Non Expiry Service Account for Monitoring and Backup in vCenter 6.x

We are looking to create service account with no expiry in vCenter 6.x , it will be used only for scheduled job
  1. Can we have local account ? or if domain account is required ? to configure as service account
  2. Please share the best practice and steps to configure the same
  3. Can we configure the existing local/domain account individually or if expiry is set at group level
LVL 1
patronTechnical consultant Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Senior IT System EngineerIT ProfessionalCommented:
Patron,

Usually, for the Backup service account, I am using the below granular permission for the Active Directory account: https://www.veeam.com/veeam_backup_9_0_permissions_pg.pdf

Hope that helps.
patronTechnical consultant Author Commented:
Thanks

I am looking for service account which is non interactive not allow to login to vc but will be able to start the scheduled task for  backup/tsm backup and monitoring via some other tool in network
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:
You should look for granular permission requirements from your backup vendor,

I would recommend a local account in your vSphere SSO Domain (@vsphere.local) instead of Windows AD Account or local Windows User.
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You can use any account which has correct permissions
patronTechnical consultant Author Commented:
I need to use domain account named xyz as TSM VE scheduled Backup jobs @my VC 6.x
Can I use Local created account as service account  -which should not be able to login to VC but will be able to run scheduled job for TSMVE Backup - and expiry should be min 1 year (if we can set_ or non expiry for single account in both case local/domain?
Sebastian TalmonSystem Engineer Datacenter SolutionsCommented:
Is this a Windows vCenter or a vCenter Appliance?

What is the reason that you say you have to have to use a domain account, but ask for local account in the same question?
patronTechnical consultant Author Commented:
Is this a Windows vCenter or a vCenter Appliance?
Windows Server
What is the reason that you say you have to have to use a domain account, but ask for local account in the same question?
Currently we are using one domain id which is shared and allowing to login so need to overcome risk as id is required to work as service account  only to initiate daily backup jobs for TSM VE so best one is required either it is local or domain
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.