Can anyone give me a clear explanation of the best practice for what accounts/rights need to be used when installing vcenter?
In the past I have usually selected the box to install vcenter as a system service - but yesterday ran into a situation where that option is greyed out. I think that is because the ODBC DSN that we were using used windows integrated authentication.
So - what user name should we be using to do this install? Does it matter? I know that whatever user is used will need administrator rights to the server itself - but what rights does that user need to AD? And - if the installer logs into AD as him/herself to do the install- are we tying functionality to that user account?
Should we be logging into the box as a defined "service account" user instead, before running the installation routine? If so - what domain rights does this user need?
The user name does not matter but it will need admin access to the machine you are installing vCenter on -
A service account is not necessary for installation other than you might use when creating the System DSN
color me a little confused - when we do the install, it is not letting us specify a user name - it simply presents the user that is logged in, and asks for the password. Also, the option to install using "system account" is greyed out.
I don't remember ever seeing this stuff before. Is this because the ODBC connection we are using is using integrated windows authentication?
FYI - I have seen, at least with 4.0 U3, that if the account used during install is local to the vCenter server, Domain user/group lookups when assigning permissions will fail. After installation, switching the service to start as Local System addresses that issue.
I suppose using a domain user vs local should also work. The user would not require any special permissions within AD.