Keep your domain controllers separated!

Hi there,

I mention in my vSphere Best Practices that you should have an anti – affinity rule to keep your domain controllers on different hosts.  That way if there is a host outage, the odds of losing both or more, of your domain controllers is reduced.  This info could be used for other kinds of servers too.

So lets enable this!

This is a cluster setting so we want to select the cluster, then be on the Manage tab, and select the Settings sub-tab, for our cluster.


Note how we have select VMHost Rules? We want to use the Add button.


We have a wizard.  You need to name your rule, and select which type.  We are doing an anti – affinity rule to keep our DC’s on different hosts so Separate Virtual Machines is what we want.  We can now use the Add button to add virtual machines to this rule.


I have two DC’s one called logan and one called logan2.  Original I know – but it works for me. You can use the Selected Objects tab to confirm what you have selected.  But use the OK button when you are done.


We can see our rule now and confirm it is what we want.  And as seen above it is. Select OK.


We can see a little more of our rule now.  Notice at the bottom of the screen we have Ignore rules for both VM anti-affinity rules and for VM to Host affinity rules?  This is important as in an HA event we want things working so everything is started and these settings support that, but after things are restarted the rules will be enforced again. You can change the ignore to should or must which will definitely change the behavior of the rules.

So now we have our two DC’s always working on different hosts.  Mission accomplished.

BTW, if you have a database and web server that work closely together you could use a rule to keep them together.  If they are on the same host the networking is faster then traditional networking!  So above where we select keep separated you would select keep together and everything else is the same.


=== END ===

4 thoughts on “Keep your domain controllers separated!

  1. what happens in an event when nearly all hosts break and only 1 is left? will it ignore the affinity rule and run both DCs on same host?

  2. my cluster has got two hosts only with HA enabled.
    what happens while maintenance of one host e.g. esxi update? should I change the HA rule settings? default is ignore rules after added new rule for my two DC’s.

    1. There is the ability to have a should rule, and a must rule. A must rule would be a problem for you in that circumstance. A should rule – which is what i use – will work for you and deal with that maintenance mode you mention.


Leave a Reply