Are other services (like MSSQL) next HyperV on the host system a normal approach?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












First of all, I'm not very experienced with HyperV, Microsoft stuff and this could be an opinionated question. Nevertheless I wonder since I've learned about the following situation, if it's really the way to go or just nonsense.



A company is about to virtualize their infrastructure. The selected company, which should implement the virtualization, plans to do that with HyperV. I've visualized their plan:



enter image description here



In my opinion there are a few odd things about this:



  1. Is it fine to have other services like SQLServer directly on the host system and not virtualized into a container?

  2. Is the domain controller fine with being virtualized? Can the host system be in the domain, while one of it's guest is the domain controller?

  3. Is it possible that they do like this, to save license coasts?

Thank you in advance.










share|improve this question

























    up vote
    1
    down vote

    favorite












    First of all, I'm not very experienced with HyperV, Microsoft stuff and this could be an opinionated question. Nevertheless I wonder since I've learned about the following situation, if it's really the way to go or just nonsense.



    A company is about to virtualize their infrastructure. The selected company, which should implement the virtualization, plans to do that with HyperV. I've visualized their plan:



    enter image description here



    In my opinion there are a few odd things about this:



    1. Is it fine to have other services like SQLServer directly on the host system and not virtualized into a container?

    2. Is the domain controller fine with being virtualized? Can the host system be in the domain, while one of it's guest is the domain controller?

    3. Is it possible that they do like this, to save license coasts?

    Thank you in advance.










    share|improve this question























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      First of all, I'm not very experienced with HyperV, Microsoft stuff and this could be an opinionated question. Nevertheless I wonder since I've learned about the following situation, if it's really the way to go or just nonsense.



      A company is about to virtualize their infrastructure. The selected company, which should implement the virtualization, plans to do that with HyperV. I've visualized their plan:



      enter image description here



      In my opinion there are a few odd things about this:



      1. Is it fine to have other services like SQLServer directly on the host system and not virtualized into a container?

      2. Is the domain controller fine with being virtualized? Can the host system be in the domain, while one of it's guest is the domain controller?

      3. Is it possible that they do like this, to save license coasts?

      Thank you in advance.










      share|improve this question













      First of all, I'm not very experienced with HyperV, Microsoft stuff and this could be an opinionated question. Nevertheless I wonder since I've learned about the following situation, if it's really the way to go or just nonsense.



      A company is about to virtualize their infrastructure. The selected company, which should implement the virtualization, plans to do that with HyperV. I've visualized their plan:



      enter image description here



      In my opinion there are a few odd things about this:



      1. Is it fine to have other services like SQLServer directly on the host system and not virtualized into a container?

      2. Is the domain controller fine with being virtualized? Can the host system be in the domain, while one of it's guest is the domain controller?

      3. Is it possible that they do like this, to save license coasts?

      Thank you in advance.







      virtualization hyper-v windows-server-2016






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 10 hours ago









      Robin

      454412




      454412




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          5
          down vote



          accepted










          No, this is not a Best Practices configuration.



          1. Generally, a Hyper-V host should run only the minimum necessary software to be a Hyper-V host. That means the Hyper-V role, anti-virus, storage services (iSCSI, Storage Spaces, etc.), backup agents, and systems monitoring agents. No user facing services should be running on the Hyper-V host


          2. Running a DC inside a VM is fine. With Windows 2012 R2, a domain joined Hyper-V host can successfully boot and start a VM without an available Domain Controller. Prior to 2012 R2, the Hyper-V host needed to contact a DC before it could start the VMs. However, this has specific configuration requirements. Personally, I would run a dedicated physical domain controller just for simplicity sake.


          3. I don't have a guess as to their motivation for doing it this way. You need a minimum of 8 Standard licenses for any Windows server, and each license allows 2 VM's. So you get at least 16 VM's just by minimally licensing the Hyper-V host. There's no licensing reason to limit it to 4 VM's.






          share|improve this answer






















          • Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
            – Robin
            10 hours ago

















          up vote
          2
          down vote













          Your Hypervisor should be a Hypervisor and nothing else.



          If there is an actual performance based need to keep SQL non-virtualized, then your better bet would be to get a second server to run SQL on. However, most likely if this is the entire infrastructure you can get away with virtualizing SQL, and separating the storage in Hyper-V to dedicate some to your databases so that there's nothing else on that storage competing for IO. Depending on performance requirements you may not even need to do this.



          As long as you're running Hyper-V 2016, and you don't join the Hyper-V machine to the domain, there are no issues with virtualizing your DC. If you join the Hyper-V box to the domain, you may have some issues getting into the server if there is an issue with your DC VM restarting. Having a domain-joined Hyper-V host, hosting your only DC is supported with 2016, but I wouldn't do it. Regardless of what MS says these days, it's safer to keep at least one physical DC running in case there are issues with the virtual one starting that prevent you from logging into the Hyper-V box for administrative purposes.



          You shouldn't put WSUS on your DC though. Domain controllers should be treated with the same specificity as hypervisors. Only run what's required on them, nothing else. In a smaller shop, running DNS/DHCP/DC on one box is very common, just isolate the DHCP service account. In a massive network, running DHCP on a separate box is a better configuration.



          All of this is possible, and cheaper. With AVMA you'll simplify your activation/licensing as long as you've licensed all cores in the host. I'm assuming you're using Server 2016 Datacenter, in which case adding an additional server to do WSUS is covered by your license. Datacenter gives you unlimited virtualized environments when the whole host is licensed, so you're better to split WSUS off from your DC.



          For more details on configuring DHCP see here: https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/



          For more information on best practices regarding other apps on Hyper-V see here:
          https://blogs.technet.microsoft.com/uspartner_ts2team/2014/01/15/if-im-using-hyper-v-what-other-services-should-run-in-the-host-os/



          For more information about AVMA see here:
          https://blogs.technet.microsoft.com/hybridcloudbp/2016/01/29/windows-server-activation-best-practices/






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "2"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f934907%2fare-other-services-like-mssql-next-hyperv-on-the-host-system-a-normal-approach%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            5
            down vote



            accepted










            No, this is not a Best Practices configuration.



            1. Generally, a Hyper-V host should run only the minimum necessary software to be a Hyper-V host. That means the Hyper-V role, anti-virus, storage services (iSCSI, Storage Spaces, etc.), backup agents, and systems monitoring agents. No user facing services should be running on the Hyper-V host


            2. Running a DC inside a VM is fine. With Windows 2012 R2, a domain joined Hyper-V host can successfully boot and start a VM without an available Domain Controller. Prior to 2012 R2, the Hyper-V host needed to contact a DC before it could start the VMs. However, this has specific configuration requirements. Personally, I would run a dedicated physical domain controller just for simplicity sake.


            3. I don't have a guess as to their motivation for doing it this way. You need a minimum of 8 Standard licenses for any Windows server, and each license allows 2 VM's. So you get at least 16 VM's just by minimally licensing the Hyper-V host. There's no licensing reason to limit it to 4 VM's.






            share|improve this answer






















            • Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
              – Robin
              10 hours ago














            up vote
            5
            down vote



            accepted










            No, this is not a Best Practices configuration.



            1. Generally, a Hyper-V host should run only the minimum necessary software to be a Hyper-V host. That means the Hyper-V role, anti-virus, storage services (iSCSI, Storage Spaces, etc.), backup agents, and systems monitoring agents. No user facing services should be running on the Hyper-V host


            2. Running a DC inside a VM is fine. With Windows 2012 R2, a domain joined Hyper-V host can successfully boot and start a VM without an available Domain Controller. Prior to 2012 R2, the Hyper-V host needed to contact a DC before it could start the VMs. However, this has specific configuration requirements. Personally, I would run a dedicated physical domain controller just for simplicity sake.


            3. I don't have a guess as to their motivation for doing it this way. You need a minimum of 8 Standard licenses for any Windows server, and each license allows 2 VM's. So you get at least 16 VM's just by minimally licensing the Hyper-V host. There's no licensing reason to limit it to 4 VM's.






            share|improve this answer






















            • Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
              – Robin
              10 hours ago












            up vote
            5
            down vote



            accepted







            up vote
            5
            down vote



            accepted






            No, this is not a Best Practices configuration.



            1. Generally, a Hyper-V host should run only the minimum necessary software to be a Hyper-V host. That means the Hyper-V role, anti-virus, storage services (iSCSI, Storage Spaces, etc.), backup agents, and systems monitoring agents. No user facing services should be running on the Hyper-V host


            2. Running a DC inside a VM is fine. With Windows 2012 R2, a domain joined Hyper-V host can successfully boot and start a VM without an available Domain Controller. Prior to 2012 R2, the Hyper-V host needed to contact a DC before it could start the VMs. However, this has specific configuration requirements. Personally, I would run a dedicated physical domain controller just for simplicity sake.


            3. I don't have a guess as to their motivation for doing it this way. You need a minimum of 8 Standard licenses for any Windows server, and each license allows 2 VM's. So you get at least 16 VM's just by minimally licensing the Hyper-V host. There's no licensing reason to limit it to 4 VM's.






            share|improve this answer














            No, this is not a Best Practices configuration.



            1. Generally, a Hyper-V host should run only the minimum necessary software to be a Hyper-V host. That means the Hyper-V role, anti-virus, storage services (iSCSI, Storage Spaces, etc.), backup agents, and systems monitoring agents. No user facing services should be running on the Hyper-V host


            2. Running a DC inside a VM is fine. With Windows 2012 R2, a domain joined Hyper-V host can successfully boot and start a VM without an available Domain Controller. Prior to 2012 R2, the Hyper-V host needed to contact a DC before it could start the VMs. However, this has specific configuration requirements. Personally, I would run a dedicated physical domain controller just for simplicity sake.


            3. I don't have a guess as to their motivation for doing it this way. You need a minimum of 8 Standard licenses for any Windows server, and each license allows 2 VM's. So you get at least 16 VM's just by minimally licensing the Hyper-V host. There's no licensing reason to limit it to 4 VM's.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited 3 hours ago

























            answered 10 hours ago









            longneck

            19.8k23774




            19.8k23774











            • Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
              – Robin
              10 hours ago
















            • Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
              – Robin
              10 hours ago















            Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
            – Robin
            10 hours ago




            Thank you for your answer. Do you have some documents or links to support me, when I tell them that this is not Best Practices?
            – Robin
            10 hours ago












            up vote
            2
            down vote













            Your Hypervisor should be a Hypervisor and nothing else.



            If there is an actual performance based need to keep SQL non-virtualized, then your better bet would be to get a second server to run SQL on. However, most likely if this is the entire infrastructure you can get away with virtualizing SQL, and separating the storage in Hyper-V to dedicate some to your databases so that there's nothing else on that storage competing for IO. Depending on performance requirements you may not even need to do this.



            As long as you're running Hyper-V 2016, and you don't join the Hyper-V machine to the domain, there are no issues with virtualizing your DC. If you join the Hyper-V box to the domain, you may have some issues getting into the server if there is an issue with your DC VM restarting. Having a domain-joined Hyper-V host, hosting your only DC is supported with 2016, but I wouldn't do it. Regardless of what MS says these days, it's safer to keep at least one physical DC running in case there are issues with the virtual one starting that prevent you from logging into the Hyper-V box for administrative purposes.



            You shouldn't put WSUS on your DC though. Domain controllers should be treated with the same specificity as hypervisors. Only run what's required on them, nothing else. In a smaller shop, running DNS/DHCP/DC on one box is very common, just isolate the DHCP service account. In a massive network, running DHCP on a separate box is a better configuration.



            All of this is possible, and cheaper. With AVMA you'll simplify your activation/licensing as long as you've licensed all cores in the host. I'm assuming you're using Server 2016 Datacenter, in which case adding an additional server to do WSUS is covered by your license. Datacenter gives you unlimited virtualized environments when the whole host is licensed, so you're better to split WSUS off from your DC.



            For more details on configuring DHCP see here: https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/



            For more information on best practices regarding other apps on Hyper-V see here:
            https://blogs.technet.microsoft.com/uspartner_ts2team/2014/01/15/if-im-using-hyper-v-what-other-services-should-run-in-the-host-os/



            For more information about AVMA see here:
            https://blogs.technet.microsoft.com/hybridcloudbp/2016/01/29/windows-server-activation-best-practices/






            share|improve this answer
























              up vote
              2
              down vote













              Your Hypervisor should be a Hypervisor and nothing else.



              If there is an actual performance based need to keep SQL non-virtualized, then your better bet would be to get a second server to run SQL on. However, most likely if this is the entire infrastructure you can get away with virtualizing SQL, and separating the storage in Hyper-V to dedicate some to your databases so that there's nothing else on that storage competing for IO. Depending on performance requirements you may not even need to do this.



              As long as you're running Hyper-V 2016, and you don't join the Hyper-V machine to the domain, there are no issues with virtualizing your DC. If you join the Hyper-V box to the domain, you may have some issues getting into the server if there is an issue with your DC VM restarting. Having a domain-joined Hyper-V host, hosting your only DC is supported with 2016, but I wouldn't do it. Regardless of what MS says these days, it's safer to keep at least one physical DC running in case there are issues with the virtual one starting that prevent you from logging into the Hyper-V box for administrative purposes.



              You shouldn't put WSUS on your DC though. Domain controllers should be treated with the same specificity as hypervisors. Only run what's required on them, nothing else. In a smaller shop, running DNS/DHCP/DC on one box is very common, just isolate the DHCP service account. In a massive network, running DHCP on a separate box is a better configuration.



              All of this is possible, and cheaper. With AVMA you'll simplify your activation/licensing as long as you've licensed all cores in the host. I'm assuming you're using Server 2016 Datacenter, in which case adding an additional server to do WSUS is covered by your license. Datacenter gives you unlimited virtualized environments when the whole host is licensed, so you're better to split WSUS off from your DC.



              For more details on configuring DHCP see here: https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/



              For more information on best practices regarding other apps on Hyper-V see here:
              https://blogs.technet.microsoft.com/uspartner_ts2team/2014/01/15/if-im-using-hyper-v-what-other-services-should-run-in-the-host-os/



              For more information about AVMA see here:
              https://blogs.technet.microsoft.com/hybridcloudbp/2016/01/29/windows-server-activation-best-practices/






              share|improve this answer






















                up vote
                2
                down vote










                up vote
                2
                down vote









                Your Hypervisor should be a Hypervisor and nothing else.



                If there is an actual performance based need to keep SQL non-virtualized, then your better bet would be to get a second server to run SQL on. However, most likely if this is the entire infrastructure you can get away with virtualizing SQL, and separating the storage in Hyper-V to dedicate some to your databases so that there's nothing else on that storage competing for IO. Depending on performance requirements you may not even need to do this.



                As long as you're running Hyper-V 2016, and you don't join the Hyper-V machine to the domain, there are no issues with virtualizing your DC. If you join the Hyper-V box to the domain, you may have some issues getting into the server if there is an issue with your DC VM restarting. Having a domain-joined Hyper-V host, hosting your only DC is supported with 2016, but I wouldn't do it. Regardless of what MS says these days, it's safer to keep at least one physical DC running in case there are issues with the virtual one starting that prevent you from logging into the Hyper-V box for administrative purposes.



                You shouldn't put WSUS on your DC though. Domain controllers should be treated with the same specificity as hypervisors. Only run what's required on them, nothing else. In a smaller shop, running DNS/DHCP/DC on one box is very common, just isolate the DHCP service account. In a massive network, running DHCP on a separate box is a better configuration.



                All of this is possible, and cheaper. With AVMA you'll simplify your activation/licensing as long as you've licensed all cores in the host. I'm assuming you're using Server 2016 Datacenter, in which case adding an additional server to do WSUS is covered by your license. Datacenter gives you unlimited virtualized environments when the whole host is licensed, so you're better to split WSUS off from your DC.



                For more details on configuring DHCP see here: https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/



                For more information on best practices regarding other apps on Hyper-V see here:
                https://blogs.technet.microsoft.com/uspartner_ts2team/2014/01/15/if-im-using-hyper-v-what-other-services-should-run-in-the-host-os/



                For more information about AVMA see here:
                https://blogs.technet.microsoft.com/hybridcloudbp/2016/01/29/windows-server-activation-best-practices/






                share|improve this answer












                Your Hypervisor should be a Hypervisor and nothing else.



                If there is an actual performance based need to keep SQL non-virtualized, then your better bet would be to get a second server to run SQL on. However, most likely if this is the entire infrastructure you can get away with virtualizing SQL, and separating the storage in Hyper-V to dedicate some to your databases so that there's nothing else on that storage competing for IO. Depending on performance requirements you may not even need to do this.



                As long as you're running Hyper-V 2016, and you don't join the Hyper-V machine to the domain, there are no issues with virtualizing your DC. If you join the Hyper-V box to the domain, you may have some issues getting into the server if there is an issue with your DC VM restarting. Having a domain-joined Hyper-V host, hosting your only DC is supported with 2016, but I wouldn't do it. Regardless of what MS says these days, it's safer to keep at least one physical DC running in case there are issues with the virtual one starting that prevent you from logging into the Hyper-V box for administrative purposes.



                You shouldn't put WSUS on your DC though. Domain controllers should be treated with the same specificity as hypervisors. Only run what's required on them, nothing else. In a smaller shop, running DNS/DHCP/DC on one box is very common, just isolate the DHCP service account. In a massive network, running DHCP on a separate box is a better configuration.



                All of this is possible, and cheaper. With AVMA you'll simplify your activation/licensing as long as you've licensed all cores in the host. I'm assuming you're using Server 2016 Datacenter, in which case adding an additional server to do WSUS is covered by your license. Datacenter gives you unlimited virtualized environments when the whole host is licensed, so you're better to split WSUS off from your DC.



                For more details on configuring DHCP see here: https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/



                For more information on best practices regarding other apps on Hyper-V see here:
                https://blogs.technet.microsoft.com/uspartner_ts2team/2014/01/15/if-im-using-hyper-v-what-other-services-should-run-in-the-host-os/



                For more information about AVMA see here:
                https://blogs.technet.microsoft.com/hybridcloudbp/2016/01/29/windows-server-activation-best-practices/







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 10 hours ago









                RobbieCrash

                637519




                637519



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f934907%2fare-other-services-like-mssql-next-hyperv-on-the-host-system-a-normal-approach%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?