Continuing on with my series of beginning system administration questions currently this is what I have to work with:
Dual processor 3 GHz Xeon 64-bit single core, 4 GB RAM server
- Domain Controller
- DNS Server
- File Server
- IIS - ASP.NET
- SQL Server and Reporting Services
- Internally accessible only
Single processor dual-core 3 GHz Xeon 64-bit, 1 GB RAM server
- VPN
- Team Foundation Server
- Externally Accessible (hence why VPN)
As my role is truly software development with system administration being a sub-role, as I was adding these services I really started to realize how cramped the primary server was becoming. Especially when I found out that Team Foundation Server won't even allow itself to be installed on a Domain Controller.
At this point I really started to look into Hyper-V and virtualization. However, I'm not really sure which way would be the best to allocate the machines if I go down the virutalization route. Should I upgrade the RAM on both servers and virtualize everything?
If I go that route does it become that much of an issue for cold starts for the Domain Controllers to be virtual?
If I make one of the virtual machines handle VPN as well, does that increase the security risk to the domain since the machine would house other virtual machines also? Along this question also, what is deemed acceptable to have installed for a network on an externally facing server?
Finally what level of separation becomes more overhead than beneficial? Would it be worthwhile to have each main server role in its own VM?
Yes
Add the domain controller role to the host Hyper-V machine. This will let you authenticate even if the VM Domain Controller is down.
Nope, but if you're paranoid add an additional NIC and dedicate that to the VPN VM. Each VM is just like a regular machine. Each NIC becomes a switch uplink port.
Generally speaking as little as possible. I'm not sure what details you are looking for here. I'd definitely make the VPN server a seperate VM. The rest of the roles/servers you want to run you can divide up as you like. The more granular you are in the roles the greater flexibility you have to divide up resources, the downside is that there is more overhead than if roles/servers were combined.
Neither of those servers look terribly powerful. In your place I would (actually I did!) look for a Poweredge 2950 or 2900 on eBay and build it up as a Hyper-V server. Make sure you get one with at least a years dell warranty on it; the warranty is transferable and you can check it on the Dell web site using the server tag number.
I wouldn't put Hyper-V on the DC. I would keep the DC and file server separate. The extra NICs needed for Hyper-V tend to cause problems on the DC because they get into the DNS database.
The real benefit of Hyper-V is management. You can use it to separate roles so for example an update to TFS that requires a rebot doesn't affect Exchange/File services/etc. It also makes server backup easy and considerably reduces the stress of service packing.
JR
Re Chris' question about synthetic NICs:
The term "synthetic" just means a virtualised device, though it's a particular type of virtualisation. See http://technet.microsoft.com/en-us/magazine/cc895595.aspx for lots on info. Search for the section headed "Device-Sharing Architecture".
Hyper-V uses a technique called para-virtualisation. There's lots of argument about to what extent it really is para-virtualised, but the point of para-virtualisation is that the device virtualisation is done by a layer that lies under even the host OS. That means the host OS can see and use the virtual devices. As long as you don't bind any of the host NICs to a virtual network they just look like normal NICs to the host. But when you bind a NIC to a virtual network it gets replaced by a synthetic (i.e. virtual) NIC even for the host.
Incidentally, this is why MS recommend you always leave one real NIC not bound to a virtual network, because performance of that unvirtualised NIC will be better than a synthetic NIC.
So it's an underappreciated aspect of Hyper-V that even the host is in effect a virtual machine.