There are several user accounts and passwords that you might need to create or plan settings for, before installing vRealize Automation.
IaaS Service Account
IaaS installs several Windows services that must run under a single user account.
- The account must be a domain user.
- The account does not need to be a domain administrator, but must have local administrator permission, before installation, on all IaaS Windows servers.
- The account password cannot contain a double quotation mark ( " ) character.
- The Management Agent installer for IaaS Windows servers prompts you for the account credentials.
- The account must have Log on as a service permission, which lets the Manager Service start and generate log files.
- The account must have dbo permission on the IaaS database.
If you use the installer to create the database, add the account login to SQL Server before installation. The installer grants the dbo permission after it creates the database.
- If you use the installer to create the database, in SQL, add the sysadmin role to the account before installation.
The sysadmin role is not required if you choose to use a pre-existing empty database.
- If your site uses group policy security settings, verify the following settings for the account. Run the gpedit.msc group policy editor, and look under
- Deny log on locally—Do not add the account.
- Allow log on locally—Add the account.
- Deny access to this computer from the network—Do not add the account.
- Access this computer from the network—Add the account.
IIS Application Pool Identity
The account you use as the IIS application pool identity for the Model Manager Web service must have Log on as batch job permission.
IaaS Database Credentials
You can let the vRealize Automation installer create the database, or you can create it separately using SQL Server. When the vRealize Automation installer creates the database, the following requirements apply.
- For the vRealize Automation installer, if you select Windows Authentication, the account that runs the Management Agent on the primary IaaS Web server must have the sysadmin role in SQL to create and alter the size of the database.
- For the vRealize Automation installer, even if you do not select Windows Authentication, the account that runs the Management Agent on the primary IaaS Web server must have the sysadmin role in SQL because the credentials are used at runtime.
- If you separately create the database, the Windows user or SQL user credentials that you provide only need dbo permission on the database.
IaaS Database Security Passphrase
The database security passphrase generates an encryption key that protects data in the IaaS SQL database. You specify the security passphrase on the IaaS Host page of the Installation Wizard.
- Plan to use the same database security passphrase across the entire installation so that each component has the same encryption key.
- Record the passphrase, because you need the passphrase to restore the database if there is a failure or to add components after initial installation.
- The database security passphrase cannot contain a double quotation mark ( " ) character. The passphrase is accepted when you create it but causes the installation to fail.
If you plan to provision to a vSphere endpoint, you need a domain or local account with enough permission to perform operations on the target. The account also needs the appropriate level of permission configured in vRealize Orchestrator.
vRealize Automation Administrator Password
After installation, the vRealize Automation administrator password logs you in to the default tenant. You specify the administrator password on the Single Sign-On page of the Installation Wizard.
The vRealize Automation administrator password cannot contain a trailing equals ( = ) character. The password is accepted when you create it but results in errors later, when you perform operations such as saving endpoints.