OK so I was approached by a client that wants total redundancy
throughout his environment. I design a network to his request having duplicate
systems clustered together. He likes the design and says let start piecing out
the parts we need and start to replace some servers. He then asks his onsite
developer for his opinion of the design.
Let’s call this guy Joe says why are we having two file
servers clustered together and separate servers? I have always seen the domain
controller act as the file / profile storage servers. I respond well if we want
a fully redundant environment we must run clustering on a file server. Yes
Microsoft says it is possible but that does not mean that is the correct way of
doing this.
So over a couple more emails about other features of this
server environment he gets back on his kick of have the domain controllers act
as the cluster nodes for a file share. At this point I am ready to drop the
project tell him to have his buddy that obviously knows more than me build his environment
for him. As I refuse to build a crap network that I have to support.
Now I want to but since this is my job I wait to respond to
him so I can find all of the resources to prove my point without any doubt.
This is way I am writing this blog as finding this information is not a one
stop shop. Here is where Microsoft states it is possible to run a domain
controller as a node in a cluster.
Microsoft’s main reason behind recommending that a domain
controller is a node in the cluster is so that the cluster is guaranteed to
start every time. There is no chance of failure with not being able to contact
a domain controller.
Why Microsoft would you even think that is funny. Now you
make all of those unknowing IT gurus think this is the proper way to build a
cluster. Without even doing further research as many of them will find one KB
say yes this can be done. Lacking all common logic behind having a domain
controller as a cluster node they will attempt this. Why can’t Microsoft make
this easy on us all and disable clustering on a domain controller. Not only do
you make a mess of a situation that has the potential of data loss but also
make the lives of techies that know this is wrong much more difficult. Since we
will be the ones who have to go behind these so called gurus and clean up their
mess. Some things just don’t belong on a domain controller.
http://www.computer-network.net/server-redundancy |
This is located about half way down the page next to the
second bullet point. If this is the case why would Microsoft even let these two
services run on the same system? They are the developers and I understand that
they want to keep everything open to multiple environments but if you need
clustering services. Then you should be able to afford multiple systems to
implement this kind of design.
I could continue going on about this but bottom line just
because it is possible to run clustering services on a domain controller does
not mean it is a best practice. The main point of clustering is so that those
resources are up and available regardless if a server fails. Having these
services running on a domain controller is just bad practice and can open
additional vulnerabilities to system failures. Not only that but he goes
against the idea behind having a high availability environment.
Here is a good link to a site that has additional
information on why Domain controllers should not be Cluster nodes. Cluster Help