4. Setup

In this chapter we will discuss initial setup, basic configurations and some security best practices; also, we will talk about protecting VAC itself.

4.1 Authentication

By default, access as Administrators to VAC is configured and allowed to the Local Administrator of the Windows machine where VAC service has been installed. It’s heavily suggested to modify this behaviour, and leverage dedicated groups to control VAC.

First, we create a new VAC Admins group in Active Directory. Then, we create a personal User account for each Administrator that will need access to VAC: Dedicated VAC account

Then, inside VAC we first login using the local Windows Administrator, and we edit the section of the Configuration Roles and Users:

  • we add a new Administrator group by selecting the VAC Admins as the Authentication source: Add VAC Admins as administrators;

  • In the Local Security Policy of the VAC Server, we add VAC Admins group to the policy Allow log on locally:

    Allow log on locally to VAC Admins

  • we are finally able to login using the DOMAIN\USER format, using the DNS style of the domain, like in the example below:

    Log into VAC with Domain credentials

4.2 SSL Certificates

We created a dedicate chapter to give you some powerful options to automatically manage SSL certificates and their renewal. Have a look at Chapter 8; in the rest of the document, we will assume that a proper certificate has been installed.

4.3 Backup and Restore

All the data and configuration information are stored into the SQL database, so this is the main component that we need to protect. To do so, there are multiple options, like for example SQL Maintenance Plans:

SQL Maintenance Plan

The final result is a SQL backup stored on a filesystem:

SQL backup files

With these backups, admninistrators can restore a VAC database, and then using the procedure explained in chapter 9, proceed to reconnect VAC service to the database.