Randon survey -- do you run domain on your colo instances?

[Jeff MacDuff]

Just curious if anyone with their own colo is also running a domain (NT domain, not a website domain)? We avoid it like a plague, due to some old experiences of PDC’s failing.

 

Just curious from those of us with hardware if anyone sets up a domain?

 

Jeff MacDuff

CTO & Co-Founder, Buddy

Email:   je...@buddy.com

 

 

 

[Marcelo Calbucci]

I don't now, but I didn't on my previous startup. I had a DC on the datacenter and a DC on the office and they were connected via VPN. It worked great. All the servers, desktops and laptops were part of the domain and made a lot of things easier like deploying, file sharing, etc.

I don't have that setup now and it's becoming painful.

-Marcelo

--
-Marcelo

@calbucci | blog.calbucci.com 

EveryMove is hiring developers!

[Tom Lianza]

We don't at Wishpot, but when I asked that same question last year on ServerFault the general response was that we should (as they themselves do:  http://serverfault.com/questions/221713/should-production-windows-web-servers-iis-sql-be-in-a-domain  )

The main limitations I've found without having a domain are:

1) AppFabric basically doesn't work (which is just as well, because after trying it out it seemed wholly inferior to Memcached)

2) Anything requiring network shares, backing up files across servers, etc, has an extra auth step (thankfully we don't do much of that).

Tom

---

Tom Lianza

CTO, Wishpot 

Skype: tlianza

On Fri, Feb 10, 2012 at 1:06 PM, Jeff MacDuff <je...@buddy.com> wrote:

[Jeff MacDuff]

Let me ask the question in a different way.. let’s say you wanted to deploy a domain. Would you buy two new small servers for a BDC and PDC?

 

-Jeff

[Marcelo Calbucci]

I would.

[Chris Kinsman]

Done it both ways. Prefer running a domain. Makes a number of
scenarios so much easier.

That being said I don't like running dhcp and prefer to statically
address all machines and manually create DNs entries. Even reserved
addresses are nerve wracking as it is too easy to forget to reserve
the address and end up with an address change months down the road
that takes down a site.

Whether you run small dedicated boxes is a complicated question. In
the perfect world you would absolutely do so. However there are a
number of roles that are candidates to combine. Ad, dns, and dhcp all
make sense to combine.

If doing virtualization and willing to deal with a small amount of
risk I have seen folks who have done a small box for the primary
global catalog and then running multiple backups that are distributed
across your virtual hosts/storage.

Fun topic

On Feb 11, 10:19 am, Marcelo Calbucci <marc...@calbucci.com> wrote:
> I would.
>
>
>
>
>
>
>
>
>
> On Sat, Feb 11, 2012 at 8:25 AM, Jeff MacDuff <j...@buddy.com> wrote:
> >  Let me ask the question in a different way.. let’s say you wanted to

> > deploy a domain. Would you buy two new small servers for a BDC and PDC?***
> > *
>
> > ** **
>
> > -Jeff****
>
> > ** **
>
> > *From:* dotnet...@googlegroups.com [mailto:
> > dotnet...@googlegroups.com] *On Behalf Of *Tom Lianza
> > *Sent:* Friday, February 10, 2012 1:33 PM
> > *To:* dotnet...@googlegroups.com
> > *Subject:* Re: Randon survey -- do you run domain on your colo instances?*
> > ***
>
> > ** **

>
> > We don't at Wishpot, but when I asked that same question last year on
> > ServerFault the general response was that we should (as they themselves
> > do:

> >http://serverfault.com/questions/221713/should-production-windows-web...
> > )****
>
> > ** **
>
> > The main limitations I've found without having a domain are:****

>
> > 1) AppFabric basically doesn't work (which is just as well, because after

> > trying it out it seemed wholly inferior to Memcached)****

>
> > 2) Anything requiring network shares, backing up files across servers,

> > etc, has an extra auth step (thankfully we don't do much of that).****
>
> > ** **
>
> > Tom****
>
> > ** **
>
> > ---****
>
> > Tom Lianza****
>
> > CTO, Wishpot <http://www.wishpot.com/> ****
>
> > Skype: tlianza****
>
> > ** **
>
> > On Fri, Feb 10, 2012 at 1:06 PM, Jeff MacDuff <j...@buddy.com> wrote:****

>
> > Just curious if anyone with their own colo is also running a domain (NT
> > domain, not a website domain)? We avoid it like a plague, due to some old

> > experiences of PDC’s failing. ****
>
> >  ****
>
> > Just curious from those of us with hardware if anyone sets up a domain?***
> > *
>
> >  ****
>
> > *Jeff MacDuff*****
>
> > CTO & Co-Founder, Buddy****
>
> > *Email:*   j...@buddy.com ****
>
> >  ****
>
> >  ****
>
> >  ****
>
> > ** **
>
> --
> -Marcelo
>
> @calbucci <http://twitter.com/calbucci> | blog.calbucci.com
> EveryMove <http://EveryMove.org> is *hiring
> developers<http://everymove.com/about/jobs>
> *!

[Jeff MacDuff]

We decided to pull the trigger and setup a domain, on two new boxes. It was just getting too difficult to setup things like DB mirroring without the domain.

Enterprise software run in a workgroup doesn't work as well as you would like :)

Jeff MacDuff
CTO & Co-Founder, Buddy
Email:   je...@buddy.com

[Chris Kinsman]

Clustering would be hard to impossible without.

Now someone mentioned a distributed domain in their office and colo joined over VPN. That would make me nervous. I typically in that scenario run two domains. Allows me to separate security concerns.

Different discussion would be should we put trusts in place between the domains? Most folks would argue for convenience yes but for security no. If you do put a trust in place should be only one way from corporate to colo.

Chris

[Jeff MacDuff]

I was not doing clustering, we were doing async mirroring :)

Agree it's very hard without the domain.

Jeff MacDuff
CTO & Co-Founder, Buddy
Email:   je...@buddy.com




-----Original Message-----
From: dotnet...@googlegroups.com [mailto:dotnet...@googlegroups.com] On Behalf Of Chris Kinsman

[Anthony Stevens]

Hi Jeff - can you you elaborate?  Were you using server certs to establish and verify the connection credentials?  Did you have NetBIOS resolution issues that couldn't be solved by host file entries?

a

--
Anthony Stevens

(206) 409-8427

[Jeff MacDuff]

We were trying to setup async mirroring with a witness , between 3 boxes not in a domain, over a private IP network. The issue seemed to also be connectivity , whether we used a dns name or a IP.. it always failed to connect at the setup stage.

 

I didn’t try editing the hosts file, but now that we are moving to a domain this issue should resolve itself.

 

Jeff MacDuff

CTO & Co-Founder, Buddy

Email:   je...@buddy.com

 

 

 

From: dotnet...@googlegroups.com [mailto:dotnet...@googlegroups.com] On Behalf Of Anthony Stevens

Sent: Thursday, March 08, 2012 9:26 PM
To: dotnet...@googlegroups.com

[Jeff MacDuff]

Chris: you mentioned you like to setup static IP and DNS entries when you stand up a new domain. I was wondering if you tried to do DHCP with a lease that never expires?

 

Or always reference the DNS entry in your configs to protect against IP changes?

 

 

 

Jeff MacDuff

CTO & Co-Founder, Buddy

Email:   je...@buddy.com

 

 

 

From: dotnet...@googlegroups.com [mailto:dotnet...@googlegroups.com] On Behalf Of Anthony Stevens

Sent: Thursday, March 08, 2012 9:26 PM
To: dotnet...@googlegroups.com

[Chris Kinsman]

I have had a reservation fail, a server come up and grab a dynamic address and a service go down due to that address change.

After that I started statically addressing.

Chris

[Jeff MacDuff]

Just to follow up on this thread, you have inspired me to move our servers over to a domain based environment :)

Jeff MacDuff
CTO & Co-Founder, Buddy
Email:   je...@buddy.com

-----Original Message-----
From: dotnet...@googlegroups.com [mailto:dotnet...@googlegroups.com] On Behalf Of Chris Kinsman
Sent: Friday, March 09, 2012 10:58 PM
To: dotnet...@googlegroups.com
Subject: RE: Randon survey -- do you run domain on your colo instances?