Hi everyone,
I was wondering if there are any criteria on where VA’s should be hosted. Since we plan on integrating more active directory domains, does the VA need to be hosted on the same domain as the DNS server? Or can it be hosted in any domain in an azure env
Here is the one document I found.
The VAs are not domain joined, but they do need to be in a network segment that can reach your sources. As a best practice, you should “Locate VAs Close to Sources” to ensure a reliable connection.
Do you have a source in AWS? Consider locating the VA in AWS in the same availability zone. Azure, the same thing. If your sources are on prem, you may want to have a VA on prem.
We have sources in aws, azure, on prem. We also have multiple on prem active directory’s and was wondering if we need 1 va per on prem active directory.
It is possible that a single VA cluster could read from all the directories, from all of the aws, azure, and on prem locations. The limitation is the networking, and the question of whether you want to be able to reach cloud sources in the event of an outage with your on prem services, or vice versa.
First of all, you cannot assign a VA to a source directly. VAs are added to a VA cluster and this cluster is assigned to different sources. So there is no way you will know which specific VA is actually running a process. That means you cannot ensure the VAs on cloud process operations related to cloud based sources and VAs on prem will process on-prem based source operations. If this is what you want, then you need to have different VA clusters and configure your sources accordingly.
Second of all, as mentioned by @MattUribe VAs should be located as close as possible to the sources. Whether you run a VA on cloud (AWS, Azure…) or on prem, you need to make sure these VAs have reliable connectivity to the sources with minimum latency. Also note that it is NOT recommended that VAs be in DMZ.