Saturday, September 3, 2011

Clustering using Domain controllers as Nodes! NO!


OK so I was approached by a client that wants total redundancy throughout his environment. I design a network to his request having duplicate systems clustered together. He likes the design and says let start piecing out the parts we need and start to replace some servers. He then asks his onsite developer for his opinion of the design.
Let’s call this guy Joe says why are we having two file servers clustered together and separate servers? I have always seen the domain controller act as the file / profile storage servers. I respond well if we want a fully redundant environment we must run clustering on a file server. Yes Microsoft says it is possible but that does not mean that is the correct way of doing this.
So over a couple more emails about other features of this server environment he gets back on his kick of have the domain controllers act as the cluster nodes for a file share. At this point I am ready to drop the project tell him to have his buddy that obviously knows more than me build his environment for him. As I refuse to build a crap network that I have to support.
Now I want to but since this is my job I wait to respond to him so I can find all of the resources to prove my point without any doubt. This is way I am writing this blog as finding this information is not a one stop shop. Here is where Microsoft states it is possible to run a domain controller as a node in a cluster.

Microsoft’s main reason behind recommending that a domain controller is a node in the cluster is so that the cluster is guaranteed to start every time. There is no chance of failure with not being able to contact a domain controller.
Why Microsoft would you even think that is funny. Now you make all of those unknowing IT gurus think this is the proper way to build a cluster. Without even doing further research as many of them will find one KB say yes this can be done. Lacking all common logic behind having a domain controller as a cluster node they will attempt this. Why can’t Microsoft make this easy on us all and disable clustering on a domain controller. Not only do you make a mess of a situation that has the potential of data loss but also make the lives of techies that know this is wrong much more difficult. Since we will be the ones who have to go behind these so called gurus and clean up their mess. Some things just don’t belong on a domain controller.

http://www.computer-network.net/server-redundancy
In this next article Microsoft recommends against having clustering service and domain controller services running on the same server.
This is located about half way down the page next to the second bullet point. If this is the case why would Microsoft even let these two services run on the same system? They are the developers and I understand that they want to keep everything open to multiple environments but if you need clustering services. Then you should be able to afford multiple systems to implement this kind of design.

I could continue going on about this but bottom line just because it is possible to run clustering services on a domain controller does not mean it is a best practice. The main point of clustering is so that those resources are up and available regardless if a server fails. Having these services running on a domain controller is just bad practice and can open additional vulnerabilities to system failures. Not only that but he goes against the idea behind having a high availability environment.

Here is a good link to a site that has additional information on why Domain controllers should not be Cluster nodes. Cluster Help