I do quite a bit of application testing within the virtual environment and I have found that an increasing number of virtual appliances require Active Directory in order to access these appliances complete functional set of the product. I feel this is short sighted as there are many other directory servers which can be used such as LDAP, NIS, eDirectory, etc.
I was using up until recently a Linux PDC which made use of Samba v3.4, OpenLDAP, and Kerberos. Unfortunately, this is having increasing problems with modern versions of windows and virtual appliances. Time to switch to AD.
The Switch
First I installed W2K8 64 Bit and on that installed the AD, DNS, and DHCP roles. So far so good. After promoting the server to AD, I had a simple but effective AD server. The key was to allow DHCP to update DNS, and combine everything on one node. So far I had two nodes, one for Samba/AD and one for DHCP/Internal DNS. Since I need DNS to properly reflect AD, I needed to use Microsoft’s DNS.
Step 1:
Install and Configure AD.
Step 2:
Configure DNS. This step required me to copy over my existing DNS to the new server. Since one was Linux and the other was Windows, I just re-entered the small amount of data I had.
Step 3:
Configure DHCP. Once more I just re-entered the data.
Step 4:
Shutdown existing DHCP/DNS VM.
Everything was going smoothly. The last step was to move VMs and hosts from my Samba/AD configuration to the Microsoft AD configuration. This did require me to reboot all my window boxes, once to remove from the old domain and then once to add to the new domain. However, most of my windows boxes but two are purely for testing. So this was just time consuming. The two I had to be careful about just required me to verify no users were on the systems. Then add to the Domain.
Up and Running
Compared to how long it took me to get Linux PDC working, as best I could, at the time to getting Microsoft AD up and running, Microsoft’s AD was very fast, easy, and simple. Continued management is also simple.
The tool I needed to test was the HyTrust Appliance. Look for a whitepaper on this on The Virtualization Practice’s analyst site. However, I have now used it for all tools I am testing with no major issues. Including joining ESX/ESXi to the AD domain via the contained Likewise integration.
Microsoft AD just works and for me to say something like this about Microsoft is a good thing. I like things that just work.
Edward L. Haletky, aka Texiwill, is an author, analyst, developer, technologist, and business owner. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and TVP Strategy where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.