Using Windows Integrated Authentication with VMware App Volumes

CloudVolumes-SquareLast week on Twitter Jason Shiplett (Blog/Twitter) raised the question about configuring VMware App Volumes to use Windows Integrated Authentication when connecting to the backend SQL database. While this is supported in App Volumes the documentation (v2.6 of the User Guide located HERE) doesn’t mention the “How” of setting this up. Now usually this isn’t much of a challenge if using using/requiring Windows Integrated Authentication for SQL connectivity, you simple create or use an existing Active Directory user account with the needed SQL permissions to make the connection. Easy peasy.

Well, for App Volumes if it was that straight forward there would be no need for a blog post. Smile When running through the App Volumes Manager installation (documented HERE) when you get to the “Database Server’’  dialog you will notice the two SQL authentication methods. But pay close attention to the Windows Integrated Authentication option, the key here is the mention of “automatically use this server’s SYSTEM account”  and no ability to specify an actual user account as you would normally see:

SQL_Auth_Pic01

The Solution

In my lab environment I tested out a few different configurations in the attempts to get Windows Integrated Authentication to work. What I finally settled on is outlined below:

    • Created an Active Directory Security Group title AppVolums_Servers
    • Placed the Active Directory Machine Account of my App Volume Manager servers (AppVol01/AppVol02). Remember App Volumes is using the SYSTEM account for authentication
    • In SQL Server Management Studio created a Login using the Active Directory Security group containing my App Volume Managers (AppVolumes_Servers).  When creating the Login be sure to select the “Advanced” option to complete the search. From here you will need to add “Groups”  to the Object Types and search your Active Directory domain for the Location to find the needed security group:

SQL_Auth_Pic02

  • With the SQL login created we can go back over to the App Volumes install and provide the details for the SQL database connectivity. Now that access has been implemented I can browse/select my App Volumes database to install to, AppVolumes_Test:

SQL_Auth_Pic03

    Note, I am not DBA by trade and know enough about MS SQL to get me into trouble.  If a DBA or someone just more familiar with MS SQL knows of a better/more standard way of handling this type of configuration for Windows Integrated Authentication please drop a note in the comments below.

Thanks for reading!

-Jason

Comments

  1. This is was huge help Jason, I was able to split it up and send the AD steps to one team and the SQL steps to SQL team and now I have a working cluster App Volume environment.

    • Hey Steve,

      Hope all is well man! Happy to hear this was helpful, it was definitely a head scratch-er for me the first time I tried to setup it up.

      -Jasoin

%d bloggers like this: