How do others make AD available in Test Failover?

[Matt M]

Needing to bring Active Directory into our Test Failover network and looking for some options.  Can anyone share what they have done to accomplish this?  I’ve read one solution that simply replicates an AD server to the DR site that is then ONLY used for testing.  Then it’s brought up in the test failover network with the other servers when needed.  Has anyone tried this or are there other options available?

Thank!

[Matthew C]

Matt – how I do this is I clone one of my DC’s at my target site, into the Zerto isolated test network. That way I can bring up AD and when I do a failover test, all the servers can properly authenticate. Once I end my testing, I just delete the cloned DC VM. Works really well and is a very quick process.

[Christopher W]

Hi Matt,

Chris from Zerto Support here. 

These knowledgebase articles outline recommended best practices concerning replicating AD domain controllers:

https://www.zerto.com/myzerto/knowledge-base/best-practices-for-active-directory-domain-controller-availability/

https://www.zerto.com/myzerto/knowledge-base/replication-of-a-domain-controller-using-zerto/

Please let us know if you have any additional questions.
Regards,

Chris

[Matt M]

Thanks, Chris.  Yeah, I saw that article earlier.  It makes it pretty clear that you should not replicate a domain controller with Zerto.  We do have a domain controller at our DR site that is actively replicating (via native MS AD replication) with production.  My question is how do I use that to authenticate in my isolated Test Failover network?  The domain controller operates outside of that bubble.

[Christopher W]

Hi Matt,

Given it’s on a separate network, you can’t authenticate to it unless you were to set up something like inter-VLAN routing to enable communication between the two networks:

https://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html

Thanks,

Chris

[Matt M]

Yes, this is true.  But then wouldn’t there be an issue with my production AD seeing not only my production file server but also the replicated file server that has been spun up in the test network?