0

I have a main DC on Microsoft Azure VM and an on-premise DC. Both domain networks are connected with site-to-site VPN.

The purpose of setting up the DC on cloud was to get rid of the old on-premise servers. If the site-to-site VPN is disconnected, there will be login authentication issue. I ended up keeping the old servers up and running.

The on-premise DC stopped working yesterday due to hardware issue. I don't plan to replace the hardware because it is really old already.

Microsoft Azure guarantees at least 99.9% uptime and office Internet has been stable, I am thinking not to replace the old DC. Is it really necessary to have an on-premise DC ?

CK Tan
  • 171
  • 1
  • 1
  • 13
  • This sentence made no sense to me: "I don't plan to replace the hardware because it is really old already." – kasperd Sep 02 '18 at 07:43

2 Answers2

4

It depends.

As you already know, if the site-to-site VPN drops your office computers will not be able to reach your domain controller: that will mean not only authentication issues, but that almost nothing will work correctly (think DNS, group policies, file/print sharing, etc.). A local domain controller would be a good thing to have, even if your VPN connection is quite stable (also, having your clients connect to a DC on Azure will have a lot more latency than contacting a local one).

Besides, you should always have at least two domain controllers: if your only domain controller breaks, you'll lose everything in your Active Directory. At the very least, if you really don't want to implement a local DC, create another one in Azure.

Never, ever have a single DC.

Massimo
  • 70,200
  • 57
  • 200
  • 323
0

Azure only allow for single VM SLA if you are using premium storage for disks. You need to keep that in mind. As for your question - it is really opinion\policy based. If you company is fine with that level of SLA - you can go for that approach.

4c74356b41
  • 628
  • 5
  • 10