3.5 Domain Controller on Hypervisor

Consider a cautious approach when placing the domain controller in a virtualized environment such as VMware, Citrix, or Microsoft hypervisor. Follow the guidelines given below:

  • Ensure that you secure the host computer where the virtual domain controller is hosted and protect it from malicious users.

  • Protect the domain controller's virtual hard disk files (for example the .vmd files). Ensure that only reliable administrators have access to the domain controller's VHD files.

  • Directory operations are critically time-dependent. Ensure that the domain controller and hypervisor host time is always synchronized with the same reliable NTP time source and to a source that is outside the hypervisor. VM infrastructures can cause serious time drifts.

  • Separate the virtualization internal traffic from the guest traffic.

  • Consider reducing the weight or priority of SRV records on the Virtual domain controllers if it is an additional domain controller for your domain.

  • Ensure that the virtual domain controller gets enough network bandwidth for users to authenticate faster.

  • Implement VMWare High availability to ensure that the virtual domain controller is restarted in the event of ESX server failures.

  • In a multi-server environment, avoid domain controller snapshot reverting for any install failures in the tree that includes physical domain controllers or pre-existing eDirectory server.