Question

Nutanix (Prism & AFS) migrate to different Domain

  • 25 February 2020
  • 4 replies
  • 1768 views

Dear SME’s,

How do i migrate my Nutanix AHV cluster to a different domain? Here is the core future’s i am having now, it should be migrated.

  1. Prism Element 
  2. Acropolis File Server (We have enabled AFS replica between Primary and Secondar site)
  3. Async Protection Domain from Primary to Secondary ( For VM’s and AFS)

Can you please someone help me to provide the best practice of doing these changes without or less production outage? Advance thanks.

Thanks

Thiruppathiraj

 


This topic has been closed for comments

4 replies

Userlevel 3
Badge +4

Hello @Thiruppathiraj 
For the Files server, steps to leave a domain and join a domain are covered in the Nutanix Files Guide
For AOS, you can add the new domain in the authentication configuration and then remove the old once authentication with the new domain is working. The local ‘admin’ user will not be affected as this uses local authentication only. See the Prism Web Console Guide - Authentication Configuration section for more detail. 

If you need to update DNS and domain search settings for AHV virtual networks with IP address management, see the Network Management section. 

For updating DNS or SMTP settings see the System Management section.

For Async-DR there should not be any distinct modification needed. Network mappings should not need to change though the networks themselves may get updated with domain settings. The transmission is not by FQDN but just uses the IP addresses, so no modification is needed there either. 

For AHV hosts themselves I do not think any update is required. AD authentication directly to AHV hosts should not be needed, and is not supported, since normal management of AHV hosts is through the CVM, with just a few management tasks performed only by the root user on the AHV host.

If you are needing to change the IP addresses this will incur downtime for the cluster. IP address changes on an AOS cluster require a specific procedure and cannot be done while the cluster is up and serving data for VMs. 

If you have further questions let me know. 

Hello Jeremy, 

Thanks for the email with detailed information. To regards AFS domain rejoin. Domain A is old and domain B is new one. If I added new domain users to share permissions once I removed the old domain A from AFS, Does my domain B users permission will remain same? The reason why I'm asking this I have more than 10tb of AFS data, if I want to assign new domain B user permissions it may takes days complete.

 

Thanks 

Thiruppathiraj 

 

Userlevel 4
Badge +5

Hello @ThiruppathirajP 

Could you provide more information as to how the domains are related? 
Do they have a trust relationship between them with inheritance properties or completely different entities? 

Hello,

Yes, we have oneway trust enabled between Domain A to Domain B.  

Thanks

Thiruppathiraj