Hi there, thanks for the video! From the video, seems like it is more secure for you using virtual account than gmsa. Can you please explain me the reasons? I am very interested on that. Thanks!
Thanks for watching my video Micaela! Actually, they’re different things and both a good step for securing your SQL Server environment. Virtual accounts came out with SQL Server 2012 and gave the DBA an option to have a system-managed account where they did NOT know the password. But, it was limited to only that server. sMSA (single Managed Service Account) and gMSA (group Managed Service Account) are designed to allow the password of the account be “auto-magically” handled by AD so it is changed every thirty days (default AD - can be changed). sMSAs also came out with SQL Server 2012 and were the first attempt to allow these service accounts be managed by AD. Unfortunately, they were still tied to the single server and were not a real Enterprise level tool. gMSAs came out in SQL Server 2016 and truly allow a domain approach and way to better deal with Kerberos issues. In addition, they will work well with Always On Availabiity Groups. All of these were attempts to keep from using a single domain account across the enterprise on all SQL Server instances. Feel free to email me directly at mwall@pragmaticworks.com with any other questions! Thanks, Mike
Micaela, I am not sure if you know, but we offer many On-Demand Learning courses, such as, Power BI, Azure, SQL Server, Data Science, Business Intelligence and much more. You should check out our FREE trial: www.pragmaticworkstraining.com/trial-registration/?source=odl_youtubeorg - No credit card required and you will get instant access of all our courses.
![Lift and Shift to Azure VMs Hybrid [Best Practices]](http://i.ytimg.com/vi/ji0SqslDEdk/mqdefault.jpg)
Hi there, thanks for the video! From the video, seems like it is more secure for you using virtual account than gmsa. Can you please explain me the reasons? I am very interested on that. Thanks!
Thanks for watching my video Micaela!
Actually, they’re different things and both a good step for securing your SQL Server environment. Virtual accounts came out with SQL Server 2012 and gave the DBA an option to have a system-managed account where they did NOT know the password. But, it was limited to only that server.
sMSA (single Managed Service Account) and gMSA (group Managed Service Account) are designed to allow the password of the account be “auto-magically” handled by AD so it is changed every thirty days (default AD - can be changed). sMSAs also came out with SQL Server 2012 and were the first attempt to allow these service accounts be managed by AD. Unfortunately, they were still tied to the single server and were not a real Enterprise level tool.
gMSAs came out in SQL Server 2016 and truly allow a domain approach and way to better deal with Kerberos issues. In addition, they will work well with Always On Availabiity Groups.
All of these were attempts to keep from using a single domain account across the enterprise on all SQL Server instances.
Feel free to email me directly at mwall@pragmaticworks.com with any other questions!
Thanks, Mike
Micaela, I am not sure if you know, but we offer many On-Demand Learning courses, such as, Power BI, Azure, SQL Server, Data Science, Business Intelligence and much more. You should check out our FREE trial: www.pragmaticworkstraining.com/trial-registration/?source=odl_youtubeorg - No credit card required and you will get instant access of all our courses.