Vault Pro 2017 on 2012R2 VM with a domain
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report
I should likely be breaking this one up into individual posts. I have a client who is currently running Vault Pro 2017 in an environment that was patched together and their users (7) are continually complaining about the performance of Vault. We procured a new server for the client that has quite a bit of resources, which we have to share between a local file server, and two VMs, one domain controller and another VM which may become the vault.
To be clear the Vault performance issue is part of an overall larger project and not the project.
- what best security practice KB articles and or advice can you provide on setting up Vault Pro 2017 in a domain? For example creating domain service accounts for the installation of SQL, running of any Vault services, etc.
- I would prefer to virtualize (Hyper-V) all of the application components and leave any flat file components on the host box. How well does Vault perform when virtualized, where are the performance hits or gains realized compared to a physical box? Keep in mind I will create a fixed VHD as well as dedicate RAM and logical processors to the VM. The server is running dual ten core Xeon 2.4Ghz processors (20 cores and 40 logical processors), 64GB RAM, and has a disk sub-system configured in RAID 1+0 (4 x 15K 600GB SAS HDs, with hot spare) running on an Array controller with 2GB battery backed R/W cache, and a quad Gig NIC.
- based on the hardware resources above, that the client will have enough MS server licensing to run 4 VMs, and that the user community is currently 7 users and not likely to exceed 10 users, would you recommend running all of the components on one VM? Are their any flat file components that can be stored on the host file server. If you recommend breaking it up how and are the advantages security, performance or both?
- finally I am not sure if Vault file server would help with performance, accessibility and or security, however most user access will be local but there will be some remote access. I would prefer not to publish access, but rather force the user to either access via a SSLVPN or use a SSLVPN RDP session to a local PC. What role could the Vault file server play in accessibility, security and or performance?
Bottom line I am interested in hearing about security first and performance second.
