Last week on Twitter Jason Shiplett (Blog/Twitter) raised the question about configuring VMware App Volumes to use Windows Integrated Authentication when connecting to the backend SQL database. While this is supported in App Volumes the documentation (v2.6 of the User Guide located HERE) doesn’t mention the “How” of setting this up. Now usually this isn’t much of a challenge if using using/requiring Windows Integrated Authentication for SQL connectivity, you simple create or use an existing Active Directory user account with the needed SQL permissions to make the connection. Easy peasy.
Well, for App Volumes if it was that straight forward there would be no need for a blog post. When running through the App Volumes Manager installation (documented HERE) when you get to the “Database Server’’ dialog you will notice the two SQL authentication methods. But pay close attention to the Windows Integrated Authentication option, the key here is the mention of “automatically use this server’s SYSTEM account” and no ability to specify an actual user account as you would normally see:
In my lab environment I tested out a few different configurations in the attempts to get Windows Integrated Authentication to work. What I finally settled on is outlined below:
- Created an Active Directory Security Group title AppVolums_Servers
- Placed the Active Directory Machine Account of my App Volume Manager servers (AppVol01/AppVol02). Remember App Volumes is using the SYSTEM account for authentication
- In SQL Server Management Studio created a Login using the Active Directory Security group containing my App Volume Managers (AppVolumes_Servers). When creating the Login be sure to select the “Advanced” option to complete the search. From here you will need to add “Groups” to the Object Types and search your Active Directory domain for the Location to find the needed security group:
- With the SQL login created we can go back over to the App Volumes install and provide the details for the SQL database connectivity. Now that access has been implemented I can browse/select my App Volumes database to install to, AppVolumes_Test:
- Note, I am not DBA by trade and know enough about MS SQL to get me into trouble. If a DBA or someone just more familiar with MS SQL knows of a better/more standard way of handling this type of configuration for Windows Integrated Authentication please drop a note in the comments below.
Thanks for reading!