Only 5 left in stock - order soon. Show [{"displayPrice":"$1,659.00","priceAmount":1659.00,"currencySymbol":"$","integerValue":"1,659","decimalSeparator":".","fractionalValue":"00","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"XwMBU1yq4gyuKswGS%2BXRVqjPuzWxnPX5UpXolRT2cVz40oxIcto5X6DCFeVWTdb4syNvMkbD1b6LCA%2B2SBgjYAw4%2F6qGSRe1PXcuEIyskRv6OjcGE7buUPUlR0WLAhwaL9y5JjnhNlKXo2SdGnafS9GsK2jiXDjrHchy%2BWhylLZXvPnEUom%2Bb5lFsHSqi66R","locale":"en-US","buyingOptionType":"NEW"}] $$1,659.00 () Includes selected options. Includes initial monthly payment and selected options. Details Initial payment breakdown Shipping cost, delivery date, and order total (including tax) shown at checkout. Enhancements you chose aren't available for this seller. Details To add the following enhancements to your purchase, choose a different seller. %cardName% ${cardName} not available for the seller you chose ${cardName} unavailable for quantities greater than ${maxQuantity}. Your transaction is secure We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more In the first part of this series, we discussed why we want to virtualize Domain Controllers. The first question people ask is:
Specifically, for VMware vSphere, this is a good question, because there are a couple of areas of attention, beyond the recommended practices from Microsoft: Microsoft recommended practicesFor sizing Domain Controllers, Microsoft recommends to:
Areas of AttentionCPUA good rule of thumb for the number of virtual Central Processing Units (vCPUs) for is to size virtual Domain Controllers with 1 vCPU, when the environment has 10,000 users, or less. When the environment has more than 10,000 users, add another vCPU to the Domain Controllers. When in doubt, start with 2 vCPUs in virtual Domain Controllers and add vCPUs as needed. The Domain Controller holding the Primary Domain Controller emulator (PDCe) Flexible Single Master Operations (FSMO) role will be the most burdened Domain Controller of all. It performs these additional tasks, when compared to all the other Domain Controllers in the Active Directory domain:
In VMware vSphere-based VMs with more than one vCPU, make sure to look at the Networking section below to avoid the unavailability of receive-side scaling. RAMIf you want highly-performing Domain Controllers, provide them with a sufficient amount of Random Access Memory (RAM) to be able to cache the Active Directory database (ntds.dit). A good metric to monitor is the Database/Database Cache %Hit counter for the LSASS process on Domain Controllers. A low hit rate indicates that the Domain Controller would benefit from more RAM. StorageMicrosoft recommends to use a 40GB system volume (C:\) to store the Windows Operating System. However, Active Directory requires additional storage. You may or may not place these files on the system volume, depending on your view on dynamic files. Independent of this choice, you need to take into account the following storage needs for a Domain Controller:
For a typical organization of 100,000 persons, this would lead to 5GB of additional storage requirements. Of course, when such an organization would decide to store user photos in Active Directory, storage requirements could potentially triple. NetworkingIdeally, configure virtual Domain Controllers with one virtual Network Interface Card (vNIC). Use VMXNET3 for best performance. Additionally, upgrade the VMware Tools of existing virtual machines to version 10.2.5. The Windows Receive Side Scaling (RSS) feature is not functional on virtual machines running VMware Tools versions 9.10.0 up to 10.1.5. On virtual Domain Controllers with multiple vNICs, under heavy network load, this may cause a situation where CPU0 is overloaded, as depicted in the below screenshot: Since VMXNET3 driver version 1.7.3.8 (as part of VMware Tools 10.2.5), this driver version enables Receive-side Scaling (RSS) and Receive Throttle settings, by default – but only for new VMware Tools installations on new virtual machines. If you upgrade an existing VMware Tools install, these settings will remain as is. On existing virtual Domain Controllers, make sure to enable Receive Side Scaling (RSS) and set the Receive Throttle to 30, using the following line of Windows PowerShell on virtual Domain Controllers running VMware Tools 10.2.5, or up: Enable-NetAdapterrss –Name "*" Agents and add-onsOn top of the above requirements for the Active Directory role, make sure you provide sufficient resources for the typical agents and add-ons your organization would typically install on Domain Controllers, like antimalware, backup, restore, monitoring, auditing, bad password blocking and SIEM solutions. In practiceBecause of this last area of attention, we see organizations typically deploy virtual Domain Controllers with 1 vCPU, 4GB RAM, a 60GB system volume and 1 vNIC. These dimension are a far cry from the other sizing we often encounter in organization where, according to the design all hardware factors are blades and a physical Domain Controller was deemed necessary. The typical dimension of these Domain Controller blades depend on the phase in the project where its importance was understood. The largest Domain Controller we’ve come across was a blade with 2 CPUs, 24 cores, 512GB RAM and 2 300GB hard disks in RAID1. ConcludingSizing is often the first hurdle to cross when virtualizing Domain Controllers. Join me for the next parts were we drill deeper into the integrity, confidentiality and availability of Domain Controllers. Just out of curiosity, what was the largest physical Domain Controller you’ve ever come across in production? What components are needed for a domain controller?This includes the operating system (usually Windows Server or Linux), an LDAP service (Red Hat Directory Server, etc.), a network time service (ntpd, chrony, etc.), and a computer network authentication protocol (usually Kerberos).
How many cpus should a domain controller have?A good rule of thumb for the number of virtual Central Processing Units (vCPUs) for is to size virtual Domain Controllers with 1 vCPU, when the environment has 10,000 users, or less. When the environment has more than 10,000 users, add another vCPU to the Domain Controllers.
What are the hardware requirements for Active Directory?System requirements. What type of operating system is required for a domain controller?A Windows Domain Controller runs on Windows Server. It is a feature that the server can have installed/enabled. A list of the available features will scroll by. One of them is "Active Directory Domain Services".
|