Non Expiry Service Account  for Monitoring and Backup in vCenter 6.x

patron
patron used Ask the Experts™
on
We are looking to create service account with no expiry in vCenter 6.x , it will be used only for scheduled job
  1. Can we have local account ? or if domain account is required ? to configure as service account
  2. Please share the best practice and steps to configure the same
  3. Can we configure the existing local/domain account individually or if expiry is set at group level
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Patron,

Usually, for the Backup service account, I am using the below granular permission for the Active Directory account: https://www.veeam.com/veeam_backup_9_0_permissions_pg.pdf

Hope that helps.
patronTechnical consultant

Author

Commented:
Thanks

I am looking for service account which is non interactive not allow to login to vc but will be able to start the scheduled task for  backup/tsm backup and monitoring via some other tool in network
Sebastian TalmonSystem Engineer Datacenter Solutions

Commented:
You should look for granular permission requirements from your backup vendor,

I would recommend a local account in your vSphere SSO Domain (@vsphere.local) instead of Windows AD Account or local Windows User.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
You can use any account which has correct permissions
patronTechnical consultant

Author

Commented:
I need to use domain account named xyz as TSM VE scheduled Backup jobs @my VC 6.x
Can I use Local created account as service account  -which should not be able to login to VC but will be able to run scheduled job for TSMVE Backup - and expiry should be min 1 year (if we can set_ or non expiry for single account in both case local/domain?
Sebastian TalmonSystem Engineer Datacenter Solutions

Commented:
Is this a Windows vCenter or a vCenter Appliance?

What is the reason that you say you have to have to use a domain account, but ask for local account in the same question?
patronTechnical consultant

Author

Commented:
Is this a Windows vCenter or a vCenter Appliance?
Windows Server
What is the reason that you say you have to have to use a domain account, but ask for local account in the same question?
Currently we are using one domain id which is shared and allowing to login so need to overcome risk as id is required to work as service account  only to initiate daily backup jobs for TSM VE so best one is required either it is local or domain
Technical consultant
Commented:
Closing as it been long time no response actually I was looking for . Thanks for all your input here

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial