Caché Installation Guide - InterSystems Documentation
Caché Installation Guide - InterSystems Documentation
Caché Installation Guide - InterSystems Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Preparing for <strong>Caché</strong> Advanced Security<br />
2. In the <strong>Caché</strong> Server Manager dialog for adding a new preferred server, choose Kerberos. The name<br />
populated in the <strong>Caché</strong> Service Name field should match the name in use. If there are multiple<br />
<strong>Caché</strong> instances on the server machine, you may need to edit the contents of this field.<br />
For detailed information on configuring remote server connections, see the “Connecting to Remote<br />
Servers” chapter of the <strong>Caché</strong> System Administration <strong>Guide</strong>.<br />
Names that are Any Unique String<br />
For a name that uses any unique string, the procedure is:<br />
1. Choose a name for the service principal.<br />
2. In the <strong>Caché</strong> Server Manager dialog for adding a new preferred server, choose Kerberos. Specify<br />
the selected name for the service principal in the <strong>Caché</strong> Service Name field.<br />
If you decide not to follow Kerberos conventions, a suggested naming convention for each account<br />
representing a <strong>Caché</strong> server instance is “cacheHOST” , which is the literal, cache, followed by the<br />
host computer name in uppercase. For example, if you are running a <strong>Caché</strong> server on a Windows<br />
machine called WINSRVR, name the domain account cacheWINSRVR.<br />
If you have multiple <strong>Caché</strong> server instances on one machine, since the service account name must be<br />
unique, you may want to follow the default <strong>Caché</strong> practice of naming instances and use this instance<br />
name in place of the cache literal. For example, if you install two <strong>Caché</strong> server instances on the<br />
WINSRVR machine and use the default instance names (cache and cache2), name the two service<br />
accounts cacheWINSRVR and cache2WINSRVR.<br />
For more information on configuring remote server connections, see the “Connecting to Remote<br />
Servers” chapter of the <strong>Caché</strong> System Administration <strong>Guide</strong> for the detailed procedure.<br />
D.1.5 Create Service Accounts for Non-Windows <strong>Caché</strong> Servers<br />
Before you install <strong>Caché</strong> in a Windows domain, the Windows domain administrator must create a<br />
service account for each <strong>Caché</strong> server on a non-Windows machine that uses the Windows domain<br />
controller. Create one service account for each machine, regardless of the number of <strong>Caché</strong> server<br />
instances on that machine.<br />
A suggested naming convention for these accounts is “cacheHOST,” which is the literal, cache,<br />
followed by the host computer name in uppercase. For example, if you run a <strong>Caché</strong> server on a non-<br />
Windows machine called UNIXSRVR, name the domain account cacheUNIXSRVR. For <strong>Caché</strong> servers<br />
on non-Windows platforms, this is the account that maps to the Kerberos service principal.<br />
When you create this account on the Windows domain controller, <strong>Caché</strong> requires that the account have<br />
the following characteristics:<br />
• Set the Password never expires property.<br />
• Set the Use DES encryption types for this account property<br />
114 <strong>Caché</strong> <strong>Installation</strong> <strong>Guide</strong>