VCAP-DCD Objective 2.2 – Map Service Dependencies

March 01, 2011   Sean Crookston   1 Comment

Knowledge

  • Identify basic service dependencies for infrastructure and application services.

Skills and Abilities

  • Analyze service dependencies to determine requirements for the logical design of a multi-site environment.

  • Identify the upstream/downstream service dependencies.

  • Having navigated logical components and their interdependencies, make decisions based upon all service relationships.

Tools

  • Timekeeping in VMware Virtual Machines

  • Virtualizing a Windows Active Directory Domain Infrastructure

  • Datacenter Operational Excellence Through Automated Application Discovery & Dependency Mapping

  • Product Documentation

This objective talks about identifying service dependencies for your design. When we talk about service dependencies for our virtual infrastructure and application services we are talking about things like Active Directory, DNS, and NTP. We are also talking not only about them being implemented but how we track those dependencies. I’m sure many of you have been part of an organization where the knowledge was tribal. It works fine when that person is working that day, but what happens when that person is out sick or leaves the company?

So let’s refer back to the customer example we used in section 2.1. As you may remember they have just barely dug into virtualization but now would like to deliver a solution at both of their datacenters that provide high availability and redundancy.
 

Now there are pieces in the physical world that must be thought about in terms of this migration and whether we decide to bring them into the environment or let them continue to operate outside of the environment.  Looking at Active Directory first, the question is do we virtualize it or not? My answer would be yes. Setting up new virtual machine and making it part of our active directory infrastructure is one of the easier and painless things you can do. You also give the server built in high availability through VMware’s High Availability. Not to mention, domain controllers typically use around 10% of CPU resources so when you are physical you are wasting a lot of resources that could be used otherwise.

The next question is do we completely virtualize the entire Active Directory Infrastructure or do we leave some of the environment physical? For me, that depends. I don’t see a problem with completely virtualizing Active Directory but maybe you have a pile of servers laying around after the conversion and you want to take a few eggs out of the basket.

Another question you should ask is how things are setup at the second datacenter. In a smaller environment maybe what they are referring to as their datacenter is only just 5-10 physical servers running. Maybe they are running Exchange there for email and some other applications, but no domain controllers or DNS, as they might just be connecting back over the WAN. This is a huge problem if they ever needed to failover for disaster recovery purposes.

Now we look at one major dependency of Active Directory and that is timekeeping. Clock drift is a big issue with a Windows Domain and you have to consider how you are going to go about ensuring accurate time. Further virtualization works by only allocating CPU cycles to virtual machines that need them and not those that are idle. This conflicts with the fact that Windows machines drift when they don’t receive consistent time cycles. VMware suggests you use Windows Time Service for synchronization and not VMware Tools as results. You can refer to the Active Directory document in the tools section of this objective for the specifics of how to do this.

Talking about time synchronization we are not talking just about active directory, but other applications and operating systems obviously need accurate time as well. A great read is the Timekeeping for Virtual Machines document located in the tools section of this objective which goes into great detail on not only the process of timekeeping in virtual machines but a discussion of how to implement them.  Again back to our customer example we have been talking about, we also need to consider timekeeping.

The last thing I’d like to discuss with this objective is in regards to tracking dependencies. There is a document in the tools section of this objective that talks on this in detail and is a good read if you are not familiar with the concepts of a CMDB or service delivery.  In short, it is important to know where things are and have a way to easily track where things are going to move. It is also just as important to know what relies on what and have methods to communicate changes to pieces at the lower levels of the stack that will affect many things higher.

For example, if some work is going to be done on one of the routers, isn’t it a good idea to let everyone who may be affected know? A complete CMDB will be able to identify the switches that hooks into the Router, the Virtual Servers that hook into those switches, and the VMs on those hosts. I was even part of one organization that had it to the level where the application owners were tied to the applications on those servers. The result, any change like the one mentioned above was sent out to a targeted list of server and application owners and it was ensured it didn’t conflict with other work going on.

VMware offers a product called Application Discovery Manager that is designed to assist with these challenges. I have not yet tried this product but in the near future I hope to play around with it a bit more and will discuss its features at that time.

Wrapping it up for this objective there are a few key things to do when getting to the implementation side of moving Active directory to a virtual infrastructure.


•    Don’t P2V For starters it is easy to get another domain controller setup and with domain controllers you really don’t want to bring something back up with things missing.
•    No snapshots Same concept as above, you don’t want to revert Active Directory controllers and if you are concerned of operating system corruption then scale out with domain controllers.
•    Consider Clock Drift As we mentioned above critical to an Active Directory infrastructure
•    Consider VM Startup Order This will be important during the implementation to make sure the services that are needed by other apps are up and ready to deliver services.

Posted in: VCAP-DCD, VMware   Tags: ,
«
»

One Response to VCAP-DCD Objective 2.2 – Map Service Dependencies

  1. Pingback: tekhead.org » VMware VCAP-DCD 4 Exam Prep Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>