Running an SBS2003 AD From a VM on a Mac Pro

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Waragainstsleep, Sep 5, 2011.

  1. Waragainstsleep macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #1
    I have an SBS2003 with Kerio Connect 7 on it serving approximately 30 clients, all of which are running Windows XP except a couple of Vista and Win 7 machines. All users have roaming profiles.

    The box running all this is old and slow and is being replaced. My plan is to replace it with a shiny new Mac Pro.

    Migrating email is simple, I will host a Mac version of Kerio and simply migrate the existing data, no issues there. I was planning to convert the SBS install into a VM which will run in either VMWare Fusion 3.1 or the latest Parallels. I'm now thinking I will simply create a new install of SBS 2003 and a new AD, but will probably keep the old user profiles.

    It seems to me I have the option of actually hosting the roaming profiles on the Mac server (Mac Pro will be running Lion Server), or I could simply make the VM bigger and keep the profiles hosted on its virtual internal drive. Currently SBS is installed on a partition of the internal hardware RAID (only 120GB total including all profiles and shared data).

    Obviously if I could, I'd ditch Windows altogether but I understand I cannot run Lion Server as PDC for Windows 7 clients and since all new client boxes will be in future be Win 7 clients, this is not an option.

    The main purpose virtualising the SBS is so I can take regular snapshots in case of a massive crash. The last time it failed catastrophically it took 3 days to rebuild. Using a VM and a good backup system means it will take only minutes. I'm thinking it would be nice to host the profiles natively on the Lion Server and simply use Time Machine to backup them up regularly. Does anyone see any major stumbling blocks with this part or indeed with the whole idea?

    I'm thinking the VM and its backup snapshots as well as the shared data and profiles will probably be stored on a mirrored (software) RAID using a pair of big SATA drives with maybe one more in slot 4 as a TM backup.

    Any and all opinions and advice is welcome.

    Thanks in advance.
     
  2. DustinT macrumors 68000

    DustinT

    Joined:
    Feb 26, 2011
    #2
    I was able to use the VMware convertor to virtualize an existing SBS 2003 machine. Plus VM provides this software in such a way that you can perform a trial migration at not cost and with no downtime. Its a much simpler solution and you can easily back it up. I'd try that before I did anything more complicated, personally.
     
  3. speacock macrumors member

    Joined:
    Jul 26, 2011
    Location:
    UK
    #3
    You're right that you can't run Lion (or any other version of Mac OS X for that matter) as a DC for Windows 7 systems. This is because OS X implements the old Lan Manager directory service that was used in Windows NT4 or earlier. Windows 7 systems cannot join these domains.

    As the other contributor mentioned, you could use a P2V tool to convert your existing physical server to a VM and save yourself the hassle of rebuilding and then rejoining all your workstations to a new domain (simply keeping the domain name the same won't work, the domains will have different SIDs). Alternatively, you could create a new server in a VM as another DC, then promote your new server and demote and remove your old one (be sure to do this properly, don't just junk the old server). That way you get a clean install on your new DC but get to keep all your user and computer accounts.

    Keeping your old user profiles is not terribly straightforward if you create a new domain, you'll need to migrate them using something like USMT.

    You can certainly host a Windows Server in a VM, but you may want to check which hypervisors are officially supported by MS, as far as I know, only VMware ESX and HyperV are supported (though I may be out of date on that one). or it may be that formal MS support isn't important to you, generally, this is important in large organisations because if things go wrong they don't want MS to turn round and refuse support because it's running on an unsupported platform. If this is important to you and if only ESX and HyperV are supported, then that pretty much rules out the MacPro.

    Snapshots are certainly an effective way to do backups, but don't forget that you still need to back-up the snapshot data. usually, the delays in recovering a system are in building the infrastructure, not restoring the data, so even if you're doing snapshots and your MacPro dies, you've still got to rebuild the host platform (or at least find an alternative one).

    Have you considered running 2 Windows DCs in separate VMs on separate systems in order to provide a level or resilience?

    I'm assume that the MacPro is coming into the organisation as a workstation and that your reason for wanting to put the server in a VM on a MacPro is because the MacPro will have excess capacity than can be used in this way? I'm guessing that you're not planning to buy the Macpro solely for this purpose?

    As far as hosting the user profiles on the VM or on the MacPro, given the size of data you mention, I don't think there would be any problem doing either, the only thing I wonder is whether the Windows systems will complain that the MacPro is running an old version of the filesharing service and cause problems (I'd want to test that out before I finalised my design). I'd be inclined to do it all through the Windows VM, partly for simplicity and partly because, despite running in a VM it will probably perform better.

    You mention that all the client systems are Windows systems and will in future move to Windows 7, so you may want to consider upgrading to Server 2008 while you making changes.

    Given this environment, would the MacPro be the only Apple system? if so, I wonder whether you'd be better off getting a slightly lower specified MacPro and using it just as a workstation and then buy a small tower server and put a bare metal hypervisor such as ESX or HyperV on it. Going this route would probably not cost a lot more and you'd get a server platform more suited to the role with things like hardware RAID, redundant power supplies, dual server-class NICs, SAS drives, etc.
     
  4. Waragainstsleep thread starter macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #4
    Yes, my concern was with if the Windows clients would complain about having their profiles served over Apples old version of Samba or stored on an HFS+ volume.

    The Mac Pro is not a workstation, its purely for use as a server. The domain in question is not large, only about 30 clients, the vast majority happily running XP with a couple running Vista and Win 7. Every now and then they add a laptop which of course ship these days with 7 installed.

    The idea is that we will be keeping a second spare Mac Pro offsite which can be transplanted in the event of any failure. Swap the four internal drives and off you go, nice and quick. We figured a whole redundant server would be better than just redundant PSUs.

    This system will boot from Drive 1, data stored on a software mirrored RAID between drive 2 and 3 and both the boot and RAID volumes backing up via Time Machine to a big disk in bay 4. There will also be an external off site backup.

    As mentioned, their total data is not massive, only 160GB including all user profiles and shared data. Much of this will be whatever crap they have installed/saved on their client boxes.

    The Mac OS boot drive will also be running email for the domain using Kerio Connect which is currently running on the SBS2003 server, they aren't using Exchange.

    The Mac Pro will be the base model quad core and is still massively overkill compared to their current system and their needs. I'm fairly sure the dual NICs in the Mac Pro are perfectly adequate/server class. Apple don't tend to use crappy quality parts for these Macs.

    We could go with ESXi but there are two reasons we chose the Mac Pro. Firstly we want to get some Apple kit into their network so they can see how compatible it is and that it is an option. Secondly, I'm confident that the best, most expensive ESXi box on the market is a distant second to the build quality of a Mac Pro. Anyone who has worked on desktop hardware will usually tell you the same. Apple really know how to put these things together. As a former AASP technician, I didn't see many Mac Pros come in during the 5 years I did the job. I think only one had something more serious than quickly swapping out a standard part (HDD, ODD, RAM or GPU - All parts not made by Apple).

    Thanks very much for the input. I wasn't aware it would be more complicated to migrate user profiles than drag & drop.
     
  5. speacock, Sep 6, 2011
    Last edited: Sep 6, 2011

    speacock macrumors member

    Joined:
    Jul 26, 2011
    Location:
    UK
    #5
    Hope you don't mind me adding a bit more to the debate, I'm not looking to criticise, just to raise some concerns. One thing I've not considered in any of the things I mention below is your Kerio messaging platform as I don't know it. it may well be that the benefits of running that on a Mac outweigh all the concerns I've raised.

    Yes, a warm swap server is always a good option, I'd just suggest that a server type system with hot-plug drives would be easier to do this with than a desktop system. (but not a lot easier), and with redundant hardware components you're less likely to have to do it in the first place.

    Yes, quad core Xeon as a fileserver and lightweight messaging server is overkill, and I think that's partly my point, it's a very expensive way of delivering a server platform.

    It wasn't the quality of the NIC I was questioning, merely that the ones built into servers or sold as upgrade components tend to be aimed at server platforms and do things such as link aggregation, processor off-load, etc. I'm sure the NIC in the MacPro is perfectly adequate, but a £20 embedded NIC in a workstation system is never going to compete with a £100 server job, that said, the amount of data you're talking about suggests that the performance side of things isn't going to be a major consideration.

    Completely understand that one, I'm just wondering if a MacPro as a server is the ideal way to achieve that goal, sorry if I'm overstepping what you asked for discussion on, but it seems to me that they get a good system being used to do things it's not really designed for. They pay quite a premium for something that could end up slower, less easy to manage and less resilient.

    I know many organisations who use Windows servers to host filesharing for Macs, but no organisations who use Macs to host filesharing for Windows (no doubt several people will come along and prove me wrong now) and I think there's a good reason for that - MS make an enterprise class server OS that runs on enterprise class server hardware.

    We'll have to agree to disagree on that one. I don't dispute that the build quality of a MacPro is very good compared to other desktops and workstations, but the build quality of the top-end HP servers or Cisco UCS blades for example is superb (I accept that you're not in the market for these kinds of systems and also accept that the price premium on these makes even Apple kit look cheap by comparison). My point was not so much build quality as the fact that a dedicated server system will have redundant NIC, redundant PSU, SAS disks, battery backed RAID controller, hot-swap disks, redundant fans and so on, all things aimed at making it suitable for purpose. It'll most likely have a crap graphics card and only 2 USB ports, but generally these are things you don't need. The MacPro on the other hand (even the one sold as a server), is designed primarily as a workstation and comes with a desktop graphics card, many USB ports, firewire, SATA disks and so-on, all things you don't really need.

    To be honest, it depends what you want to migrate and how you do it. If you just want to migrate user data that should be fine as long as you reset permissions. if you want to migrate roaming profiles and you don't keep your old domain, you'll need to use USMT or similar. if you want to migrate roaming profiles and you do keep your old domain then it's just a case of pointing the user's roaming profile to a new location.
     
  6. DustinT macrumors 68000

    DustinT

    Joined:
    Feb 26, 2011
    #6
    I couldn't have said any of this better.

    To the OP, if you really want a Mac Pro in the building you can do it, and you'll probably be fine as you discussed here. Its just a little unusual because the Mac Pro is a workstation. Granted, one of the best on the market, but still a workstation. A proper server is something that Apple doesn't make anymore since the X-Server was discontinued. You can certainly press a Mac Pro into service and it will be fine, just a little different. I suspect if an outside support person came into the site a year down the road the puzzled look would last on their face for quite a while, although the Mac Pro would most likely be working fine.
     
  7. Waragainstsleep thread starter macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #7
    Thanks guys this is all gold. It turns out I was forgetting another piece of third party software which is running on the current SBS and so I think I'm going to have to migrate the current install. It seems this is going to be the most painless method anyway.

    A few extra comments:

    I know the Mac Pro is no Xserve, but aside from the shape of it, the board and CPU are basically the same. They are good quality boards in my experience and everything is really well put together.
    The drives may not be hot swappable, but they are not exactly hard work to swap. We reboot the current server fairly often and they rarely notice.

    The box being replaced is an old HP Proliant tower. They don't have a rack we could put a 1U server in otherwise I might have considered something like that.

    A Mac Pro is certainly not the obvious choice to 'sneak' Apple into their system, but there is already a couple of iPhones floating about and they won't even consider replacing one of their workstations with a Mac. Not yet. Once they realise they can choose, I expect that to change.

    Thanks again for all the input and criticism is welcome. Better to have it at the planning stage than to run into unforeseen issues when its up and running. Keep the opinions coming if you've got them!
     
  8. speacock macrumors member

    Joined:
    Jul 26, 2011
    Location:
    UK
    #8
    Thanks for replying and thanks for taking it the way it was intended (I try to be fairly cautious as some people take offence).

    One final thought. If you're having to stick with a Windows Server, then you may want to consider virtualising it. Microsoft's HyperV bare metal hypervisor is now free, so you could install HyperV on your new server, build a new Windows DC (preferrably 2008 R2, but could remain on 2003) that is part of your existing domain in a VM, finally promote your new DC and demote and remove your old one. That way you'll keep your existing domain but running on a nice clean new virtual server with none of the clutter or pain of an in-place upgrade or physical migration. Your new virtual host will have plenty of spare capacity on which to run other VM instance and who knows, Apple may even open up the Mac OS X license to allow it to run in a VM on non-Apple hardware one day, so you could offer people Mac OS X VMs (I'll not hold my breath though).

    Of course you'd need to do some checking to ensure your applications would run in this environment, but it's a thought. In theory it should be possible to make a MacPro the HyperV server, but unfortuntely it's fairly specific about the box it runs on, there's plenty on the hardware compatibility list but Apple isn't among them. I sometimes wish Apple and MS would give up their fight and accept that there's room for them both in the world. It always used to be MS that perpetuated the enmity, but I think that's now switched and it's Apple that keeps it going, I guess it's maintained by whoever feels they have the upper hand at any given moment.

    Sorry if that suggestion has given you more research to do, feel free to ignore it. By the way, if you want to get hold of HyperV Server, you can download it from MS - http://www.microsoft.com/en-us/server-cloud/hyper-v-server/buy.aspx. You could try putting it on a MacPro, but you'll need a clean disk I would think as being a bare metal hypervisor it'll want to own all resources.
     
  9. Waragainstsleep thread starter macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #9
    I probably should have mentioned my timescales for this project.

    The new server is going in over this weekend!

    Mac Pro should be arriving with me any minute now. I'm going to virtualise the entire current SBS2003 server and move it onto the Mac Pro. I'm going to migrate the mails server from Windows to Mac OS which will take a lot of strain off the VM which will then be left as little more than a glorified file server.

    Thanks for all the advice though. I might yet move the user profiles onto the Mac OS Server. I haven't decided yet.


    Sadly, while Lion Client allows for virtualisation, use with terminal services or remote login is still prohibited by the EULA I believe.

    Thanks again!
     
  10. DustinT macrumors 68000

    DustinT

    Joined:
    Feb 26, 2011
    #10
    Well best wishes on your project. Post back here, even over the weekend, if you need anything. There's a few of us that will be around and we might even try to be helpful.
     
  11. Waragainstsleep thread starter macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #11
    I converted the existing physical SBS install into a VM and moved it over the the new Mac Pro but I get a black screen immediately from booting the VM.

    If I suspend the VM, it actually does show the ctrl-alt-delete to login screen but as soon as you resume it goes black again.

    Resizing the window doesn't work. I've been trying to tweak the config file with no joy. Can't install the VMTools either.

    I'm trying to clone it again and install the tools at the same time, though I thought I chose that option first time round.
     
  12. Waragainstsleep thread starter macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #12
    Scratch that, got it running now. Apparently VMWare Fusion 3.1.2 doesn't like 10.6.4.

    It seems to be working pretty well. I read during my research that there is a limit on the size of a VM. Given that the shared storage will for now be kept within the VM, does this mean I will be limited on how much of my 2TB RAID I can make available for users to store data on?
     
  13. speacock macrumors member

    Joined:
    Jul 26, 2011
    Location:
    UK
    #13
    Hope it's going well, I'm glad you resolved that first issue.

    I can't remember what the size limit for a virtual disk is under Fusion, but I believe it's fair size and I'm sure you could aggregate several VMDKs together as a volume stripe in Windows to overcome any limit. Other alternatives you might consider:

    1. Allow the VM to mount a raw disk partition (not sure how this works on Fusion but definitely possible under VMware WS7 and ESX).

    2. Mount the storage over iSCSI

    3. (Not sure this is possible and it'll be a bit slow if it is). Mount the volume as a host shared folder and then re-share it under Windows.
     
  14. Waragainstsleep thread starter macrumors regular

    Joined:
    Oct 15, 2003
    Location:
    UK
    #14
    I like idea number 3. That sounds nice and simple. Thanks.

    I hadn't used iSCSI until recently. I sold a customer an iSCSI based Promise Vtrak RAID unit. I have to say I was very impressed. Its not as fast as fibre channel but that would have added another £1000 to the cost. Its also more versatile. I could replace their Intel Xserve with a Mac Mini and still hook up the iSCSI RAID. If I wanted to.

    I've been looking into it for a Netgear ReadyNAS box but apparently the CPU overhead would be quite high on that. Not an issue when you have a Mac Pro.
     
  15. doug1tx macrumors newbie

    Joined:
    Feb 18, 2004
    #15
    Follow Up

    Hi Waragainstsleep,

    I just found your thread this morning while searching for info on doing the same thing. I'm curious how things have gone now that you're over a week in to using the newly converted VM.

    The only concern I have (which is different than your implementation) is that the customer is using Exchange on the SBS. I have other customers using Kerio and I would likely feel more confident in migrating if that were the case. I'm concerned that because parts of Exchange are running in memory that it might not convert well. I would likely stop all Exchange services prior to the migration.

    Thoughts? Concerns?

    Thanks in advance,
    Doug
     
  16. DustinT macrumors 68000

    DustinT

    Joined:
    Feb 26, 2011
    #16
    I ran SBS 2003 in a VMware Server on a Windows 7 Ultimate as a the host OS for about a week during a completely failed migration. Exchange worked fine and I didn't have to do anything other than run the VMware convertor.
     

Share This Page