During a new DataKeeper installation setup, the user will be prompted for a DataKeeper Service Log On ID and Password.

The DataKeeper Service uses authenticated connections to perform volume switchovers and make mirror role changes across multiple servers. The Log On ID account chosen to run the DataKeeper Service will determine how much authority and permission is available to establish connections between servers and perform volume switchovers, especially when server or network disruptions occur.

Several types of Service Log On ID accounts are available as follows:

  • A Domain Account with administrator privileges, valid on all connected servers in the domain (not recommended)
  • A Server Account with administrator privileges, valid on all systems (same username and password). (recommended)
  • The Local System Account (not recommended)

Note: A Server Account is recommended because when a Local System or a Domain user account is used, and the domain controller is not reachable, communication between the services on separate nodes is not possible.

Note: Group Managed Service Accounts(GMSA) are supported, but during the initial install you have to choose a Domain Account and then later you can switch it to a GMSA account.

Note: For Workgroups, use the Server Account option and use the server name \ administrator on each system as the Service Account for DataKeeper. You should also log on to all servers using this same Log On ID and Password (see related Known Issue).

Note: The domain or server account used must be added to the Local System Administrators Group. The account must have administrator privileges on each server that DataKeeper is installed on.

Please note that the Local System account cannot be authenticated properly in a domain when network connectivity with Active Directory is lost. In that situation, connections between servers cannot be established with the Local System account causing DataKeeper volume switchover commands, via the network, to be rejected. IT organizations requiring fault tolerance during disaster recovery, including network disruptions, should not use the Local System account.

DataKeeper Installation – Service Logon ID Type Selection:

If a Domain or Server account is selected above, the DataKeeper Service Log On ID and Password Entry Form is displayed to enter that information.

It is recommended that the LifeKeeper and DataKeeper service accounts are synchronized on each system to ensure more reliable switchovers and failovers.

LifeKeeper Service Logon:

If the DataKeeper Service has previously been configured with a Service Log On ID and Password, the setup program will omit the Service ID and Password selection dialogs. However, at any time, an administrator can modify the DataKeeper Service Log On ID and Password using the Windows Service Applet. Be sure to restart the DataKeeper Service after changing the Log On ID and/or Password.

The following table outlines these requirements:

Environment DataKeeper Service Requirements DataKeeper UI Requirements

Same Domain

or

Trusted Domain Environment

  • Run the DK Service on all systems as the same account with the same credentials

  • Okay to use the default = Local System Account


  • Log in as a domain admin and run the DK GUI

  • Or use “run as” Administrator option to run DK GUI


Mixed Environment Servers in a Mixture of Domain and WorkGroup

or

Servers in Separate Domains

  • Create a local account on each system with same account name and password

  • Add this local account to the Administrator Group

  • Run the DK Service on all systems with the local account


  • Log in using the local account you created to run the DK Service

  • Run the DK GUI

    You should also log on to all servers using this same Log On ID and Password (see related Known Issue).


DataKeeper Cluster Edition Environment

  • Create or use a domain account for use by the DataKeeper Service (preferred)

    or

  • Create a local account on each system with same account name and password

  • Add this local account to the Administrator Group

  • Run the DK Service on all systems with this local administrator account


  • Log in using the local administrator account you created to run the DK Service

  • Run the DK GUI

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment