Microsoft's current standard config for Domain Controllers is DL585's
with 8-10 spindles. 6 spindles are for the DIT, they are in a hardware
based 0+1 RAID configuration. If the machine has 6 spindles then OS/Logs
go on a hardware mirror, if 10 then they go on a 4 disk hardware based
0+1 RAID.
The number of spindles isn't for amount of disk, it is for IOPS
capability. A DC in a large environment with Exchange can take a lot of
pounding and you want as much spare IOPS as possible to keep up with it.
Their DIT is only in the teens in size so the disks themselves could be
small, you just need many to get the high IOPS (read OPS really) that
make AD really run smoothly. x64 does help out but that is primarily
with LDAP only functions. Authentication is not helped out nearly so
much and disk is still a bottle neck there, this is pretty clearly
visible in the x64 whitepaper MSFT has put out.
The only official recommendation I have seen from MSFT on RAID configs
is in the deployment guide but that is for smaller environment. That
document talks about 3 RAID sets, usually 3 mirrors (OS/Logs/DIT),
however they mention that the DIT set could be a 0+1/1+0. I think that
is 2 RAID sets too many for any deployment unless the DC is something
other than just a DC.
Personally, most folks with larger environments seem to deploy DCs that
you can get only 6-8 disks into and for those occasions I tend to
recommend a single RAID 0+1/10/5. The perf difference between 0+1/10 and
5 is usually 10% or less. If you absolutely want the fastest RAID, go
with 0+1/10 over the 5. At least that is all of the IO metric testing I
have seen recently. Go back 4-6 years and I actually recall seeing the
Dell PERC card's RAID 5 beating out its RAID 10 config by about 5%.
Probably just poorly written firmware for RAID 10 I would guess.
30 DCs with 2500 users total, unless the environment had a lot of very
heavy use AD apps I would likely be ok for even a single mirror for
those DCs. I would load that many users on a single DC in a heartbeat
though I would never use just a single DC.
Yep, I also don't care to split out OS/Logs/DIT. On a normal busy DC
that is simply a DC, the OS and Logs are but a rounding error in IOPS
next to the DIT. That means you are wasting IOPS on the OS/Logs sets
that the DIT could make good use of. The page file is also something I
am not terribly worried about on a DC because most of the memory should
be used for caching the DIT, that is never cached out, if memory
pressure is too great, the cache will trim to allow other things into
memory. Very little to nothing else really should be running on DCs so
you don't have other worries about paging.
The one time I have seen a need for a separate Logs drive was for a test
done in the Microsoft Enterprise Computing Center where one of my
friends built a 2TB DIT for ADAM in a month. He was adding tons of new
objects and of course the Logs were seeing tremendous amounts of IO for
that. Very much a corner case with AD as AD is very much read oriented.
If you like running all sorts of stuff (crap) on a DC, then there is no
generic formula, you get to sit in a lab and work out the perf on what
is best for you and how your DCs are being used. The main thing to keep
in mind is that everything you add to a DC is adding additional surface
area and attack vectors on the machine that is the core of your
Microsoft security infrastructure.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm