1 00:00:07,000 --> 00:00:14,740 Asia provides infrastructure as a service which essentially is virtualization in the cloud. 2 00:00:14,740 --> 00:00:22,090 All the considerations for virtualization applications and servers in an on premises infrastructure 3 00:00:22,450 --> 00:00:32,020 apply to deploying the same applications and servers in Asia I'm deploying 80 days on Asia I guess you 4 00:00:32,020 --> 00:00:36,240 are installing the domain controller on a virtual machine. 5 00:00:36,380 --> 00:00:44,980 So all the rules that are applied to virtualize and domain controller apply to deploying ADT s in Asia. 6 00:00:45,100 --> 00:00:51,450 You can install 80 days on Asia virtual machines to support a variety of scenarios. 7 00:00:51,460 --> 00:00:53,610 Let's list these scenarios. 8 00:00:53,680 --> 00:00:59,770 The first scenario is disaster recovery in a scenario in which you're on premises. 9 00:00:59,770 --> 00:01:05,590 Domain Controllers are destroyed or are otherwise unavailable. 10 00:01:05,590 --> 00:01:12,040 Asia based which really chill machines that are running as a replica domain controllers will have a 11 00:01:12,040 --> 00:01:15,450 complete copy of your edit is data base. 12 00:01:15,460 --> 00:01:23,260 This can help speed recovery and as a low cost alternative for organizations that do not have a physical 13 00:01:23,260 --> 00:01:25,240 disaster recovery site. 14 00:01:25,300 --> 00:01:33,400 The next scenario is due or distributed domain controllers if your organization is highly decentralized 15 00:01:33,790 --> 00:01:41,950 Asia based virtual machines that are running as a replica domain controllers can provide lower latency 16 00:01:41,950 --> 00:01:49,060 connections for improved authentication performance you can achieve this by running domain controllers 17 00:01:49,060 --> 00:01:58,210 in different Asia regions that correspond to the locations where it is not cost effective for your organization 18 00:01:58,480 --> 00:02:06,960 to deploy physical infrastructure and others to mirror is user authentication for isolated applications. 19 00:02:07,120 --> 00:02:15,490 If you need to deploy an application with an aide it is dependency but that application does not require 20 00:02:15,520 --> 00:02:20,980 connectivity with the organizational aided devious environment. 21 00:02:20,980 --> 00:02:29,020 You could deploy a separate forest on Asia with ritual machines also on premises member servers and 22 00:02:29,020 --> 00:02:33,570 clans can communicate with Asia based domain controllers. 23 00:02:33,580 --> 00:02:40,640 These domains controllers should never be the only domain controllers in a hybrid environment. 24 00:02:40,690 --> 00:02:49,510 Lots of connectivity between an on premises environment and Asia prevents authentication and other domain 25 00:02:49,900 --> 00:02:51,040 functions. 26 00:02:51,070 --> 00:03:00,010 If you are not also running a tedious services in your on premises environment when you implement it 27 00:03:00,010 --> 00:03:01,270 it is in Asia. 28 00:03:01,270 --> 00:03:02,680 Consider the following. 29 00:03:03,010 --> 00:03:08,140 You should consider network topology to meet 80 days is requirements. 30 00:03:08,140 --> 00:03:14,850 You must create an Asia virtual network and attach your virtual machines to it. 31 00:03:14,920 --> 00:03:20,710 If you intend to join an existing on premises 8 it is infrastructure. 32 00:03:20,710 --> 00:03:26,890 You can opt to extend network connectivity to your on premises environment. 33 00:03:26,950 --> 00:03:35,140 You can achieve this through a standard virtual private network connection or an Asia express route 34 00:03:35,410 --> 00:03:36,390 circuit. 35 00:03:36,550 --> 00:03:43,210 Depending on the speed or reliability and security that your organization requires. 36 00:03:43,210 --> 00:03:51,760 Please note that an express road circuit is a method of connecting and on premises infrastructure to 37 00:03:51,790 --> 00:04:00,760 Microsoft cloud services through a dedicated connectivity provider that does not use the public internet. 38 00:04:00,760 --> 00:04:06,170 Another consideration is site topology as well as a physical side. 39 00:04:06,220 --> 00:04:14,960 You should define and configure and edit the site that corresponds to the IP address space of your Asia 40 00:04:14,980 --> 00:04:16,160 virtual network. 41 00:04:16,570 --> 00:04:25,420 Because the use of an easier virtual network in cures additional gateways costs for all outbound traffic 42 00:04:25,420 --> 00:04:34,870 to your on premises environment you should carefully plan your ADT at sites and site links to minimize 43 00:04:34,870 --> 00:04:41,390 cost because ADT a site link transit Tivoli is enabled by default. 44 00:04:41,410 --> 00:04:50,660 You should consider disabling the option to breach all site links if you have more than two sides. 45 00:04:50,710 --> 00:05:00,040 If you leave site link by region enabled it it is assumed that all sides in your deployment have direct 46 00:05:00,040 --> 00:05:08,360 connectivity with one another which might result in your Asia ADT a site having multiple replication 47 00:05:08,360 --> 00:05:17,430 partners ensure that you do not enable change notification on site links that contain your Asia aided 48 00:05:17,420 --> 00:05:18,590 in site. 49 00:05:18,590 --> 00:05:27,330 This is because this will override any replication into walls that are configured on the site link resulting 50 00:05:27,350 --> 00:05:31,650 in frequent and often unnecessary replication. 51 00:05:31,700 --> 00:05:39,650 If a writer will copy of ADT s is not necessary you should consider deploying a read only domain controller 52 00:05:39,920 --> 00:05:46,550 to further limit the amount of outbound traffic that aided the application creates. 53 00:05:46,610 --> 00:05:55,690 We'll talk about sites a DDA sites and site links and replication in more detail in later lessons. 54 00:05:55,970 --> 00:06:03,600 But now to another consideration when planning interacting with Asia it is service healing. 55 00:06:03,770 --> 00:06:09,010 Also Asia does not provide rollback services directly to customers. 56 00:06:09,140 --> 00:06:16,770 Asia servers might roll back as regular part of maintenance when recovering from a service failure. 57 00:06:16,790 --> 00:06:25,640 Domain Controller replication depends on the update sequence number or USN run on aided system rolls 58 00:06:25,640 --> 00:06:26,240 back. 59 00:06:26,360 --> 00:06:31,360 Duplicate us can be created to prevent this. 60 00:06:31,430 --> 00:06:42,500 Windows Server 2012 ADT has introduced a new identifier named the AMD generation I.D. VM generation 61 00:06:42,500 --> 00:06:51,350 80 can detect a rollback and prevent a ritualized domain controller from replicating changes outbound 62 00:06:51,710 --> 00:06:59,120 until the virtualize 80 days has converged with the other domain controllers in the domain. 63 00:06:59,120 --> 00:07:06,020 Please know that Asia virtual machines that are run in the domain controller role should always be shut 64 00:07:06,020 --> 00:07:12,420 down through the guest operating system and never through the Asia portal. 65 00:07:12,530 --> 00:07:16,940 Initialize and a shutdown through the Asia portal. 66 00:07:17,060 --> 00:07:25,640 D allocates the virtual machine causing the result of the VM generation I.D. identifier and we have 67 00:07:25,640 --> 00:07:35,000 three more considerations IP address and all lazier virtual machines to receive DCP addresses by default. 68 00:07:35,000 --> 00:07:42,070 But you can configure with static addresses through Asia power shell that will persist across restarts 69 00:07:42,410 --> 00:07:51,560 or shutdowns and service heal in Asia virtual machines that are to host a domain controller role a DNS 70 00:07:51,560 --> 00:07:58,410 rule or both should have the initial dynamic IP address configured as static. 71 00:07:58,490 --> 00:08:08,030 By using the set Asia is static in our IP command land so that that IP never deal kids is a virtual 72 00:08:08,030 --> 00:08:09,900 machine shot down. 73 00:08:09,950 --> 00:08:17,810 You must first provision provision the easy or virtual network before your provision the H or Asia based 74 00:08:17,810 --> 00:08:19,290 domain controllers. 75 00:08:19,280 --> 00:08:21,920 Another consideration is DNS. 76 00:08:21,920 --> 00:08:31,700 Asia was built in DNS does not meet the requirement of ADT as such as dynamic DNS and service resource 77 00:08:31,700 --> 00:08:39,710 records or other as a real records before you can extend your on premises aided its environment to an 78 00:08:39,800 --> 00:08:48,350 Asia where actual machine you must provision and configure the Asia ritual network to an on parameters 79 00:08:48,350 --> 00:08:49,790 DNS server. 80 00:08:49,790 --> 00:08:52,490 And the last consideration is disks. 81 00:08:52,640 --> 00:09:00,740 Asia virtual machines use read write host cache and for operating system virtual hard disk. 82 00:09:00,770 --> 00:09:08,990 Although this can improve virtual machine performance if it s components are installed on the operating 83 00:09:08,990 --> 00:09:13,340 system disk data loss is possible in the end. 84 00:09:13,340 --> 00:09:16,520 In the event of a disk failure. 85 00:09:16,520 --> 00:09:24,230 Please remember that cache and can be turned off in additional Asia disk that are attached to a virtual 86 00:09:24,230 --> 00:09:25,110 machine. 87 00:09:25,160 --> 00:09:32,900 When you install active directory in Asia you should put the entity has the deed file and since file 88 00:09:32,900 --> 00:09:42,740 folders on an additional data disk on the Asia virtual machine with the host cache reference set and 89 00:09:42,740 --> 00:09:45,040 configure to mom. 90 00:09:45,050 --> 00:09:54,410 However keep in mind that Asia of data disks are constrained to a maximum size of one terabyte.