Hey everyone! I'm a student working on a real-world infrastructure project at my company that involves setting up Active Directory (AD) and Remote Desktop Services (RDS) using VMware ESXi 6.7 with Windows Server 2016. My aim is to centralize all user work on a single RDS virtual machine (VM2), where RDP sessions, user data, applications, GPOs, and permissions can be managed efficiently. I've already created AD users and groups, joined VM2 to the domain, enabled RDS in grace period mode, and set up some basic GPOs like restrictions and auto user folders.
Now, I'm looking for advice on several areas: the best practices for such a deployment, how to properly allocate resources for both VM1 (AD + GPO) and VM2 (RDS), backup strategies (like whether to use an external disk, another VM, or the cloud), important GPOs to apply, a clean method for launching RDP at logon, and what the steps are if I lose vCenter credentials. Any insights, tips, or personal experiences would be greatly appreciated! Thanks in advance!
3 Answers
Many concerns here! First off, doing everything on one machine isn't ideal because it can really stress its resources, especially with RDP sessions. I'd prioritize setting up two domain controllers (DCs) instead of relying on one. For the backup strategy, local NAS for primary storage and cloud for offsite sounds good. Just look into reliable software like Veeam for backups as well. Also, be cautious about your GPOs; some are critical for security and user management. Good luck!
I'd actually advise against continuing with this setup. ESXi 6.7 is unsupported and could lead to security issues. Also, centralizing everything on one VM creates a big single point of failure (SPoF). Instead, consider moving to Hyper-V and creating a cluster with at least three machines for better reliability. If you're looking to scale storage, look into S2D compatible hardware or Starwinds vSAN. For backups, using a Veeam appliance along with a local NAS and a cloud provider for offsite backups could work well. Just keep in mind, this might be a bit too advanced if you're still learning the ropes!
Honestly, I think you might be in over your head with this project. There are a lot of architectural concerns to tackle. Before moving forward, make sure you thoroughly understand the implications of running outdated versions like ESXi 6.7—it could expose your infrastructure to vulnerabilities. Simplifying your architecture with distinct roles for each server would go a long way toward stabilizing your environment.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures