Experience VMware Fault Tolerance with Central Services/SRM for Appl Servs?
Hello all, I am looking for real-life experience of VMware Fault Tolerance enabled for SAP Central Services (ABAP/Java). FT is valid only for 1 vCPU VM's, therefor a probable good match with CS. Tips & trics are welcome.
If SRM is available, is it worthwhile to use it for protecting Application Servers in a dual datacenter? That way, the full capacity is guaranteed even after a disaster (resources should be available of course in the surviving DC).
So, are the VMware features like SRM and FT actually being used to protect SAP environments, and if yes, to any satisfaction?
Thanks in advance for your replies,
Roland
Hi Roland,
Did you finally use VMWare Fault Tolerance ? what has been your experience?
thanks,
Thomas
Similar Messages
-
Connect Azure Pack to Service Bus for Windows Server with Custom DNS
Hello! I'm trying to configure Azure Pack to use Service Bus for Windows Server 1.1 with Custom DNS.
All runs on one virtual machine (Windows Server 2012 R2) in Windows Azure.
I following this post:
roysvork.wordpress.com/2014/06/14/developing-against-service-bus-for-windows-1-1
Replace FramDNS "servicebus" to "mymachine.cloudapp.net", and create certificate:
SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
On Windows Azure Virtual Machine:
1.I'll set publuc DNS: mymachine.cloudapp.net
2.Open ports: 10354,10355,10356,10359,10000-10004
3.In hosts file: 127.0.0.1 mymachine.cloudapp.net
4.Create certificate:
SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
PowerShell:
Stop-SBFarm –Verbose
Set-SBFarm -FarmDns 'mymachine.cloudapp.net'
Update-SBHost –Verbose
Start-SBFarm –Verbose
New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen
Afther that i can connect to my ServiceBusDefaultNamespace with SAS.
It's work perfect. But, When I try to create Service Bus Namespace from Azure Pack Tenant portal - in Log an Exception:
Namespace Provisioning Exception. TrackingId: . SystemId: . Namespace: SomeNamespace.
Method: Activating. Exception: System.Net.Http.HttpRequestException: An error occurred while
sending the request. ---> System.Net.WebException: The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel. --->
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according
to the validation procedure.
And status of namespace - Activating.
Please help!Hi Alexander,
According to the log, it seems that the validation process of the certificate failed.
Please make sure that the certificate is installed in the client properly.
Usually, self-signed certificate should be installed in the Computer Account-->Trusted Root Certificate Authorities.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hi! Can someone help me with repair service address for Palm TX?
Hi! Can someone help me with repair service address for Palm TX?
This question was solved.
View Solution.Good luck, and please let us know here how it works out for you. We love knowing of current resources who can help solve people's problems with these older devices.
smkranz
I am a volunteer, and not an HP employee.
Palm OS ∙ webOS ∙ Android -
Service Account for SQL Server Agent on SQL Server 2008 R2
This SQL Server instance is SQL Server 2008 R2 (10.50.4000). We had Active Domain Service accounts created to run the service accounts for SQL Server and SQL Server Agent.
It has become company policy to alter the service accounts that run SQL Server and SQL Server Agent. Currently, both were running under the Local System Accounts. We have altered the SQL Server but we are having issues with the SQL Server Agent.
I am told by another DBA that
"The agent is requiring elevated rights. It will startup if it has local admin rights, but not with domain accounts without admin rights."
So I was wondering if anyone has come across this issue and how did they resolve it.
lcerni"The agent is requiring elevated rights. It will startup if it has local admin rights, but not with domain accounts without admin rights."
This is completely not true. It is indeed possible to run agent as a domain account without giving it local admin. Chances are you'll need to update the local acls by adding the account to the local security groups. Please see this article for more information:
http://technet.microsoft.com/en-us/library/ms143504(v=sql.105).aspx
Edit: In addition, it'll need rights to SQL server for that account to connect and do its work. It will need to be given sysadmin:
http://technet.microsoft.com/en-us/library/ms191543.aspx
Sean Gallardy | Blog |
Twitter -
After using my iPod classic in my infinity G35 a for the last few weeks, I took it out of the car and it no longer works. Just a white screen with the web address for Apple iPod support. Worked fine when hooked up to iPod jack in car. But won't work anywhere now. I tried re-setting but has not worked. Any ideas would be appreciated.
I finally resolved my problem after spending way too much time on it. I simply handed my 160GB iPod to my husband to put his fav Stones & Beatles songs on and I went back to my 80GB Microsoft Zune which has never disappointed me.
After spending so much time trying to figure this out I did finally take it back to Apple Store who performed a diagnostic and found there was a problem with the device. They replaced it with a refurbished one which has similar issues. All I wanted to do was listen to my music. Was that too much to ask? So I am happy to be free of this problematic device. No more Apple for me!! -
Do we need to format data and log files with 64k cluster size for sql server 2012?
Do we need to format data and log files with 64k cluster size for sql server 2012?
Does this best practice still applies to sql server 2012 & 2014?Yes. The extent size of SQL Server data files, and the max log block size have not changed with the new versions, so the guidance should remain the same.
Microsoft SQL Server Storage Engine PM -
Is the single edition app that comes with creative cloud just for apple publishing or can I publish on both apple and android? I'm only seeing information on apple intergration.
You’ll need either a Pro or Enterprise account. And you will have to publish any non-iPad app as multi folio. Single edition, regardless of your plan, is iPad only.
-
I would like to talk to a customer service representative for Apple in Australia what is the phone number
emiilygracekickass wrote:
A contact number.
Yes, I understand.
Click the link I supplied to find a contact number.
Also, at the bottom right of every page on Apple's website, there is a Contact Us link. -
Hi
As I will be planning to setup Lync on a virtual environment regardless if it is going to be the Standard or Enterprise edition.
I am thinking if we use 1 Lync Standard Edition for the FE Server with Fault Tolerance enabled, would it be as good as having 2 Lync Enterprise Edition in a cluster?
ThanksHi there,
the main difference between using Lync enterprise and lync standard is the High availability and scalability feature,
you will get fault tolrance setup with one lync standard edition running on whatever hyper-v and vmware platform, however this will not be an optimum highly available solution for the simple reason that upon a host server failure the image will move
to another available host server and users will lose their active session durin the move process.
on the other hand what you will gain if you the Enterprise edition is that you will have a unique identity to which all lync clients will be connecting and this identity is the lync pool identity which is in the background handled with multiple Front-End
servers and AV conferencing pools, mediation pools and so on.
In additioin when you have multiple front-ends in place, those front-ends will not work in active/passive mode as in a regular cluster, in contrairy all the servers will be active and handeling the work load.
hope i make it a bit clear, if yiu need more info i am ready
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
Thanks for the response, being a small environment of 300 users, standard edition would be more than enough for me but the fact for HA is very critical for me at this stage. That is why I am exploring the option of using VMware FT.
I don't quick get what you mean on the users having to move to another image as my understanding of FT is in the event of a host failure (not VM failure like bluescreen etc), the VM will fail over to another host with no lost in any ping etc.
So, in theory, the Lync Server VM would never know that the parent ESX host had failed and it needed to failover to another host. Hope my understanding is correct.
Thanks -
Vmware fault tolerance en esx 4.1
Buenas tardes, tengo el siguiente problema, cuento con una maquina con fault tolerance activado con dos discos uno de 100gb y otro de 1tb, recientemente tube problemas de performance ya que los discos estaban llegando al maximo de capacidad, el dia de hoy apago la vm y desactivo ft para aumentar de 100 a 150gb y de 1 a 1.1tb, tenia entendido que el scrubbing solo afectaria los 150gb para formato eagerzeroed pero llevo ya mas de 8 horas esperando a que concluya el proceso, mi pregunta puntual existe alguna formula para saber cuando termina el proceso, por q esta afectando al parecer toda la vm cuando solo aumente 150gb, de verdad si alguien me puede orientar
Saludos graciasHi Christophe,
first of all, the warning you see is not critical. It is just a standard warning that comes up when a standard theshold of memory usage is reached. The 4 GB RAM you have left on the host should be sufficient to cover the memory allocation overheads of the VMs and the memory that is needed by the ESX hypervisor.
I assume you reserved 100 % of the assigned memory (mandatory for SAP virtualization). Reserved memory cannot be used by other VMs, therefore it is "not assignable" from the perspective of the hypervisor. This could be the reason why the threshold of the warning is reached although the utilization inside the guest ("active" memory) is low.
Kind regards,
Matthias -
Registration with Shared Services failed for EAS, APS, Workspace & Planning
Hi All,
I have installed 11.1.1.3 hyperion suite with OAS as web application server.
The architecture is
Server 1: Shared Services
Server 2: Workspace
Server 3: Planning
Server 4: EAS & APS
Server 5: FR & Web Analysis.
Registration of Planning, EAS, APS & Workspace with shared services failed. Configtool_err.log says:
(May 23, 2011, 05:36:52 PM), com.hyperion.cis.config.CmsRegistrationUtil, ERROR, Failed to authenticate user = admin
(May 23, 2011, 05:36:52 PM), com.hyperion.cis.config.wizard.RunAllTasksWizardAction, ERROR, Error:
Error Code: -1
com.hyperion.css.common.configuration.CSSConfigurationException: 20:3008:Failed to connect to native directory. Error Code: 9
at com.hyperion.css.spi.CSSManager.getProviderInstance(Unknown Source)
at com.hyperion.css.spi.CSSManager.initProviders(Unknown Source)
at com.hyperion.css.spi.CSSManager.initialize(Unknown Source)
at com.hyperion.css.spi.CSSManager.<init>(Unknown Source)
at com.hyperion.css.spi.CSSManager.getInstance(Unknown Source)
at com.hyperion.css.CSSSystem.initCSSSystem(Unknown Source)
at com.hyperion.css.CSSSystem.getInstance(Unknown Source)
at com.hyperion.cis.config.CmsRegistrationUtil.getStandAloneCSS(CmsRegistrationUtil.java:440)
at com.hyperion.cis.config.CmsRegistrationUtil.<init>(CmsRegistrationUtil.java:82)
at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.executeHubRegistrationTask(RunAllTasksWizardAction.java:422)
at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.execute(RunAllTasksWizardAction.java:236)
at com.installshield.wizard.RunnableWizardBeanContext.run(Unknown Source)
(May 23, 2011, 05:36:53 PM), com.hyperion.planning.HspDBConfigurator, ERROR, Error happened: null
(May 23, 2011, 05:36:53 PM), com.hyperion.cis.config.wizard.RunAllTasksWizardAction, ERROR, Error:
com.hyperion.cis.config.ProcessingException
at com.hyperion.planning.HspDBConfigurator.configure(HspDBConfigurator.java:209)
at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.executeDbConfigTask(RunAllTasksWizardAction.java:658)
at com.hyperion.cis.config.wizard.RunAllTasksWizardAction.execute(RunAllTasksWizardAction.java:202)
at com.installshield.wizard.RunnableWizardBeanContext.run(Unknown Source)
I tried to telnet port 7777 & 28089 of server 1 from each server. The connection failed. I have asked the network team to open the required hyperion ports
Can anybody help me on this.
TIAJust out of interest why have you used OAS as it is pretty much dead product now and is not used in future releases.
Anyway I am not sure why you have closed ports between those servers, you will end up spending a lot of time trying to open all the required ports between the servers.
Can you not get all the ports open for a time just to check it definitely is a ports issue.
It is probably also worth checking the following spreadsheet out - http://www.oracle.com/technetwork/middleware/bi-foundation/epm-components-communications-fd-11-128629.xls
It highlights the ports used in communication.
Cheers
John
http://john-goodwin.blogspot.com/ -
People,
I'd like to know how can I safely apply the Exchange Server service pack or cumulative update to the Mailbox Server role (no DAG) without losing some email during the downtime and rolling back the snapshot ?
Can I do the following:
1. Stop all of the Exchange Server services.
2. Disconnect the vNIC in Mailbox server
3. Take VM snapshot
4. Apply the Exchange Server service Pack / Cumulative Update or Windows Update
5. Reboot
6. Reconnect the vNIC, if the server back online again with no issue, commit / delete the snapshot, if not, then disconnect the vNIC followed by roll back.
would that be make sense or supported from both Vmware and Microsoft http://www.vmware.com/files/pdf/exchange-2010-on-vmware-support-and-licensing-guide.pdf ?
If yu have any other suggestion, please let me know here.
Thanks in advance.Hey AlbertWT,
I'll start off by saying that I wouldn't do it. Microsoft is explicit that snapshots are not supported with Exchange when virtualized. See below (from Exchange 2013 virtualization: Exchange 2013 Help):
Some hypervisors include features for taking snapshots of virtual machines. Virtual machine snapshots capture the state of a virtual machine while it's running. This feature enables you to take multiple snapshots of a virtual machine and then revert the virtual machine to any of the previous states by applying a snapshot to the virtual machine. However, virtual machine snapshots aren't application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange. As a result, making virtual machine snapshots of an Exchange guest virtual machine isn't supported.
Even if we ignore the support statement on snapshots this is still not a good idea. Here are some things to consider.
1) Cumulative updates for Exchange make changes to the Active Directory Schema. Rolling back the snapshot on the Mailbox server will not roll back the changes to AD, which could cause functional and supportability issues. See this link to give you an idea of how there are AD schema updates in every Exchange CU and service pack: Exchange 2013 Active Directory schema changes: Exchange 2013 Help
2) It is possible for email to come in during the time that you're testing the update, and if you need to roll back you would need a plan to get that email back. Third party services could work, or you could prevent email from coming into your environment completely during that time, but those are not ideal solutions.
A far better solution would be to create a lab environment that is isolated from production. You could either take clones of your Exchange and AD VMs and put them into a network fenced environment, or create a lab and import your AD structure so it matches production. I think this is a far better way to test than trying to rely on snapshots in production.
Hope that helps!
Matt -
Set up Search Service App For SharePoint server 2013 on Windows server 2012 R2 not working
Hi all,
I installed SharePoint server 2013 on Windows server 2012 R2 using VirtualBox. I created a DC(domain controller) server with a domain set up on one VM and it has SQL server 2012 SP1 installed. Then SharePoint 2013 on another VM was set up to access
the DC server. Everything seems working except Search Service App which cannot be sucessfully set up. Creation process for Search service app says Successful and 4 search databases were created and look fine. But when I navigate to search service app
admin page, it gives error info:
System status: The search service is not able to connect to the machine that hosts the administration component. Verify that the administration component '386f2cd6-47ca-4b3a-aeb5-d9116772ef16' in search application 'Search Service Application 1' is in
a good state and try again.
Search Application Topology: Unable to retrieve topology component health states. This may be because the admin component is not up and running.
From event viewer, I see following errors:
(1) Error From source: SharePoint Server
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance
(b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
Reason: The object you are trying to create already exists. Try again using a different name.
Technical Support Details:
System.Runtime.InteropServices.COMException (0x80040D02): The object you are trying to create already exists. Try again using a different name.
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean
isAdministrationServiceJob)
(2) Error From source: SharePoint Server Search
Could not access the Search database. A generic error occurred while trying to access the database to obtain the schema version info.
Context: Application '386f2cd6-47ca-4b3a-aeb5-d9116772ef16'
(3) Warning from source: SharePoint Server Search
A database error occurred. Source: .Net SqlClient Data Provider Code: 8169 occurred 0 time(s) Description: Error ordinal: 1 Message:
Conversion failed when converting from a character string to uniqueidentifier., Class: 16, Number: 8169, State: 2 at
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
(4) Error From source: SharePoint Server
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance
(b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
Reason: The gatherer application could not be mounted because the search administration database schema version does not match the expected backwards compatibility schema version. The database might not have been upgraded.
Technical Support Details:
System.Runtime.InteropServices.COMException (0xC0041235): The gatherer application could not be mounted because the search administration database schema version does not match the expected backwards compatibility schema version. The database might not have
been upgraded.
Since separate DC server and SharePoint server do not work, I installed SharePoint 2013 on DC server ( so DC server has everything on it now ) but it gives exactly same result. Later I installed SharePoint 2013 SP1 and still have the same problem with Search
Service app. I spent two weeks tried all suggestions available from Web and Google but SharePoint Search Service simply does not work. Config and other databases work but why Search Service has this issue seemingly related to search DB.
Could anybody please help out? You deserve a top SharePoint consultant award if you could find a solution. I am so frustrated and so tired by this issue. This seems also to be a SP set up issue.
Thanks a lot.Using new Search Service App wizard to create SSA is always a success. I could delete existing SSA and recreate it and no problem. It says successful but when I open Search Admin page from CA, it gives me errors as mentioned.
Now I used the following PS script for creating SSA from Max Mercher, but it stays at the last setps in following script:
Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
$IndexLocation = "C:\Search" #Location must be empty, will be deleted during the process!
$SearchAppPoolName = "SSAPool"
$SearchAppPoolAccountName = "mydomain\admin"
$SearchServiceName = "SSA"
$SearchServiceProxyName = "SSA Proxy"
$DatabaseServer = "W12R2DC1"
$DatabaseName = "SSA"
$spAppPool = Get-SPServiceApplicationPool -Identity $SearchAppPoolName -ErrorAction SilentlyContinue
if (!$spAppPool)
$spAppPool = New-SPServiceApplicationPool -Name $SearchAppPoolName -Account $SearchAppPoolAccountName -Verbose
$ServiceApplication = Get-SPEnterpriseSearchServiceApplication -Identity $SearchServiceName -ErrorAction SilentlyContinue
if (!$ServiceApplication)
# process stays at the following step forever, already one hour now.
$ServiceApplication = New-SPEnterpriseSearchServiceApplication -Name $SearchServiceName -ApplicationPool $spAppPool.Name -DatabaseServer $DatabaseServer -DatabaseName $DatabaseName
Account mydomain\admin is an farm managed account, domain admin account, in WG_ADMIN role, It is in all SQL server roles and is DBO. I see search DBs are already on SQL server. From Event viewer, I got following errors in sequence:
(1) Crawler:Content Plugin under source Crawler:Content Plugin
Content Plugin can not be initialized - list of CSS addresses is not set.
(2) Warning for SharePoint Server Search
A database error occurred. Source: .Net SqlClient Data Provider Code: 8169 occurred 0 time(s) Description: Error ordinal: 1 Message: Conversion failed when converting from a character string to uniqueidentifier., Class: 16, Number: 8169, State: 2
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
(3) Error for SharePoint Server Search
Could not access the Search database. A generic error occurred while trying to access the database to obtain the schema version info.
Context: Application 'cbc5a055-996b-44a7-9cbc-404322f9cfdf'
(4) Error for SharePoint Server
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
Reason: The gatherer application could not be mounted because the search administration database schema version does not match the expected backwards compatibility schema version. The database might not have been upgraded.
(5) Error Shared Services for SharePoint Server Search
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (b7c72eb8-cbaf-435e-b4c9-963cb6e4e745).
Reason: The object you are trying to create already exists. Try again using a different name.
Technical Support Details:
System.Runtime.InteropServices.COMException (0x80040D02): The object you are trying to create already exists. Try again using a different name.
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob
Above errors keep being generated. Last step for SSA creation stay there forever. Any clue what is really going on? Thanks. -
Group managed service accounts for SQL Server
Hey guys,
Unfortunately I missed that (g/s)MSAs aren't supported yet for SQL Servers but I'm using them without any worries since ages.
As i digged a bit deeper I could find different informations due to the related TechNet entrys. So it seems Microsofts Informations about (s)MSAs and gMSAs aren't consistent.
I'm not a SQL Server guy and use SQL only for System Center testing stuff so i would like to get a real world exps of SQL Server guys.
Should I continue using gMSAs or are there any worries I should know?
some sources I found so far:
Not supported:
"Hi Adam,
Thank you for your feedback. Windows Server 2012 Group Managed Service Account is not currently supported as SQL 2012 released earlier than Windows Server 2012. We will consider to support gMSA in future SQL Server release.
Regards,
Min He, Program Manager, SQL Server"
11.2012 -
https://connect.microsoft.com/SQLServer/feedback/details/767211/gmsa-for-sql-server-failover-Clusters
gMSA are not yet available, are not yet supported for SQL Server. gMSA exist and are available and supported in Windows Server 2012 and higher. SQL does not support them , but
from an OS perspective, they exist and are supported.
http://blogs.msdn.com/b/sqlosteam/archive/2014/02/19/msa-accounts-used-with-sql.aspx
Within the FAQ Task Scheduler isn't supported as well ...
http://technet.microsoft.com/en-us/library/ff641729%28WS.10%29.aspx
... but also PFEs using them for Tasks... this is confusin... 0o
http://blogs.msdn.com/b/arvindsh/archive/2014/02/03/managed-service-accounts-msa-and-sql-2012-practical-tips.aspx
supported?:
Configure Windows Service Accounts and Permissions
... New Account Types Available with Windows 7 and Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/ms143504(v=sql.110).aspx#Default_Accts
The MSA must be created in the Active Directory by the domain administrator before SQL Server setup can use it for SQL Server services.
others sources won't mentioning s/gMSAs...
I couldn't find clear informations about using gMSA for SQL Server 2014.
only the same page which also Looks like the page for 2008 R2 and SQL 2012.
Configure Windows Service Accounts and Permissions
SQL Server 2014
http://msdn.microsoft.com/en-us/library/ms143504.aspx
annoying topic so far... ;)Hi Enrico
aside from what Dan says about the risk for support, on which I agree, the following thread may clear it up a bit:
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/acb2048c-ffce-4d44-b882-6aafc7eb689d/managed-service-accounts-to-run-sql-server-service?forum=sqlsecurity
Andreas Wolter (Blog |
Twitter)
MCM - Microsoft Certified Master SQL Server 2008
MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
www.andreas-wolter.com |
www.SarpedonQualityLab.com -
Question : Service Accounts for SQL Server 2012
Hello,
I am planning to create AD accounts for SQL Server 2012 services that will be installed on Windows 2012 server.
I was reading the following
Configure Windows Service Accounts and Permissions
and
Windows Privileges and Rights
Is there a recommendation / document that would list that assocation of SQL Server Services with Actvie Directory service accounts / privileges required for installation and starting the services.
Isn't it recommended to create separate account for every service and they should not be local accounts ?
Hope to hear soon as to what industry standards are being followed for production systems ?
Thank you very much in advance.
Regards
NikunjFrom MSDN:
Each service in SQL Server represents a process or a set of processes to manage authentication of SQL Server operations with Windows. Each service can be configured to use its own service account. This facility is exposed
at installation. SQL Server provides a special tool, SQL Server Configuration Manager, to manage the services configuration.
When choosing service accounts, consider the principle of least privilege. The service account should have exactly the privileges that it needs to do its job and no more privileges. You also need to consider account isolation; the service accounts should
not only be different from one another, they should not be used by any other service on the same server. Do not grant additional permissions to the SQL Server service account or the service groups.
From Glen Berry's Blog:
You should request that a dedicated domain user account be created for use by the SQL Server service. This should just be a regular, domain account with no special rights on the domain. You do not need or want this account to be a local admin on the machine
where SQL Server will be installed. The SQL Server setup program will grant the necessary rights on the machine to that account during installation.
You will also want a separate, dedicated domain user account for the SQL Server Agent service. If you are going to be installing and using other SQL Server related services such as SQL Server Integration Services (SSIS), SQL Server Reporting Services (SSRS),
or SQL Server Analysis Services (SSAS), you will want dedicated domain accounts for each service. The reason you want separate accounts for each service is because they require different rights on the local machine, and having separate accounts is both more
secure and more resilient, since a problem with one account won’t affect all of the SQL Server Services.
Depending on your organization, getting these domain accounts created could take anywhere from minutes to weeks to complete, so make sure to allow time for this. For each one of these accounts, you will need their logon credentials for the SQL Server setup
program. You are going to want to make sure that the accounts don’t have a temporary password that must be changed during the next login. If they are set up that way, make sure to change them to use a strong password, and record this information in a secure
location.
Please Mark This As Answer if it solved your issue
Please Mark This As Helpful if it helps to solve your issue
Thanks,
Shashikant
Maybe you are looking for
-
Process: WebProcess [13216] Path: /System/Library/StagedFrameworks/Safari/WebKit2.framework/WebProcess.app/Conten ts/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 7537 (7537.71) Build Info: WebKit2-75
-
Regarding Creation of Product group
Hi SAP Guru, I am being Unable to create a product group at new , although I have done it and run at other client.Also Please let me know the Views to select. As per My knowledge I have selected only 05 views , basic, MRP-1,2,3,4.... Need not to sele
-
HT5312 How can I make new Apple ID????
How do secure my Apple ID ?????
-
Synchronize with External NTP server.
Dear All Good morning, Environment: SunOS CSF-2 5.10 Generic_138888-03 sun4u sparc SUNW, Sun-Fire-V245 system. Sun Cluster 3-2 Two node. Question: How to Synchronize Cluster timing with external NTP server/device? If external NTP device is down will
-
Best Color Management Settings for Web in CS3
I've seen tons of info on what color management settings can be used in CS3, but most seemed to favor work for printing. I'm just wondering what settings people think are best for color and B&W photo web work in particular... I already have both the