2

Sysadmins have known for a long time that snapshots, or as they are now called, "Checkpoints" are excellent for dev / testing, but not suitable for use in production as they require a chain of VHDX files, making the server slower and more susceptible to corruption. And probably for other reasons.

But I'd like to know whether it's sensible to set up some VMs (running 2016 Server) in a lab environment, install AD and some other services, take a checkpoint of all at the same time, then when I'm happy with the configuration roll these out into production by deleting previous checkpoints which should merge the VHDX files.

I want to know if doing this will effectively remove all the possible performance issues that would otherwise exist with a machine that has checkpoints.

I've found no articles online that discuss this question.

This is for a school that has just moved classrooms to a new building on a new site (for emergency reasons), and we have the summer holiday to migrate their domain to a new one which I'm setting up from scratch, so I want to spend some time getting the configuration just perfect before pushing it to production. They've had enough upheaval already without a crappy implementation of a new AD domain!

NOTES

  • I'm aware of Server 2016's new "Production" checkpoint, which uses VSS and allows for an application consistent checkpoint. To be honest, I don't fully understand what this means, but I gather it even makes it viable to roll back SQL or Exchange servers.

  • I'm also aware Microsoft have advised never to use checkpoints in production with Active Directory domain controllers, although every bone in my body is sceptical of this advice. In 2007, I ran an Exchange server for 150 users on a VMWare virtual machine against all best practices advice, and because the hardware was up to it, it ran like a dream for years.

hazymat
  • 390
  • 1
  • 7
  • 16

1 Answers1

3

As I understand it you want to build a dev / test environment and crate Checkpoints so that you can roll back changes until you get your environment just the way you want it. if that is the case advice would be

  1. If you revert / delete the CheckPoints then revert / delete all the checkpoints at the same time. This will avoid anytime stamp / replication related issues
  2. Before going into production delete the checkpoints. Checkpoints are used in production all the time and Microsoft does support them, as long as they are not used as replacement for Backups and as long as they are deleted once they have served their purpose. Checkpoints should be used as below:

Take your Checkpoints

install your new services / patches

Perform your testing

if test are successful then delete the Checkpoints

if tests are unsuccessful then revert the checkpoints

As you said there are performance hits and the problems come when people leave checkpoint in place instead of deleting them after all of their tests

It is also worth pointing out that Microsoft do indeed support checkpoints of Active Directory Domain Controllers as long as:

The Hyper-V host is Server 2012 or higher (or the supported versions of EXSI) The PDC emulator is on a DC that is 2012 or Higher The DC you are Checkpointing is Server 2012 or higher.

Microsoft do not support Checkpoints on server 2008 R2 or lower,

More info here: https://technet.microsoft.com/en-us/library/dn818483(v=ws.11).aspx

and here

http://www.ms4u.info/2013/11/checkpoint-support-on-active-directory.html

Hope this helps,

Mike Brown

Michael Brown
  • 3,204
  • 2
  • 9
  • 10