What is a recommended Windows Server infrastructure for my situation?

Question

I am an ASP.NET web developer and small business owner. I maintain a network as a hobby, and to keep myself sharp on server technology, as I interact with them all the time as a part of my job. I also like the flexibility of running my own Exchange server. I have an MSDN Subscription, so that is the source of my licenses.

Currently I have 3 physical server computers.

One is a Windows Server 2k3 ISA Server 2006 box. It does all my firewalling / routing.

The other two physical servers are virtual machine hosts. I am in the process of switching over to Hyper-V from VMWare Server 2.0. I am rebuilding all my servers from scratch in the Hyper-V environment, and I would like to take this opportunity to fix some of the flaws in my infrastructure. The rest of the servers I will be describing are virtual machines. This is my current setup:

1. Windows 2k3 Standard Exchange 2003 Server and Domain Controller (same VM). Does my DHCP and DNS. Also runs RADIUS server. I use the RADIUS to authenticate VPN users. Takes up to an hour to reboot!
2. Windows 2k3 Standard alternate Domain Controller that is also my Certificate Authority. Does DNS.
3. Windows 2k3 Standard Web / SQL Server 2005.
4. Windows 2k8 Standard Web / SQL Server 2008. I prefer to use this one to host the majority of my apps because I like IIS 7, but I have server #3 to act as a staging environment for clients who have only IIS 6 and/or SQL Server 2005.

I have learned that it is generally not recommended to have Exchange on a Domain Controller. There are weird dependency issues and I have to run a batch file to shut down exchange server services before rebooting, or the reboot will take up to an hour!

My Virtual Machine hosts are each dual core 3GHz, with 16 gigs of ram and 300 GB of RAID 1 storage. I've very happy with the hardware. This network is mostly a hobby, but supports a small number of clients who occasionally come in to check on the web apps I am building for them.

Where I am looking for help is in the number of VMs I should have, and the roles each one should play.

I am thinking this (All VMs are 64-bit unless otherwise specified):

1. Windows 2k8R2 Enterprise Primary Active Directory Server. Does DHCP, DNS, and RADIUS. Is 768 MB of RAM enough?
2. Windows 2k8R2 Enterprise Backup Active Directory Server. Also does DHCP, DNS, and RADIUS. I would like this to always be running, and handle DHCP, DNS, etc, if Server #1 is down.
3. Windows 2k8R2 Enterprise Exchange 2k7 server. I figure it should be all by itself and not play any other roles.
4. Windows 2k8R2 Enterprise Web / SQL Server 2008 (just like before but updated OS).
5. Windows 2k3 Standard Web / SQL Server 2005 / 32-bit (just like before).
6. Certificate Authority. Which server should do this? Should it be its own server?
7. (and beyond) Are there any popular services that I have not mentioned?

Each Host would run 3-5 VMs, and I would make sure that 1) and 2) were not on the same host, in case that whole host goes down due to hardware failure.

Does this configuration cover all the bases? Have I distributed the roles appropriately? For example, is it a bad idea to have DHCP and DNS on the same box?

I realize a lot of this hinges on what I plan to use my servers for. I basically want to run a simple windows environment with all the most popular services, so I can have practice using them all. I think lots of people will consider my setup overkill. But I enjoy maintaining the environment as a hobby, and it gives me a lot of exposure to windows infrastructure that I would not otherwise have. This knowledge comes in handy when I deploy my apps at client sites.

I am happy to supply additional information. Thanks!

Answer 1

You're correct in wanting to separate Domain Controllers from anything else, this is a best practice for security; also, as you already discovered, Exchange doesn't play so well when running on a DC.

A DC can safely run DNS (this is indeed recommended) and DHCP; I'd of course suggest splitting the two VMs on different physical hosts, in order to achieve as much availability as possible.

You shouldn't need to run the Enterprise edition of Windows Server 2008 R2, as you're not doing any failover clustering and x64 editions aren't limited in usable RAM as x86 editions used to be; I know you have "free" licenses, but it's better to use the Windows edition most suited to your environment, not the most powerful one available.

About virtualization: if your hosts are only going to run VMs (and they really should), I'd suggest running a "pure" hypervisor product, instead of a full-blown O.S.; so your best choice would be Hyper-V Server if you want to go with Microsoft, or VMWare ESXi (the free edition) if you want to stay with VMWare; I don't know if you have any experience with ESX/ESXi, but I can assure you it's a completely different thing from Workstation/Server; I personally think it's a lot better than Hyper-V, but this is a mostly a personal issue. Anyway, I'd avoid running a full Windows Server 2008 R2 with the Hyper-V role enabled.

About the Certification Authority: this really should run on its own (virtual) server, which shouldn't do anything else. Since you're going virtual, this should be no particular issue, and it will save you some headaches.

Answer 2

That setup sounds about right. The CA can just go on a domain controller. You are correct in saying that the exchange server should go by itself for easy of administration. The only products that your missing are CRM,sharepoint and OCS.