physical hosts. Is it time to virtualize the last of these services? Should they reside alongside existing workloads, or in isolation?

Data centers forgo the benefits of virtualization for critical infrastructure mainly due to how we manage the virtualization platform when something goes wrong. We rely on IT infrastructure services for troubleshooting. If the entire infrastructure lives on the virtual platform, what do we have when the platform is down? Having been in this situation with an enterprise that was not prepared, I can tell you it takes a lot of work to get back in control. With some planning however, it is usually possible to virtualize critical services without risking this lockout.

Things people don’t virtualize

The IT infrastructure services commonly left on physical servers are Active Directory (AD) domain controllers (DCs) -- sometimes multiple DCs. They provide authentication, name resolution (DNS) and usually IP address allocation (DHCP). These are some of the most fundamental network services -- almost everything on your network depends on them.

Active Directory allows a scale-out redundancy model: multiple DCs that share the AD workload and continue to operate in the event that some DCs go down. Make sure the AD role of Global Catalog, as well as the DHCP and DNS server roles, is on multiple VMs before a failure. These services need to be available regardless of whether parts of the platform fail.

Proper planning enables a virtualized DNS, DHCP or AD infrastructure that survives single and even multiple failures and continues to deliver services to applications.

Small IT deployments

An IT shop with fewer than six virtual servers and only one data center location has limited options when virtualizing IT infrastructure services. At this small scale, the organization probably relies on manual efforts of staff members to keep IT infrastructure services up. Smaller organizations may be confident that their staff can overcome any shortcomings of process and automation, but any larger organization will want standardization and automation to handle every eventuality.

Small organizations can place all their infrastructure services on their virtualization platform if the systems engineers have the expertise to restore services if something fails. If relying on staff prowess isn't acceptable, then even a small organization needs to behave like a larger one -- which involves more money.

Single site, management cluster

The next scale up from a small deployment involves only one site that is home to enough virtual servers (VMware ESXi and vSphere virtualization is used in this example) that it is cost effective to build a management cluster. The VMs that deliver applications to end users run in one or more workload virtual clusters. The management cluster is a separate set of ESXi servers that run only the infrastructure VMs.

Courtesy: Alastair Cooke