While RES Workspace Manager has supported using Windows Authentication for connecting to a Microsoft SQL server, the introduction of the RES Workspace Manager Relay Server has made this process a lot easier to manage. Before the relay server, every time the Windows account used to connect to the database changed passwords, each agent needed to be updated. While RES Automation Manager made this easy with the built-in Manage Service Properties, those without RES Automation Manager were SOL.
Enter in the Relay Server. For those unfamiliar with the Relay Server, it is an intermediary which can store and forward RES Workspace Manager traffic from the agent to the datastore. Multiple Relay Servers can also be connected together for large scale out or to accommodate multiple topographies. Agents then connect to the Relay Server instead of directly to the database.
Relay Server can connect to Microsoft SQL databases using either SQL Authentication or Windows Authentication. If it is policy to use Windows Authentication, using a Relay Server will minimizes the number of service accounts that need to be updated when the Windows Account password is changed. This document will describe how to setup RES Workspace Manager to use Windows Authentication when connecting to Microsoft SQL Server.
Creating the Datastore
The initial steps of creating the Datastore are very similar when using either authentication method. The first step is to connect to a Microsoft SQL Server in order to create a new database as shown below.
NOTE: The authentication method used on this screen is only used for the database creation. It will not be used for anything else. Therefore, it does not matter which authentication method is used, SQL or Windows.
The next screen will allow you to create a new database (default of Workspace Manager) and the following screen will setup the file locations and sizes. The next screen will be used to either create a new SQL Server Authentication account, or to select an Active Directory Group that will have access to the newly created database. For this document, we are interested in the latter section. Select an AD group that will have access and click next and finish the database creation.
NOTE: An active directory group is used for access by the agents, Relay Servers and any admins. It is required that the person installing the software (and Relay Servers) as well as any service accounts used by the agents and Relay Server are added to that group before continuing any further. If the group configured was modified after logging into the server where the Relay Server will be installed, the user must logoff and log back in to refresh the group membership.
Installing and Configuring the Relay Server
Before installing the Relay Server, you must setup the environment password. This is done by navigating to Administration -> Relay Server -> Relay Server -> Settings and clicking on the Manage environment password button as shown below.
Next, install the Relay Server from the appropriate msi by clicking through the installer. This will bring the dialog as shown below.
If the port is already in use, change the port. Next, click the Add button. This will bring up the dialog to add the Relay Server into your environment. If this is the first Relay Server, it must be connected to the database. Fill in the Database server, and click on the “Use Windows Authentication” checkbox and also fill in the Database name. This will populate the Login based on the currently logged in user.
NOTE: Due to the fact that the logged on user is populated and cannot be changed, it is important that the user installing the Relay Server is added to the Group who has access to the database.
Finish clicking through the setup and you should have something that resembles the screenshot below.
The last step is to change the service account used for the RES Workspace Manager Relay Server service to use Windows Authentication. Open up the Services.msc and select the “RES Workspace Manager Relay Server” service. Click on the Log On tab and change the account being used to the one setup and added to the Group used in the beginning of this document.
Save the changes and restart the service. The Relay Server is now connected to the database and should show up in the Workspace Manager Console. Agents can now be added to the Relay Server.