Understanding re-design of Cluster Service Account in Win2008

In windows server 2003, the cluster required the use of a Cluster Service Account (CSA).  The cluster service as well as resources used this regular domain user account to login.  The CSA presented some problems, the most obvious of which was requiring administrators to rotate this password every so often.
In Windows Server 2008, this requirement was removed.  To replace the CSA, Microsoft created the Cluster Name Object (CNO).  This is a Network Name resource that acts as the identity of the Cluster.  This CNO in turn owns all of the Virtual Computer Objects (VCO) in the cluster.  The VCOs are the computer names to which clients connect.  The cluster service and cluster resources, now impersonate the CNO or the proper VCO.
To give an example, suppose you created a cluster named “BAYEXCH1” and this cluster hosts two applications, named “baysrv1” and “baysrv2.”  Active Directory will contain three computer objects – BAYEXCH1, baysrv1, and baysrv2.  BAYEXCH1 will be the owner of baysrv1 and baysrv2.
For more information about Active Directory with Failover Clustering, check out our TechNet guide on Configuring Accounts for Active Directory:  http://technet.microsoft.com/en-us/library/cc731002.aspx.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: