Beyond creating Active Directory accounts for connecting your vCenter server to a remote SQL box, is there any best practice reason to create a AD account to run your vSphere services?
The default is to use the "Local System" account. Is there any inherent weakness in using the local system account for services such as vCenter, VUM, or vConverter?
Hi James. Using AD creds in service accounts can actually be quite insecure - a bit more info at:
http://articles.techrepublic.com.com/5100-10878_11-1053581.html (gets interesting around 3/4 of the page down)
http://www.sans.org/reading_room/whitepapers/application/service-account-vulnerabilities_5
Regards
Owen
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
no inherent weakness, in my opinion. The default is local system for a reason. It's efficient, and as most windows services, runs without the need for domain credentials.
So there is no benefit to using active directory authenication service accounts for local vSphere services?
Anyone else?
Hi James. Using AD creds in service accounts can actually be quite insecure - a bit more info at:
http://articles.techrepublic.com.com/5100-10878_11-1053581.html (gets interesting around 3/4 of the page down)
http://www.sans.org/reading_room/whitepapers/application/service-account-vulnerabilities_5
Regards
Owen
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
So there is no benefit to using active directory authenication service accounts for local vSphere services?
As you have written, the big reason is for authentincation to a remote SQL server.
I do not see other advantage.
Andre