Experience VMware Fault Tolerance with Central Services/SRM for Appl Servs?

Hello all, I am looking for real-life experience of VMware Fault Tolerance enabled for SAP Central Services (ABAP/Java). FT is valid only for 1 vCPU VM's, therefor a probable good match with CS. Tips & trics are welcome.
If SRM is available, is it worthwhile to use it for protecting Application Servers in a dual datacenter? That way, the full capacity is guaranteed even after a disaster (resources should be available of course in the surviving DC).
So, are the VMware features like SRM and FT actually being used to protect SAP environments, and if yes, to any satisfaction?
Thanks in advance for your replies,
Roland

Hi Roland,
Did you finally use VMWare Fault Tolerance ? what has been your experience?
thanks,
Thomas 

Similar Messages

  • Connect Azure Pack to Service Bus for Windows Server with Custom DNS

    Hello! I'm trying to configure Azure Pack to use Service Bus for Windows Server 1.1 with Custom DNS.
    All runs on one virtual machine (Windows Server 2012 R2) in Windows Azure.
    I following this post:
    roysvork.wordpress.com/2014/06/14/developing-against-service-bus-for-windows-1-1
    Replace FramDNS "servicebus" to "mymachine.cloudapp.net", and create certificate:
    SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
    On Windows Azure Virtual Machine:
    1.I'll set publuc DNS: mymachine.cloudapp.net
    2.Open ports: 10354,10355,10356,10359,10000-10004
    3.In hosts file: 127.0.0.1 mymachine.cloudapp.net
    4.Create certificate:
    SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
    PowerShell:
    Stop-SBFarm –Verbose
    Set-SBFarm -FarmDns 'mymachine.cloudapp.net'
    Update-SBHost –Verbose
    Start-SBFarm –Verbose
    New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen
    Afther that i can connect to my ServiceBusDefaultNamespace with SAS.
    It's work perfect. But, When I try to create Service Bus Namespace from Azure Pack Tenant portal - in Log an Exception:
    Namespace Provisioning Exception. TrackingId: . SystemId: . Namespace: SomeNamespace.
    Method: Activating. Exception: System.Net.Http.HttpRequestException: An error occurred while
    sending the request. ---> System.Net.WebException: The underlying connection was closed:
    Could not establish trust relationship for the SSL/TLS secure channel. --->
    System.Security.Authentication.AuthenticationException: The remote certificate is invalid according
    to the validation procedure.
    And status of namespace - Activating.
    Please help!

    Hi Alexander,
    According to the log, it seems that the validation process of the certificate failed.
    Please make sure that the certificate is installed in the client properly.
    Usually, self-signed certificate should be installed in the Computer Account-->Trusted Root Certificate Authorities.
    Best Regards.
    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Hi! Can someone help me with repair service address for Palm TX?

    Hi! Can someone help me with repair service address for Palm TX?
    This question was solved.
    View Solution.

    Good luck, and please let us know here how it works out for you.  We love knowing of current resources who can help solve people's problems with these older devices.
    smkranz
    I am a volunteer, and not an HP employee.
    Palm OS ∙ webOS ∙ Android

  • Service Account for SQL Server Agent on SQL Server 2008 R2

    This SQL Server instance is SQL Server 2008 R2 (10.50.4000).  We had Active Domain Service accounts created to run the service accounts for SQL Server and SQL Server Agent.
    It has become company policy to alter the service accounts that run SQL Server and SQL Server Agent.  Currently, both were running under the Local System Accounts.  We have altered the SQL Server but we are having issues with the SQL Server Agent. 
    I am told by another DBA that
    "The agent is requiring elevated rights.  It will startup if it has local admin rights, but not with domain accounts without admin rights."
    So I was wondering if anyone has come across this issue and how did they resolve it.
    lcerni

    "The agent is requiring elevated rights.  It will startup if it has local admin rights, but not with domain accounts without admin rights."
    This is completely not true. It is indeed possible to run agent as a domain account without giving it local admin. Chances are you'll need to update the local acls by adding the account to the local security groups. Please see this article for more information:
    http://technet.microsoft.com/en-us/library/ms143504(v=sql.105).aspx
    Edit: In addition, it'll need rights to SQL server for that account to connect and do its work. It will need to be given sysadmin:
    http://technet.microsoft.com/en-us/library/ms191543.aspx
    Sean Gallardy | Blog |
    Twitter

  • After using my iPod classic in my infinity G35 a few weeks ago, I took it out of the car and it no longer works.  Just a white screen with the web address for Apple iPod support.  Worked fine when hooked up to iPod jack in car.  But wont work anywhere now

    After using my iPod classic in my infinity G35 a for the last few weeks, I took it out of the car and it no longer works.  Just a white screen with the web address for Apple iPod support.  Worked fine when hooked up to iPod jack in car.  But won't work anywhere now.  I tried re-setting but has not worked.  Any ideas would be appreciated.

    I finally resolved my problem after spending way too much time on it. I simply handed my 160GB iPod to my husband to put his fav Stones & Beatles songs on and I went back to my 80GB Microsoft Zune which has never disappointed me.
    After spending so much time trying to figure this out I did finally take it back to Apple Store who performed a diagnostic and found there was a problem with the device. They replaced it with a refurbished one which has similar issues. All I wanted to do was listen to my music. Was that too much to ask? So I am happy to be free of this problematic device. No more Apple for me!!

  • Do we need to format data and log files with 64k cluster size for sql server 2012?

    Do we need to format data and log files with 64k cluster size for sql server 2012?
    Does this best practice still applies to sql server 2012 & 2014?

    Yes.  The extent size of SQL Server data files, and the max log block size have not changed with the new versions, so the guidance should remain the same.
    Microsoft SQL Server Storage Engine PM

  • Is the single edition app that comes with creative cloud just for apple publishing or can I publish on both apple and android?

    Is the single edition app that comes with creative cloud just for apple publishing or can I publish on both apple and android? I'm only seeing information on apple intergration.

    You’ll need either a Pro or Enterprise account. And you will have to publish any non-iPad app as multi folio. Single edition, regardless of your plan, is iPad only.

  • I would like to talk to a customer service representative for Apple in Australia what is the phone number

    I would like to talk to a customer service representative for Apple in Australia what is the phone number

    emiilygracekickass wrote:
    A contact number.
    Yes, I understand.
    Click the link I supplied to find a contact number.
    Also, at the bottom right of every page on Apple's website, there is a Contact Us link.

  • What is the difference with 1 Lync Standard Edition using VMware Fault Tolerant and 2 Lync Enterprise Edition in a cluster

    Hi
    As I will be planning to setup Lync on a virtual environment regardless if it is going to be the Standard or Enterprise edition.
    I am thinking if we use 1 Lync Standard Edition for the FE Server with Fault Tolerance enabled, would it be as good as having 2 Lync Enterprise Edition in a cluster?
    Thanks

    Hi there,
    the main difference between using Lync enterprise and lync standard is the High availability and scalability feature,
    you will get fault tolrance setup with one lync standard edition running on whatever hyper-v and vmware platform, however this will not be an optimum highly available solution for the simple reason that upon a host server failure the image will move
    to another available host server and users will lose their active session durin the move process.
    on the other hand what you will gain if you the Enterprise edition is that you will have a unique identity to which all lync clients will be connecting and this identity is the lync pool identity which is in the background handled with multiple Front-End
    servers and AV conferencing pools, mediation pools and so on.
    In additioin when you have multiple front-ends in place, those front-ends will not work in active/passive mode as in a regular cluster, in contrairy all the servers will be active and handeling the work load.
    hope i make it a bit clear, if yiu need more info i am ready
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
    Thanks for the response, being a small environment of 300 users, standard edition would be more than enough for me but the fact for HA is very critical for me at this stage. That is why I am exploring the option of using VMware FT.
    I don't quick get what you mean on the users having to move to another image as my understanding of FT is in the event of a host failure (not VM failure like bluescreen etc), the VM will fail over to another host with no lost in any ping etc.
    So, in theory, the Lync Server VM would never know that the parent ESX host had failed and it needed to failover to another host. Hope my understanding is correct.
    Thanks

  • Vmware fault tolerance en esx 4.1

    Buenas tardes, tengo el siguiente problema, cuento con una maquina con fault tolerance activado con dos discos uno de 100gb y otro de 1tb, recientemente tube problemas de performance ya que los discos estaban llegando al maximo de capacidad, el dia de hoy apago la vm y desactivo ft para aumentar de 100 a 150gb y de 1 a 1.1tb, tenia entendido que el scrubbing solo afectaria los 150gb para formato eagerzeroed pero llevo ya mas de 8 horas esperando a que concluya el proceso, mi pregunta puntual existe alguna formula para saber cuando termina el proceso, por q esta afectando al parecer toda la vm cuando solo aumente 150gb, de verdad si alguien me puede orientar
    Saludos gracias

    Hi Christophe,
    first of all, the warning you see is not critical. It is just a standard warning that comes up when a standard theshold of memory usage is reached. The 4 GB RAM you have left on the host should be sufficient to cover the memory allocation overheads of the VMs and the memory that is needed by the ESX hypervisor.
    I assume you reserved 100 % of the assigned memory (mandatory for SAP virtualization). Reserved memory cannot be used by other VMs, therefore it is "not assignable" from the perspective of the hypervisor. This could be the reason why the threshold of the warning is reached although the utilization inside the guest ("active" memory) is low.
    Kind regards,
    Matthias

  • Registration with Shared Services failed for EAS, APS, Workspace & Planning

    Hi All,
    I have installed 11.1.1.3 hyperion suite with OAS as web application server.
    The architecture is
    Server 1: Shared Services
    Server 2: Workspace
    Server 3: Planning
    Server 4: EAS & APS
    Server 5: FR & Web Analysis.
    Registration of Planning, EAS, APS & Workspace with shared services failed. Configtool_err.log says:
    (May 23, 2011, 05:36:52 PM), com.hyperion.cis.config.CmsRegistrationUtil, ERROR, Failed to authenticate user = admin
    (May 23, 2011, 05:36:52 PM), com.hyperion.cis.config.wizard.RunAllTasksWizardAction, ERROR, Error:
    Error Code: -1
    com.hyperion.css.common.configuration.CSSConfigurationException: 20:3008:Failed to connect to native directory.      Error Code: 9
         at com.hyperion.css.spi.CSSManager.getProviderInstance(Unknown Source)
         at com.hyperion.css.spi.CSSManager.initProviders(Unknown Source)
         at com.hyperion.css.spi.CSSManager.initialize(Unknown Source)
         at com.hyperion.css.spi.CSSManager.<init>(Unknown Source)
         at com.hyperion.css.spi.CSSManager.getInstance(Unknown Source)
         at com.hyperion.css.CSSSystem.initCSSSystem(Unknown Source)
         at com.hyperion.css.CSSSystem.getInstance(Unknown Source)
         at com.hyperion.cis.config.CmsRegistrationUtil.getStandAloneCSS(CmsRegistrationUtil.java:440)
         at com.hyperion.cis.config.CmsRegistrationUtil.<init>(CmsRegistrationUtil.java:82)
         at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.executeHubRegistrationTask(RunAllTasksWizardAction.java:422)
         at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.execute(RunAllTasksWizardAction.java:236)
         at com.installshield.wizard.RunnableWizardBeanContext.run(Unknown Source)
    (May 23, 2011, 05:36:53 PM), com.hyperion.planning.HspDBConfigurator, ERROR, Error happened: null
    (May 23, 2011, 05:36:53 PM), com.hyperion.cis.config.wizard.RunAllTasksWizardAction, ERROR, Error:
    com.hyperion.cis.config.ProcessingException
         at com.hyperion.planning.HspDBConfigurator.configure(HspDBConfigurator.java:209)
         at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.executeDbConfigTask(RunAllTasksWizardAction.java:658)
         at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.execute(RunAllTasksWizardAction.java:202)
         at com.installshield.wizard.RunnableWizardBeanContext.run(Unknown Source)
    I tried to telnet port 7777 & 28089 of server 1 from each server. The connection failed. I have asked the network team to open the required hyperion ports
    Can anybody help me on this.
    TIA

    Just out of interest why have you used OAS as it is pretty much dead product now and is not used in future releases.
    Anyway I am not sure why you have closed ports between those servers, you will end up spending a lot of time trying to open all the required ports between the servers.
    Can you not get all the ports open for a time just to check it definitely is a ports issue.
    It is probably also worth checking the following spreadsheet out - http://www.oracle.com/technetwork/middleware/bi-foundation/epm-components-communications-fd-11-128629.xls
    It highlights the ports used in communication.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Performing Exchange Server patching & service pack for mailbox server without losing some data during the rollback ?

    People,
    I'd like to know how can I safely apply the Exchange Server service pack or cumulative update to the Mailbox Server role (no DAG) without losing some email during the downtime and rolling back the snapshot ?
    Can I do the following:
    1. Stop all of the Exchange Server services.
    2. Disconnect the vNIC in Mailbox server
    3. Take VM snapshot
    4. Apply the Exchange Server service Pack / Cumulative Update or Windows Update
    5. Reboot
    6. Reconnect the vNIC, if the server back online again with no issue, commit / delete the snapshot, if not, then disconnect the vNIC followed by roll back.
    would that be make sense or supported from both Vmware and Microsoft http://www.vmware.com/files/pdf/exchange-2010-on-vmware-support-and-licensing-guide.pdf ?
    If yu have any other suggestion, please let me know here.
    Thanks in advance.

    Hey AlbertWT,
    I'll start off by saying that I wouldn't do it.  Microsoft is explicit that snapshots are not supported with Exchange when virtualized.  See below (from Exchange 2013 virtualization: Exchange 2013 Help):
    Some hypervisors include features for taking snapshots of virtual machines. Virtual machine snapshots capture the state of a virtual machine while it's running. This feature enables you to take multiple snapshots of a virtual machine and then revert the virtual machine to any of the previous states by applying a snapshot to the virtual machine. However, virtual machine snapshots aren't application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange. As a result, making virtual machine snapshots of an Exchange guest virtual machine isn't supported.
    Even if we ignore the support statement on snapshots this is still not a good idea.  Here are some things to consider.
    1) Cumulative updates for Exchange make changes to the Active Directory Schema.  Rolling back the snapshot on the Mailbox server will not roll back the changes to AD, which could cause functional and supportability issues.  See this link to give you an idea of how there are AD schema updates in every Exchange CU and service pack: Exchange 2013 Active Directory schema changes: Exchange 2013 Help
    2) It is possible for email to come in during the time that you're testing the update, and if you need to roll back you would need a plan to get that email back.  Third party services could work, or you could prevent email from coming into your environment completely during that time, but those are not ideal solutions.
    A far better solution would be to create a lab environment that is isolated from production.  You could either take clones of your Exchange and AD VMs and put them into a network fenced environment, or create a lab and import your AD structure so it matches production.  I think this is a far better way to test than trying to rely on snapshots in production.
    Hope that helps!
    Matt

  • Set up Search Service App For SharePoint server 2013 on Windows server 2012 R2 not working

    Hi all,
    I installed SharePoint server 2013 on Windows  server 2012 R2 using VirtualBox.  I created a DC(domain controller) server with a domain set up on one VM and it has SQL server 2012 SP1 installed. Then SharePoint 2013 on another VM was set up to access
    the DC server.  Everything seems working except Search Service App which cannot be sucessfully set up. Creation process for Search service app says Successful and 4 search databases were created and look fine. But when I navigate to search service app
    admin page, it gives error info:
    System status:  The search service is not able to connect to the machine that hosts the administration component. Verify that the administration component '386f2cd6-47ca-4b3a-aeb5-d9116772ef16' in search application 'Search Service Application 1' is in
    a good state and try again.
    Search Application Topology:  Unable to retrieve topology component health states. This may be because the admin component is not up and running.
    From event viewer, I see following errors:
    (1) Error From source: SharePoint Server
    Application Server Administration job failed for service instance  Microsoft.Office.Server.Search.Administration.SearchServiceInstance
    (b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
    Reason: The object you are trying to create already exists. Try again using a different name.  
    Technical Support Details:
    System.Runtime.InteropServices.COMException (0x80040D02): The object you are trying to create already exists. Try again using a different name.  
       at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
       at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean
    isAdministrationServiceJob)
    (2) Error From source: SharePoint Server Search
    Could not access the Search database. A generic error occurred while trying to access the database to obtain the schema version info.
    Context: Application '386f2cd6-47ca-4b3a-aeb5-d9116772ef16'
    (3) Warning from source: SharePoint Server Search
    A database error occurred. Source: .Net SqlClient Data Provider Code: 8169 occurred 0 time(s) Description:  Error ordinal: 1 Message:
    Conversion failed when converting from a character string to uniqueidentifier., Class: 16, Number: 8169, State: 2    at
    System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
    (4) Error From source: SharePoint Server
    Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance
    (b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
    Reason: The gatherer application could not be mounted because the search administration database schema version does not match the expected backwards compatibility schema version. The database might not have been upgraded.  
    Technical Support Details:
    System.Runtime.InteropServices.COMException (0xC0041235): The gatherer application could not be mounted because the search administration database schema version does not match the expected backwards compatibility schema version. The database might not have
    been upgraded.  
    Since separate DC server and SharePoint server do not work, I installed SharePoint 2013 on DC server ( so DC server has everything on it now ) but it gives exactly same result. Later I installed SharePoint 2013 SP1 and still have the same problem with Search
    Service app. I spent two weeks tried all suggestions available from Web and Google but SharePoint Search Service simply does not work. Config and other databases work but why Search Service has this issue seemingly related to search DB.
    Could anybody please help out? You deserve a top SharePoint consultant award if you could find a solution. I am so frustrated and so tired by this issue.    This seems also to be a SP set up issue.
    Thanks a lot.

    Using new Search Service App wizard to create SSA is always a success. I could delete existing SSA and recreate it and no problem. It says successful but when I open Search Admin page from CA, it gives me errors as mentioned.
    Now I used the following PS script for creating SSA from Max Mercher, but it stays at the last setps in following script:
    Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
    $IndexLocation = "C:\Search"  #Location must be empty, will be deleted during the process!
    $SearchAppPoolName = "SSAPool"
    $SearchAppPoolAccountName = "mydomain\admin"
    $SearchServiceName = "SSA"
    $SearchServiceProxyName = "SSA Proxy"
    $DatabaseServer = "W12R2DC1"
    $DatabaseName = "SSA"
    $spAppPool = Get-SPServiceApplicationPool -Identity $SearchAppPoolName -ErrorAction SilentlyContinue
    if (!$spAppPool)
     $spAppPool = New-SPServiceApplicationPool -Name $SearchAppPoolName -Account $SearchAppPoolAccountName -Verbose
    $ServiceApplication = Get-SPEnterpriseSearchServiceApplication -Identity $SearchServiceName -ErrorAction SilentlyContinue
    if (!$ServiceApplication)
    # process stays at the following step forever, already one hour now.  
    $ServiceApplication = New-SPEnterpriseSearchServiceApplication -Name $SearchServiceName -ApplicationPool $spAppPool.Name -DatabaseServer  $DatabaseServer -DatabaseName $DatabaseName
    Account mydomain\admin is an farm managed account, domain admin account, in WG_ADMIN role, It is in all SQL server roles and is DBO. I see search DBs are already on SQL server. From Event viewer, I got following errors in sequence:
    (1) Crawler:Content Plugin under source Crawler:Content Plugin 
    Content Plugin can not be initialized - list of CSS addresses is not set.
    (2) Warning for SharePoint Server Search
    A database error occurred. Source: .Net SqlClient Data Provider Code: 8169 occurred 0 time(s) Description:  Error ordinal: 1 Message: Conversion failed when converting from a character string to uniqueidentifier., Class: 16, Number: 8169, State: 2   
    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
    (3) Error for SharePoint Server Search
    Could not access the Search database. A generic error occurred while trying to access the database to obtain the schema version info.
    Context: Application 'cbc5a055-996b-44a7-9cbc-404322f9cfdf'
    (4) Error for SharePoint Server
    Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
    Reason: The gatherer application could not be mounted because the search administration database schema version does not match the expected backwards compatibility schema version. The database might not have been upgraded. 
    (5) Error Shared Services for SharePoint Server Search 
    Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
    Reason: The object you are trying to create already exists. Try again using a different name. 
    Technical Support Details:
    System.Runtime.InteropServices.COMException (0x80040D02): The object you are trying to create already exists. Try again using a different name. 
       at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
       at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob
    Above errors keep being generated. Last step for SSA creation stay there forever.  Any clue what is really going on?  Thanks.

  • Group managed service accounts for SQL Server

    Hey guys,
    Unfortunately I missed that (g/s)MSAs aren't supported yet for SQL Servers but I'm using them without any worries since ages.
    As i digged a bit deeper I could find different informations due to the related TechNet entrys. So it seems Microsofts Informations about (s)MSAs and gMSAs aren't consistent.
    I'm not a SQL Server guy and use SQL only for System Center testing stuff so i would like to get a real world exps of SQL Server guys.
    Should I continue using gMSAs or are there any worries I should know?
    some sources I found so far:
    Not supported:
    "Hi Adam,
    Thank you for your feedback. Windows Server 2012 Group Managed Service Account is not currently supported as SQL 2012 released earlier than Windows Server 2012. We will consider to support gMSA in future SQL Server release.
    Regards,
    Min He, Program Manager, SQL Server"
    11.2012 -
    https://connect.microsoft.com/SQLServer/feedback/details/767211/gmsa-for-sql-server-failover-Clusters
    gMSA are not yet available, are not yet supported for SQL Server.  gMSA exist and are available and supported in Windows Server 2012 and higher.  SQL does not support them , but
    from an OS perspective, they exist and are supported.    
    http://blogs.msdn.com/b/sqlosteam/archive/2014/02/19/msa-accounts-used-with-sql.aspx
    Within the FAQ Task Scheduler isn't supported as well ...
    http://technet.microsoft.com/en-us/library/ff641729%28WS.10%29.aspx
    ... but also PFEs using them for Tasks... this is confusin... 0o
    http://blogs.msdn.com/b/arvindsh/archive/2014/02/03/managed-service-accounts-msa-and-sql-2012-practical-tips.aspx
    supported?:
    Configure Windows Service Accounts and Permissions
    ... New Account Types Available with Windows 7 and Windows Server 2008 R2
    http://technet.microsoft.com/en-us/library/ms143504(v=sql.110).aspx#Default_Accts
    The MSA must be created in the Active Directory by the domain administrator before SQL Server setup can use it for SQL Server services.
    others sources won't mentioning s/gMSAs...
    I couldn't find clear informations about using gMSA for SQL Server 2014. 
    only the same page which also Looks like the page for 2008 R2 and SQL 2012.
    Configure Windows Service Accounts and Permissions
                SQL Server 2014        
    http://msdn.microsoft.com/en-us/library/ms143504.aspx
    annoying topic so far... ;) 

    Hi Enrico
    aside from what Dan says about the risk for support, on which I agree, the following thread may clear it up a bit:
    http://social.msdn.microsoft.com/Forums/sqlserver/en-US/acb2048c-ffce-4d44-b882-6aafc7eb689d/managed-service-accounts-to-run-sql-server-service?forum=sqlsecurity
    Andreas Wolter (Blog |
    Twitter)
    MCM - Microsoft Certified Master SQL Server 2008
    MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
    www.andreas-wolter.com |
    www.SarpedonQualityLab.com

  • Question : Service Accounts for SQL Server 2012

    Hello,
    I am planning to create AD accounts for SQL Server 2012 services that will be installed on Windows 2012 server.
    I was reading the following
    Configure Windows Service Accounts and Permissions
    and
    Windows Privileges and Rights
    Is there a recommendation / document that would list that assocation of SQL Server Services with Actvie Directory service accounts / privileges required for installation and starting the services.
    Isn't it recommended to create separate account for every service and they should not be local accounts ?
    Hope to hear soon as to what industry standards are being followed for production systems ?
    Thank you very much in advance.
    Regards
    Nikunj

    From MSDN:
    Each service in SQL Server represents a process or a set of processes to manage authentication of SQL Server operations with Windows. Each service can be configured to use its own service account. This facility is exposed
    at installation. SQL Server provides a special tool, SQL Server Configuration Manager, to manage the services configuration.
    When choosing service accounts, consider the principle of least privilege. The service account should have exactly the privileges that it needs to do its job and no more privileges. You also need to consider account isolation; the service accounts should
    not only be different from one another, they should not be used by any other service on the same server. Do not grant additional permissions to the SQL Server service account or the service groups.
    From Glen Berry's Blog:
    You should request that a dedicated domain user account be created for use by the SQL Server service. This should just be a regular, domain account with no special rights on the domain. You do not need or want this account to be a local admin on the machine
    where SQL Server will be installed. The SQL Server setup program will grant the necessary rights on the machine to that account during installation.
    You will also want a separate, dedicated domain user account for the SQL Server Agent service. If you are going to be installing and using other SQL Server related services such as SQL Server Integration Services (SSIS), SQL Server Reporting Services (SSRS),
    or SQL Server Analysis Services (SSAS), you will want dedicated domain accounts for each service. The reason you want separate accounts for each service is because they require different rights on the local machine, and having separate accounts is both more
    secure and more resilient, since a problem with one account won’t affect all of the SQL Server Services.
    Depending on your organization, getting these domain accounts created could take anywhere from minutes to weeks to complete, so make sure to allow time for this. For each one of these accounts, you will need their logon credentials for the SQL Server setup
    program. You are going to want to make sure that the accounts don’t have a temporary password that must be changed during the next login. If they are set up that way, make sure to change them to use a strong password, and record this information in a secure
    location.
    Please Mark This As Answer if it solved your issue
    Please Mark This As Helpful if it helps to solve your issue
    Thanks,
    Shashikant

Maybe you are looking for