ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Spinning Up an ADDC VM "in the Cloud" - Best Practices, Tips, Tricks, Advice on Logistics, Providers, Etc?

    Scheduled Pinned Locked Moved IT Discussion
    pertinovpnsdnactive directoryazure
    24 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrx7mW
      wrx7m
      last edited by

      I just got Pertino approved not 5 minutes ago, so I would be using that. 🙂

      DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
      • DashrenderD
        Dashrender @wrx7m
        last edited by

        @wrx7m said:

        I just got Pertino approved not 5 minutes ago, so I would be using that. 🙂

        Be aware that Pertino is designed to be installed on every device in your network.. .not just the two servers.

        If you don't install it everywhere, you could end up having DNS issues.

        wrx7mW 1 Reply Last reply Reply Quote 1
        • wrx7mW
          wrx7m @Dashrender
          last edited by wrx7m

          @Dashrender Thanks, I went enterprise with the gateway. 🙂 And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.

          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @wrx7m
            last edited by

            @wrx7m said:

            @Dashrender Thanks, I went enterprise with the gateway. 🙂 And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.

            No clue - I've never looked at the gateway appliance - I heard it cost an arm and a leg, and a car too - though I've never actually seen the price.

            wrx7mW 1 Reply Last reply Reply Quote 0
            • wrx7mW
              wrx7m @Dashrender
              last edited by wrx7m

              @Dashrender It is expensive. Much more than I thought, actually. You have to get the Enterprise 100 or better for the gateway option. I have been dealing with their team off and on for over a year and provided feedback on trial usage and that is when they told me that they were implementing smartzones and the gateway. I had been waiting and did a redesign of my network and now I am finally ready to use it. Even though the sales guy has gone to another company, Todd Krautkremer (active on SW) put me in touch with another sales guy and after getting floored and disappointed by the initial price they worked with me some more and gave me an incredible deal. Technically, I am going to still trial the gateway et al, but it would have to have some serious problems for me to pass it up.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                Wow - sounds like you have a lot of time invested - so I have to ask.. why look at keeping the traditional LAN at all?

                Why not move to the LANless design? If you can move all of your desktops to Windows 10 or Linux you can use Azure AD or another central authentication service.

                1 Reply Last reply Reply Quote 1
                • wrx7mW
                  wrx7m
                  last edited by

                  Trialing Pertino was one of those things where it made me recognize that the network/systems I had inherited from a succession of admins that didn't have the knowledge, budget or both, really needed to be reworked, logically. I made some minor upgrades in network equipment and major modifications in terms of wireless, implementing separate VLANs with ACLs for respective SSIDs, RADIUS authentication and logging, etc.

                  I was not working full tilt on just the Pertino stuff. I am the lone admin here and we are a company with about 88 employees. I have made great strides in trying to keep things moving and staying up with the best methods for all facets of IT and implement what is necessary to ensure integrity and stability of the systems with as little interruption to service as possible. I went from 6 physical servers that were 9-10 years old and out of warranty, to being 85% virtualized on 4-hour onsite warrantied hardware, which puts me in a much better position to be more flexible in terms of where services are provided from. I only have 3 physical servers. 1 older file/print server, an RDG/RDS server and an Exchange server. I am planing on virtualizing the first two and migrating to hosted Exchange within the next year to year and a half.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @wrx7m
                    last edited by

                    @wrx7m said:

                    I just got Pertino approved not 5 minutes ago, so I would be using that. 🙂

                    I actually designed the AD handling for them 🙂

                    wrx7mW 1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @wrx7m
                      last edited by

                      @wrx7m said:

                      @Dashrender Thanks, I went enterprise with the gateway. 🙂 And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.

                      That's new since any of us used it.

                      wrx7mW 1 Reply Last reply Reply Quote 0
                      • wrx7mW
                        wrx7m @scottalanmiller
                        last edited by

                        @scottalanmiller you never cease to amaze me

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          What we did, before phasing out AD and our LAN/VPN completely, was use AD on Azure (not Azure AD) and Pertino.

                          We put our "primary" AD DC into Azure East (Virginia) and our "secondary" into Azure Iowa. We used the two vCPU option which is 2.75GB of RAM, if I remember correctly. Worked fine. Windows Server 2012 R2.

                          With Pertino on each server and on every node in our network everything was able to talk to both AD DCs at any time. All functions like a single normal LAN. No special configuration needed other than the DNS handling built into Pertino.

                          1 Reply Last reply Reply Quote 1
                          • wrx7mW
                            wrx7m @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @wrx7m said:

                            @Dashrender Thanks, I went enterprise with the gateway. 🙂 And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.

                            That's new since any of us used it.

                            Which part is new; the gateway or the DC requirement?

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @wrx7m
                              last edited by

                              @wrx7m said:

                              @scottalanmiller you never cease to amaze me

                              I'm the one who pushed them for the gateway appliance, too. They had had one before they went live with the product but never released it. I made them bring it out because the product really wasn't fully viable without it for 90% of customers.

                              wrx7mW 1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @wrx7m
                                last edited by

                                @wrx7m said:

                                @scottalanmiller said:

                                @wrx7m said:

                                @Dashrender Thanks, I went enterprise with the gateway. 🙂 And last time I checked you still needed to have the connection software installed on all DCs in your domain for the DNS to work properly even with the gateway option.

                                That's new since any of us used it.

                                Which part is new; the gateway or the DC requirement?

                                The gateway. We at @ntg were using the AD system before they released it. We did the work manually to make it work, documented it and I did some work with them on designing both the AD handling and the DNS override ideas (the DNS especially) to get it to work with our design and to enhance it for better flexibility and ease of use. So the AD has been around for a long time, the gateway only recently.

                                1 Reply Last reply Reply Quote 1
                                • wrx7mW
                                  wrx7m @scottalanmiller
                                  last edited by

                                  @scottalanmiller very interesting. I completely agree that it makes the most sense to have the gateway. I am just surprised that they wouldn't include it in the lower tier business plans.

                                  1 Reply Last reply Reply Quote 0
                                  • wrx7mW
                                    wrx7m
                                    last edited by wrx7m

                                    OK, so VPN, check.

                                    Is SAM endorsing Azure for hosting an ADDC VM?

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @wrx7m
                                      last edited by

                                      @wrx7m said:

                                      Is SAM endorsing Azure for hosting an ADDC VM?

                                      Azure works fine, Rackspace works fine. RS has VPS functionality which makes them far more accessible to SMBs. Amazon AWS is excellent but much harder to use, but not really harder than Azure. Rackspace is the best if you only have a box here and there. We use four cloud carriers currently plus normally multiple colo facilities. It depends on your other systems what will work best for you.

                                      wrx7mW 1 Reply Last reply Reply Quote 1
                                      • wrx7mW
                                        wrx7m @scottalanmiller
                                        last edited by

                                        @scottalanmiller I should check out rackspace. Although, I am using S3 and glacier for some off-site backup and archiving.

                                        Speaking of which, I am using VMware and Veeam for all my virtual machines. What would I use to backup the hosted DC?

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Hosted is backed up to the hosting facility. If you choose Rackspace, for example, you would take a snapshot of your virtual machine and it will automatically export to RS Cloud Files (the same facility that hosts our images for the site here) and that is your backup. If you need a file based backup additionally you would likely use something like StorageCraft which is agent based and target any storage that you want. But typically you would just use the image backup on the host itself. Remember that you are looking at multi-regional high availability here so going to backup to do a system restore would be a truly epic situation.

                                          wrx7mW 1 Reply Last reply Reply Quote 1
                                          • wrx7mW
                                            wrx7m @scottalanmiller
                                            last edited by

                                            @scottalanmiller good info. Seems pretty straight forward. Since this is a DC, I would only be concerned if RS AND my on-site infrastructure and backups AND off-site backups some how got destroyed.

                                            I was also wondering for future projects in a general sense.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post