Vault Pro 2017 on 2012R2 VM with a domain

Vault Pro 2017 on 2012R2 VM with a domain

Anonymous
Not applicable
653 Views
2 Replies
Message 1 of 3

Vault Pro 2017 on 2012R2 VM with a domain

Anonymous
Not applicable

I should likely be breaking this one up into individual posts.  I have a client who is currently running Vault Pro 2017 in an environment that was patched together and their users (7) are continually complaining about the performance of Vault.  We procured a new server for the client that has quite a bit of resources, which we have to share between a local file server, and two VMs, one domain controller and another VM which may become the vault.

 

To be clear the Vault performance issue is part of an overall larger project and not the project.

 

- what best security practice KB articles and or advice can you provide on setting up Vault Pro 2017 in a domain?  For example creating domain service accounts for the installation of SQL, running of any Vault services, etc.

 

- I would prefer to virtualize (Hyper-V) all of the application components and leave any flat file components on the host box.  How well does Vault perform when virtualized, where are the performance hits or gains realized compared to a physical box?  Keep in mind I will create a fixed VHD as well as dedicate RAM and logical processors to the VM.  The server is running dual ten core Xeon 2.4Ghz processors (20 cores and 40 logical processors), 64GB RAM, and has a disk sub-system configured in RAID 1+0 (4 x 15K 600GB SAS HDs, with hot spare) running on an Array controller with 2GB battery backed R/W cache, and a quad Gig NIC.

 

- based on the hardware resources above, that the client will have enough MS server licensing to run 4 VMs, and that the user community is currently 7 users and not likely to exceed 10 users, would you recommend running all of the components on one VM?  Are their any flat file components that can be stored on the host file server.  If you recommend breaking it up how and are the advantages security, performance or both?

 

- finally I am not sure if Vault file server would help with performance, accessibility and or security, however most user access will be local but there will be some remote access.  I would prefer not to publish access, but rather force the user to either access via a SSLVPN or use a SSLVPN RDP session to a local PC.  What role could the Vault file server play in accessibility, security and or performance?

 

Bottom line I am interested in hearing about security first and performance second.

0 Likes
654 Views
2 Replies
Replies (2)
Message 2 of 3

ShayaGhanbar
Advocate
Advocate

I am going to answer your first question:

 

Do not use a domain controller for Vault server! It will cause security issues and even Microsoft recommends not using SQL on a domain controlled for security permissions and other complications. 

 

Did you find this reply helpful?  If so, please use the Accept as Solution or Kudos button below.

Shaya Ghanbar, P.Eng.
Technical Specialist - MFG
SolidCAD - A Cansel Company


Message 3 of 3

ihayesjr
Community Manager
Community Manager

@Anonymous

 

Security

Microsoft recommendations state not to install SQL on a domain controller.  Other security options should be pulled from Microsoft Recommendations. As far as Vault Server, I would not recommend installing it on a domain controller because of performance not because of security.  If you want addition security for Vault, SSL would be a recommendation for communications between the server and the client.

 

Hyper-V Environment

I would be unable to give you any recommendations on if the new server that was purchased will solve your Vault performance problems.  There are too many factors involved.  We always recommend installing Vault Server on a dedicated machine so that it can have all the resources it needs.  Sharing resources with other applications, such as domain controller applications and other VM environment could affect the performance of Vault.

 

File Server

The Vault File Server is meant to improve performance for uploading and downloading files when the main Vault Server is at a remote location.  If the users are in the same location as the Vault Server, there is no benefit in installing the Vault File Server.

 

Performance

Splitting up the Vault Server, SQL Server and File Store location could be beneficial if you have a large number of users.  You only have 7, I don't see you benefitting from splitting these up.




Irvin Hayes Jr
Principal Product Manager
Autodesk, Inc.

Vault - Under the Hood Blog
0 Likes