Hi,
I'm attempting to determine the implications of testing DR scenarios for member server systems.
Unchangeable facts in my environment:
A) Asynchronous storage replication used between active and passive site (this implies same Domain SID resides on a duplicate server - one in each site.. identical)
B) Same AD forest/domain accessible at both active and passive sites, and NOT part of the storage replication (would already exist in case of DR scenario)
C) Different IPs / subnets for active and passive sites, accessible to workstations in both sites (DNS used to direct users to proper site)
D) A DR test or actual DR event could either be initiated per application, or the entire site
In the case of a DR test, the passive site servers will remain on while the active is still running... users won't be pointed at the passive side during the test, of course - but would in the case of a real DR event. Obviously, everything about the computer will be identical except for the IP address (changed upon boot up with a script, for example).
Concerns:
1. Duplicate Machine SIDs may not be a strict issue for testing (it's only online for a short period of time), but there will actually be duplicate Domain SIDs since it's cloned after the domain join. Is the only negative implication of this (in a temporary scenario) security-related? If so, that may not be an issue since the active and passive servers should have the same permissions. If it's an actual DR scenario, there would be no difference from test other than there would be only one server accessing the domain and other applications at a time (like Active side, except from a different IP).
2. Duplicate machine names in AD (need to change at same time as IP?.. can't affect the running Active instance) What if there are temporary duplicates?
3. Passive and Active servers registering with DNS differently, overriding each other (block with firewall?)
4. Activation of passive servers since it will be a new hardware (not an issue since it's temporary, and can manually re-register with KMS in actual DR event?)
Anything I'm missing here? How do others handle this scenario? Anything to add to startup scripts for the passive servers as they spin up? I've got to believe it's relatively common.
(Sorry if this doesn't precisely fit in the AD forum.. it's a mix of many)
