http://blogs.technet.com/b/trustworthycomputing/archive/2013/01/03/designing-reliable-and-secure-cloud-solutions.aspx

at a basic level there are three main causes of cloud services failure:

1. Device and infrastructure failures
2. Software vulnerabilities
3. Human errors
If we anticipate these failures will invariably happen – that indeed they are a constant threat – we need to design cloud services so that when something does go wrong, the impact to customers is avoided or minimized.

Note it doesn’t say, this won’t happen or this or that component won’t break or process will be perfect and no one will make a mistake or anything like that… Instead… anticipate that the failures WILL INVARIABLY happen.

Plan accordingly. Just like you do for everything in IT.

   joe

FTR: I don’t hate virtual machines, I hate the incompetence that surrounds them.

— joe (@joewaredotnet) March 13, 2013

I wanted to share an analogy I wrote that was part of a response to a document effectively describing the cloning of a production AD environment that would live on the same physical network without a firewall.

Visualize you have a locked and secured gun cabinet with loaded shotguns with hair triggers. But instead of a cabinet you really have a corner of the room with some masking tape drawing lines on the floor around the guns of where the cabinet would be if it actually existed. Visualize your cute but perhaps mentally challenged 5 year old quadruplets playing in that room. Can you visualize anything bad happening as a result of having the tape on the floor instead of the actual cabinet even after you have explained in detail to the 5 year olds that the tape means stay away? A firewall can’t even be considered a cabinet; it is a 3 foot baby gate that can be bypassed by the 5 year olds given enough unattended time. A cabinet would be disconnected networks.

I was in a discussion and someone said to me that greater than 60% of Enterprise class Microsoft customers are already virtualizing writeable Domain Controllers in their production corporate environments.  !!!B??u?!l!l!?s??h!!i!??t?!!!

I started chuckling when I heard this. I don’t believe even for a second that the numbers are ANYWHERE near that level of penetration. Certainly there is a lot of chatter in this space but my personal experience is that the numbers are down in the single digit penetration of companies using writeable virtual domain controllers in Enterprise class corporate environments where AD failure could impact thousands, tens of thousands, or hundreds of thousands of people. People are concerned and despite Windows Server 2012 there are reasons behind it. Certainly it can be done, I have seen it done magnificently with no loss of redundancy by using a single external disk storage system or other single points of failure. I have also seen it done completely half ass and know of a production environment that completely blew up and had to be rebuilt from scratch, not from backup, but from scratch. If you are lacking complete of solid process in one area, chances are that isn’t the only area…

So I guess you could play around with the definition of Enterprise class and different people considering different size environments as "Enterprise Class". I think the smaller the environment, the more likely people may be likely to take the risk but also have the tight operational control they need to successfully virtualize DCs.

Now lab environments… I see virtual lab environments all the time. Bravo, I would rather see a virtual lab environment than NO lab environment and really I am quite ok with lab environments being virtual assuming they are true no-SLA no-SLO no-production-expectations-of-any-sort sandbox environments.  Environments that if they went a bit wonky on you you could fairly painlessly or better, absolutely painlessly blow them away and start over. If you have an SLA/SLO or an expectation of it being available and expect people to be running to put it back together if it blows… That isn’t a lab environment, that is another production environment.

I have been running virtual DCs in a lab / sandbox manner since the first beta I received of Windows 2000 and loaded it in a guest on an NT4 box running a beta or POC of the first VMware Workstation product. And yes, I have seen issues when I have made a mistake or the backend storage wasn’t as solid as it needed to be or took a power hit at just the wrong time, etc. But again, it is a lab environment, when it screws up, I delete it or sometimes see just how bad things can get in AD before I start to cry or get a headache. I have one lab AD that won’t allow me to promote another DC no matter what. I have it off to the side because I want to troubleshoot it until I figure out why. Everyday I think I am more likely to see that somewhere else out in the real world. (This isn’t a request for someone to help me sort it out, I will get to it when I get to it)

Anyway, I am guessing based on what I have seen out in the world, this other person is, IMO, wildly guessing based on what they have seen out in the world. I figured I would give the joeware followers a chance to respond as I think they will comprise a good number of the big Enterprise class companies (and militaries and governments) out there and I truly am curious. The poll, if I set it up correctly, will run until March 31 and results should be out first week of April. Please please respond and get your friends in other companies to respond too. I would really like to see where we truly are at.

If you like, you can always email me as well. If you don’t virtualize DCs, are you being pressured to do so? Do you have written policy against it? If you do virtualize DCs, I would like to hear those stories as well. How big? How many issues? How is the redundancy handled? Internal pass-thru disks on the physical host per MSFTs recommendations or external or ????

      joe

POLLS START HERE

THANKYOU!!!

Semi-imaginary conversation…

Techie1: Here is our private cloud solution, it costs X.

Techie2 (speaking for customer): Ummm, they were thinking more of a budget "just-like-a-private-cloud" solution I guess.

Techie1: Ah, so they really want the fake movie fog, not a Private Cloud.

Techie1: On the outside it looks like a real private cloud solution but you save money. It should work great until something breaks and all of the redundancy and "costly" stuff that they don’t want to pay for is missed.