VMware Cloud Community
Rick360
Contributor
Contributor
‎12-09-2008 07:09 AM

Looking for suggestions re: Domain Controller's in a lab env't.

First, I'm not using VM Lab mgr, but I do have a ESX 3.5 lab environment that I inherited with several private networks used for testing.

In each lab environment, we have an AD env't based on when the DC was converted from our production network (so any AD data is stale at this time).

How do you suggest I kepp the AD environments updated, in order to keep them from getting too stale?

All our production dc's are physical.

I'd be happy to provide any information I may have neglected.

0 Kudos
4 Replies
Texiwill
Leadership
Leadership
‎12-09-2008 07:36 AM

Hello,

You could place a firewall between the private test networks and the production network and allow AD within the test networks to be updated through that firewall. The firewall could also be used to gain RDP/VNC access to the VMs within the 'test network' but not allow anything else going out or in. That would be the approach I would consider.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
softnum
Contributor
Contributor
‎12-09-2008 08:29 AM

I take it from your question that the DCs that are in teh test environment are P2V copies of production Domain Controllers.

As above, I would create a new DC in each test lab. Then I would use AD Sites to create a new site in each lab, then setup bridgeheads and site replication between the test site and the production site. This way you can control replication.

If you're using the same IPs you'llneed ot use some sort of NAT between the sites to enable this traffic.

Above would be the best suggestion, but if you want to continue the P2V route, I think VMware converter enterprise allows you to scehdule a P2V, so you could have them updated every week. You would still need a network between them.

0 Kudos
Rick360
Contributor
Contributor
‎12-09-2008 08:43 AM

Edward,

Thanks for the advice.

By firewall, are you talking about the ESX host firewall, or another type?

Thanks again,

Tony

0 Kudos
Texiwill
Leadership
Leadership
‎12-09-2008 09:09 AM

Hello,

By firewall, are you talking about the ESX host firewall, or another type?

Another type. Remember the SC firewall does not participate in the vNetwork for the VMs. I setup private labs all the time and use a Smoothwall firewall appliance. Also check out http://www.itworld.com/virtualization/54596/allowing-vmware-esx-private-virtual-networks-migrate to allow your private networks to participate in VMotion.

BTW, welcome to the forums! Remember to award points using the helpful and correct buttons.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos