1
00:00:08,630 --> 00:00:14,810
Virtualization provides many benefits, such as hardware independence, efficient use of resources and

2
00:00:14,810 --> 00:00:17,150
scalability in private cloud scenarios.

3
00:00:18,020 --> 00:00:23,420
It also provides flexibility when you move virtual machines across virtualization infrastructures.

4
00:00:24,260 --> 00:00:30,350
In the past, when administrators virtualized domain controllers, they had to be familiar with ads

5
00:00:30,590 --> 00:00:37,610
specific requirements so that they could avoid adding risk to the ads infrastructure when using virtual

6
00:00:37,610 --> 00:00:38,810
domain controllers.

7
00:00:38,810 --> 00:00:43,670
Consider the following best practices Avoid single points of failure.

8
00:00:44,540 --> 00:00:49,850
Ensure that you have at least two virtualized domain controllers per domain on different virtualisation

9
00:00:49,850 --> 00:00:55,700
hosts, which reduces the risk of losing all domain controllers if a single virtualisation host fails.

10
00:00:56,570 --> 00:01:00,950
Also, diversify the hardware, storage networks and storage systems.

11
00:01:01,820 --> 00:01:07,100
Ensure that you maintain domain controllers in different data centers or regions to reduce the impact

12
00:01:07,100 --> 00:01:07,910
of disasters.

13
00:01:08,810 --> 00:01:10,280
Verify time services.

14
00:01:11,180 --> 00:01:17,120
Ensure that all computers, including the hypervisor host and domain controller guests, are participating

15
00:01:17,120 --> 00:01:17,870
in the same time.

16
00:01:17,870 --> 00:01:18,410
Services.

17
00:01:18,410 --> 00:01:19,250
Infrastructure.

18
00:01:20,120 --> 00:01:23,960
Also ensure that the time on the host and on the guests does not differ.

19
00:01:24,860 --> 00:01:32,090
Use virtualization technology that allows for virtual machine generation identifiers only virtualization

20
00:01:32,090 --> 00:01:37,730
infrastructures that support the new virtual machine generation identifiers also support the safeguards

21
00:01:37,730 --> 00:01:39,890
and cloning of virtual domain controllers.

22
00:01:40,790 --> 00:01:47,990
Use Windows Server 2012 or later as the guest operating system for virtual domain controllers only.

23
00:01:47,990 --> 00:01:54,230
These versions support the safeguards for virtual domain controllers, avoid or disable checkpoints.

24
00:01:55,100 --> 00:02:00,470
If the virtualization host or the guest operating systems of the domain controllers do not support the

25
00:02:00,470 --> 00:02:05,810
safeguards for virtualizing domain controllers, disable the possibility of creating checkpoints.

26
00:02:06,710 --> 00:02:10,610
You can do this by using a pass through disk instead of a virtual hard disk.

27
00:02:10,610 --> 00:02:16,550
For example, when there is support for the safeguards, use a virtual hard disk to support cloning

28
00:02:16,550 --> 00:02:18,110
but avoid using checkpoints.

29
00:02:19,040 --> 00:02:24,410
Strive to improve security by ensuring that the virtualization administrators are as trusted as your

30
00:02:24,410 --> 00:02:25,280
domain admins.

31
00:02:26,150 --> 00:02:28,190
Consider taking advantage of cloning.

32
00:02:29,030 --> 00:02:31,940
Cloning can be a deployment or a recovery strategy.

33
00:02:32,810 --> 00:02:39,020
It helps to provide a fast and simple way to create many domain controllers in a short time clone in

34
00:02:39,020 --> 00:02:40,670
batches of ten at a maximum.

35
00:02:41,480 --> 00:02:46,550
Do not start more than ten new clones at the same time because the file replication used to persist,

36
00:02:46,550 --> 00:02:49,790
will allows only ten replication connections at the same time.

37
00:02:50,570 --> 00:02:56,210
Consider using virtualization technologies that allow you to move virtual machines across site boundaries.

38
00:02:57,110 --> 00:03:00,530
This can be beneficial in your deployment and recovery strategies.

39
00:03:01,430 --> 00:03:07,310
For example, you can create ten clones in a central location and then move them to remote offices during

40
00:03:07,310 --> 00:03:08,210
off peak hours.

41
00:03:09,080 --> 00:03:12,710
Adjust your naming strategy to allow for domain controller clones.

42
00:03:13,630 --> 00:03:19,060
For example, allow Clone Domain controllers to retain the first eight characters of the source domain

43
00:03:19,060 --> 00:03:22,000
controller name and then attach cloning and end.