Server 2012 R2 host running all VM servers to support a small IDE
After collating guidance regarding SCEP I've decided to go ahead install SCCM even though I only initially need SCEP. (I figure I'll start a slow learning process to get up to speed on SCCM)
But in the meantime, I need to install it somewhere. I figured wiser heads might advise what to do and what to avoid.
While the following post addressed some other issues, the discussion seemed pretty absolute about not having the host be a DC. So I'm guessing that means it is not advisable to put SCCM on the host either.
Should I still have a physical DC, even post-Server 2012?
So if SCCM is going to be on one of my VM's, is it OK to have it on the VM DC? Or is there some over-riding reason that it should be on it's own VM? Are there startup timing issues, or the like? I have a small system, just the one host, and I don't want to use up licenses too quickly.
Thanks.
Answer
OK. It sounds like you are working with a pretty small environment. You might want to reconsider whether or not SCCM is an appropriately size toolset. Take a look at my answer to Is SCCM overkill for medium-sized organizations? and give it it some thought. You might be happier with Windows InTune or a smaller, less complex, less featureful endpoint management system.
I'm guessing that means it is not advisable to put SCCM on the host either.
Correctomundo! See the below reasoning which I pulled directly from the Windows Server 2012 Hyper-V Best Practices which I recommend you review along with Aidan Finn's Recommended Practices For Hyper-V.
Do not install any other Roles on a host besides the Hyper-V role and
the Remote Desktop Services roles (if VDI will be used on the host).
When the Hyper-V role is installed, the host OS becomes the "Parent Partition" (a quasi-virtual machine), and the Hypervisor
partition is placed between the parent partition and the hardware. As
a result, it is not recommended to install additional (non-Hyper-V
and/or VDI related) roles
You want your Hyper-V Host to be as clean and as simply configured as possible. It is highly recommended to not install other applications or roles onto your Hyper-V host, especially one as complex as ConfigMgr.
is it OK to have [SCCM] on the VM DC?
Nope! SCCM is complex and somewhat fidgety application. In order to install it you will need a whole bunch of prerequisites, not limited too IIS, Reporting Services, MS SQL, and WSUS. For such as small Site you would co-mingled these services and Site Rolls on a single server, your Domain Controller, which also happens to run a complex and somewhat fidgety application. I highly recommend you do not do this.
Take a look at can domain controllers also serve other functions?. It used to be fairly common to deploy a single physical server that had ADDS, DNS, DHCP, File and Print Roles all co-mingled. However, with the prevalence and low cost of virtualization in the Microsoft ecosystem it is becoming more common to deploy your domain controllers in single-purpose virtual machines to avoid problems and isolate them if they occur.
As an aside, note I said "domain controllers". You will want at least two Domain Controllers, one of which is a physical standalone machine if you plan on clustering your Hyper-V hosts. You should always have two domain controllers (see: Risks of having only one domain controller?). Furthermore you should pay particular attention to the caveats of running virtualized domain controllers, especially things like cloning and time synchronization.
I don't want to use up licenses too quickly
Yep. I understand that, but please consider some of the technical limitations and dangers you might find yourself in down the road. A datacenter license of Windows Server looks like mighty affordable if SCCM has exploded your site's only domain controller.
No comments:
Post a Comment