What is the best choice for service accounts in a non-clustered environment.

  • In the past we've used domain so the service account can access backup locations on the network. 
    This is no longer a requirement as backups are handled by a third party app and SSIS jobs all use proxy AD accounts to access network resources. 
    Seems virtual accounts would greatly simplify server setup, but I'm concerned i may be missing something here.

    Appreciate any thoughts or useful insight.
    thx

    Edit: this is a resource i was referencing.

  • Tom Van Harpen - Wednesday, November 14, 2018 12:48 PM

    In the past we've used domain so the service account can access backup locations on the network. 
    This is no longer a requirement as backups are handled by a third party app and SSIS jobs all use proxy AD accounts to access network resources. 
    Seems virtual accounts would greatly simplify server setup, but I'm concerned i may be missing something here.

    Appreciate any thoughts or useful insight.
    thx

    Edit: this is a resource i was referencing.

    For ease of administration as well as more security/isolation, you probably want to look at managed service accounts.

    Sue

  • Thanks Sue, appreciate the feedback.

  • indeed as Sue suggested I would rather have a look at gMSA. What you might be missing is Service Pricipal Names do still like AD Accounts, which leads straight to topics like "double hop Authentication" which itself can be a pain to implement but local Service Accounts would make such things impossible.
    You can create a PowerShell Script to basically create you gMSA before installing SQL Server and using that account as Service account during Installation, this way you have quite a simplistic and automated way to handle both parts and if you want to handle the way SQL Servers are being set up during installation (defaults etc.) you could go for a Desired State Configuration which essentially being implemented as Webservice would enable you to not just install SQL Server but actually configure basics according to company standards.

    Does this sound like something for simplifying Setup to you? 😉

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply