Oops did I forget something…. Yes the Active Directory
This post was originally supposed about High Availability, but when researching Windows Clustering I realised a glaring error.
At no point had I considered the Active Directory (AD), which is a bit of a problem when running an SAP environment in Windows using shared directories and resources.
So realising the glaring omission, I starting searching furiously for a way to run an AD in the Cloud.
As my research continued I found the following potential issues to be resolved.
1. DNS operation with dynamic IP addresses
2. Active Directory information and file system persistence
3. IP addressing within the Internal infrastructure
4. A lack of experience with Active Driectory in general (the last Windows system I administered was a Windows 2000 Domain)
So I gathered up all my research, to find that everyone had pieces of the puzzle but no-one had a complete answer.
In fact to be honest I am still missing a complete answer to the AD and file system persistence of the AD data to allow me to shutdown and restart the AD controller.
Getting AD into the Cloud
So here’s how I managed to get AD working in the Cloud.
1. Find a small Windows 2003 AMI – unfortunately it is only 32bit but as I’ll have to leave it running 24X7 I needed something cheap.
For this I am using AMI – ami-c4517ab0 – but I might change this as I am considering writing some VB control scripts which would benefit from a SQL Server express DB
2. Bring up the instance with a 10GB volume for the AD control filesystem
At this point the image will be running as a server and we can connect to it.
3. Set the dynamic IP addressing as manual
4. On all servers in the landscape set up the AD server as the Primary DNS and a public DNS server as secondary
As can be seen in the screen above
5. Reset the Amazon config settings as normal
6. Change the system name to something meaningful
7. Do not use an ElasticIP
This will expose your DC to the world, this is highly inadvisable no matter how strong your passwords and firewall rules are.
8. Make your Windows 2003 files available
You will need these in order to allow Windows to install the AD. Personally I did not want to upload the whole DVD – so I just uploaded the individual files the installer asked me for.
9. wdnsperf.dll file – KB951746
This file is not part of the Windows 2003 DVD that I had, so I did a quick search on technet, this file is part of the Security update on KB951746. Download the file and extract onto the file system.
10. Run command dcpromo and follow the prompts
11. Set the persistent file system to the 10Gb drive – although I have not found a way at present to get the AD controller to act in the same fashion as the SAP servers, ie being able to shut them down and re-instanciate them.
But the forums do suggest that it is possible, so when I do find out how to do it, hopefully I will have less fiddling to do as my files will already be persistent on the EBS volumes.
12. Set the process to install DNS and continue to follow the prompts
13. Reboot to activate the AD and DNS services
14. Once these steps are complete we now have an AD controller that works and as you can see below, one that will accept other servers into the domain.
Now we can tackle HA in the Windows environment 🙂