3

I am running two SQL Servers 2012 (for Always On) under the same domain account and would like to know what are the downsides in doing so. Few articles that I have read prior setting up the servers suggest different domain account for each sql server and services it will be running. The downside to that method is each sql server must be also setup to have access to another sql server through that account. However, with single domain account all the sql servers already have the access since they are running under same account. Of-course, the biggest pitfall the articles pointed out is lower security, well, due to all sql servers sharing the account.

How critical is this, single domain account for all sql servers, in small environments and what are the other pitfalls?

jM2.me
  • 301
  • 2
  • 6
  • 15

1 Answers1

0

Ultimately, this is a security related issue.

If you have regulatory frameworks you must adhere to then that should be your guidepost.

  • HIPAA

  • PCI DSS

  • SEC

All of these require independence. Additionally, if you have a public server that is the front end for these servers they should not have domain account in your user domain. There should be a domain for your public production servers in isolated VLAN's or simply have them be standalone.

Citizen
  • 1,103
  • 1
  • 10
  • 19
  • 1
    It can also be a maintenance issue. You should rotate your passwords regularly. If they all use the same password, you have to update all the servers at once, instead of being able to stagger the changes. – E-Rock Jan 29 '15 at 05:32
  • Salient point, didn't think of that. – Citizen Jan 29 '15 at 07:03