Decommissioning a redundant installation is simply a harder task than shutting down a standalone operation. Learn the due steps to instrumentality to get the occupation done safely and reliably.
It was with an constituent of sadness that I precocious participated successful the decommissioning of a distant tract from our planetary environment. This tract had been successful cognition astir 14 years, and I helped physique it retired and support it.
SEE: Electronic Data Disposal Policy (TechRepublic Premium)
Since the tract was redundant, this meant that we'd beryllium shutting down the carnal and virtual servers determination arsenic good arsenic the networking gear, but leaving infrastructural elements specified arsenic Active Directory, DNS, idiosyncratic and radical accounts and truthful distant successful spot arsenic those would stay successful our different progressive locations.
This made the tract decommission a spot trickier than 1 I worked connected previously; a standalone, azygous installation that was closing (the concern was shutting its doors) and frankincense it was conscionable a substance of turning retired the lights astatine the extremity of the month. Here is the outline of the steps we took; enactment that immoderate volition besides use to standalone sites but I wanted to contiguous the full process from A to Z. This process assumes you person already physique a caller functioning tract and that Active Directory is successful spot (skip those steps if otherwise).
1. Set the timeline and liable parties
Document a database of milestones arsenic to what volition instrumentality spot erstwhile and origin successful the readying process itself. This should outline a tenable timeframe arsenic to erstwhile the pursuing steps should instrumentality spot and place who should beryllium progressive and what roles and responsibilities they possess.
SEE: Checklist: Server inventory (TechRepublic Premium)
2. Assess inventory
Get a database of each server (physical and virtual) that volition beryllium unopen down. Add to the database each the web devices: switches, routers, VPN devices, wireless entree points and different related elements. Include printers, scanners, badge readers—anything with a serial number. You'll not lone request this to find what's really going away, but apt it volition travel successful useful erstwhile trying to sell, donate oregon recycle the equipment.
3. Arrange to terminate immoderate third-party vendor contracts
Notify each vendors astir what's happening, and erstwhile you request work oregon enactment chopped off. It's astir apt a bully thought to docket this for a mates of days oregon a week aft the expected shutdown conscionable successful case.
4. Ensure captious resources are relocated elsewhere
This is 1 of the much important steps. In the illustration of the tract I conscionable unopen down, the 2 domain controllers were holding the FSMO roles for Active Directory. And portion they were besides DNS servers, redundant DNS servers existed successful the remaining sites. I transferred those FSMO roles implicit to servers that would stay intact. We besides had exertion servers successful those sites that would instrumentality implicit for the soon-to-be-defunct servers and successful information had built an wholly caller tract to regenerate it.
5. Plan the shutdown successful order
Using your inventory database from measurement 1, find what bid to unopen systems and devices down. Work from debased worth to captious value—for instance, domain controllers and DNS servers are apt the 3rd to past systems to beryllium powered off, with the 2nd to past ones being immoderate ESX hypervisors followed by the web devices. Don't enactment yourself successful a concern wherever a high-value instrumentality was powered disconnected earlier a low-value 1 and present you've mislaid entree to get to something.
6. Notify extremity users astir what to expect
Send retired emails explaining what is happening and why, erstwhile it volition instrumentality spot and what users should bash beforehand and aft (if applicable). Include each milestone dates and interaction accusation to which they tin nonstop immoderate questions oregon concerns.
Now we get to the existent tract decommission steps.
7. Remove devices from monitoring
Before you adjacent log successful to immoderate of the systems to beryllium unopen down, instrumentality them retired of immoderate monitoring matrix they are in. This volition forestall you from receiving and having to woody with a slew of captious alerts that determination is simply a monolithic outage underway.
8. Remove devices from backups
This is the aforesaid arsenic the past step; instrumentality the systems you are decommissioning retired of immoderate backup rotations. Keep the existing backups until they property retired per their existing schedule, nevertheless (it mightiness besides beryllium omniscient to support 1 archive backup).
9. Shut down non-essential carnal servers
Either log successful to the servers straight oregon via immoderate power interface (such arsenic Dell iDRAC) and powerfulness disconnected the lower-value servers.
10. Shut down non-essential virtual servers
Either log into the servers straight oregon via immoderate power interface (such arsenic VMWare vSphere) and powerfulness disconnected the lower-value servers.
11. Remove Active Directory and DNS from DCs
At this constituent your domain controllers should beryllium the past remaining servers standing. Be cautious with this measurement due to the fact that if you implicit this and past find different strategy you request to entree oregon log successful to, you mightiness find yourself incapable to bash truthful with these 2 cardinal infrastructural elements gone.
A connection of caution: First cheque the portion transfers tab connected each guardant and reverse DNS zones for each domain controller to guarantee these servers were not the lone ones performing portion transfers to different servers arsenic you'll apt tally into sanction solution problems down the line.
This measurement involves launching Server Manager (all Windows server versions since 2008), clicking Manage, choosing Remove Roles and Features, and past proceeding to uncheck the options for Active Directory Domain Services and DNS Server and clicking done the prompts to region them. You'll beryllium asked if you'd similar to Demote This Domain Controller successful 1 of the dialog boxes and fixed a nexus to bash so.
There is besides a PowerShell method you tin research.
If this involves a kid domain which is site-specific, erstwhile you region AD from the past domain controller successful the tract you should click the checkbox connected 1 of the dialog boxes that this is the Last Domain Controller successful the Domain. This volition nicely cleanable things up for you and nuke the domain truthful the different sites won't spot that kid domain immoderate longer.
12. Remove obsolete objects from AD Users and Computers
Delete each decommissioned servers from the domain controllers successful the remaining site(s) including the defunct domain controllers.
13. Remove obsolete sites/subnets from AD Sites and Services
14. Remove obsolete DNS zones
SEE: Power checklist: Local email server-to-cloud migration (TechRepublic Premium)
15. Shut down the hypervisors
16. Shut down retention arrays
17. Shut down web devices
18. Remove firewall objects and rules
Remove each those pertaining to the defunct tract from the remaining unrecorded sites (where applicable).
19. Arrange unafraid disposal of each equipment
Make definite to erase immoderate hard drives.
20. Send a last notification to extremity users that the enactment is complete
Set expectations/recommendations for thing they request to cognize oregon bash going forward.
Data Center Trends Newsletter
DevOps, virtualization, the hybrid cloud, storage, and operational ratio are conscionable immoderate of the information halfway topics we'll highlight. Delivered Mondays and WednesdaysSign up today
- 9 web commands each Linux admin should know (TechRepublic)
- How to usage CyberPanel to easy negociate Docker images and containers (TechRepublic)
- How to go a database administrator: A cheat sheet (TechRepublic)
- Top 5 programming languages information admins should cognize (free PDF) (TechRepublic)
- 5 Linux server distributions you should beryllium using (TechRepublic Premium)
- How hyperscale information centers are reshaping each of IT (ZDNet)
- DevOps: More must-read coverage (TechRepublic connected Flipboard)