I'm diving into Hyper-V for the first time and I'm trying to better understand how to manage failover cluster domains effectively. I'm eager to implement best practices since this is new territory for us. Any guidance or documentation recommendations would be greatly appreciated! Here are a few specific questions I have:
1) Are you using a separate domain for your Hyper-V cluster?
2) If so, where are your domain controllers located? I've seen setups with them as VMs on the cluster, on the hosts but outside of the cluster, and on separate physical machines.
3) How do you handle Windows updates? We're considering cluster-aware updates, but I'm worried they might conflict with our remote monitoring and management's patch management processes.
5 Answers
You can definitely have your hypervisors in a separate domain, and some people opt for a management network that's isolated (look up 'out of band management'). That said, managing Hyper-V is typically best done with System Center Virtual Machine Manager (SCVMM) since it gives you better oversight. It’s worth keeping that option if security isn’t a major concern for you. Also, Windows Server Manager after adding the Hyper-V role includes a best practice analyzer that can help you fine-tune your setup.
Currently, I’m not using a separate domain. I did consider it while transitioning from VMware. My domain controllers are in the cluster, but best practices suggest keeping a bare-metal DC separate from the cluster. You risk losing access if everything goes down. For updates, I prefer moving VMs for updates instead of relying entirely on cluster-aware processes.
We recently migrated from VMware to Hyper-V. We have a management domain where we keep our Hyper-V servers and related VMs. After patch Tuesday, we typically manually install updates to our VMs and then patch one host at a time in the cluster over the course of a few days. We haven't implemented cluster-aware updates yet, but it’s something we’re looking into.
I've been an admin for quite a while, and while you can create a separate domain, I think it's unnecessary for smaller setups. For my two-node cluster, I have both domain controllers within the cluster, but ideally, they should be on separate bare-metal servers to mitigate risks. Microsoft has improved how cluster management functions, so local admin access is allowed now. As for Windows updates, I wouldn’t rely on RMM tools; stick with CAU for consistency.
In our setup, we have a two-node Hyper-V cluster running on Windows Server 2022. Both of our hosts are domain-joined, and we run two domain controllers as VMs, one on each host, which automatically start with the hosts. I plan to add a third DC outside the cluster for added security. Just a tip: be cautious about your cluster's quorum setup since only having two nodes can lead to connectivity issues that leave you without a tiebreaker.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures