Databases
In this section:
Database Summary
The Database node displays the product Database Summary page, where you can see a list of all Database Connections and create or delete them.
Create a Database
You can create databases for both the Management and Personalization servers.
-
Select the required node:
- Management > Management Databases
- Personalization > Personalization Databases
The product Database Summary page displays in the work area.
-
Select CREATE NEW to display the New Database Connection page.
- Enter a Connection Name for the database.
-
Choose the Server Name that will host the new database.
- Select the Encrypt Connection and Validate Server Certificate checkboxes to switch these options on or off.
You must select the Encrypt Connection checkbox in order to select the Validate Server Certificate checkbox.
-
Enter the Configuration Account details:
The Configuration Account must be different from the Service Account. For further details on Configuration and Service Accounts, see Database Accounts and Privileges.
- Enter the username and password for the Configuration Account.
- Select the Authentication type:
- Windows Authentication - A Windows account and password must be specified to access the database.
Local Windows accounts are not supported; you must use a domain account.
- SQL Authentication - A SQL Authentication account must be specified to access the database.
- Windows Authentication - A Windows account and password must be specified to access the database.
-
Select CHECK to validate the credentials.
-
Select SQL Database Name to display all known databases or to create a new one.
- To create a new database:
Ensure the Configuration Account has dbcreator server privileges.
Enter a unique database name in the SQL Database Name field.
-
To set up the schema on a new, empty database:
-
Ensure the Configuration Account is the database owner or a member of the db_owner role.
-
Select the database from the SQL Database Name list.
-
-
To upgrade an existing database, ensure the Configuration Account has dbo privilege, and select the database from the list.
Always back up your database before performing an upgrade.
-
To use an existing database, ensure the Configuration Account is a member of the ManagementServerAdministrator or dbo database roles.
- To create a new database:
-
Enter the Service Account details:
The Service Account must be different from the Configuration Account. For further details on Configuration and Service accounts, see Database Accounts and Privileges.
-
Enter the username and password for the Service Account.
If the Service Account does not already exist in the SQL Server and the Configuration Account has securityadmin server privileges, the account will be created.
- Select the Authentication type:
- Windows Authentication - A Windows account and password must be specified to access the database.
Local Windows accounts are not supported; you must use a domain account.
- SQL Authentication - A SQL Authentication account must be specified to access the database. Accounts are created in the SQL Server.
gMSA - Enter the Service Account name with a terminal $ to indicate a virtual or special account.
Mydomain\psaaccount
The password field is disabled for the gMSA authentication option.
- Windows Authentication - A Windows account and password must be specified to access the database.
-
Select CHECK to validate the credentials.
This does not test whether the gMSA successfully connects to the database. It only verifies that the account exists in AD.
-
-
Select CREATE to start the database creation.
Once created, the database displays in the tree structure under the relevant node.
Edit a Database Connection
You can edit databases for both the Management and Personalization servers.
-
Select the required node:
- Management > Management Databases
- Personalization > Personalization Databases
The product Database Summary page displays in the work area.
-
Select the database that you want to change. The database Detail page displays in the work area.
- Select the Encrypt Connection and Validate Server Certificate checkboxes to switch these options on or off.
You must select Encrypt Connection in order to select Validate Server Certificate.
- Change the Configuration Account:
The Configuration Account must have dbo privileges and be a member of the ManagementServerAdministrator or db_owner role.
- Change the username and enter the password.
Select the Authentication Type:
- Windows Authentication: A Windows account and password must be specified to access the database.
- SQL Authentication: A SQL Authentication account must be specified to access the database.
- Select CHECK to validate the credentials.
- Change the Service Account.
- Update the username, and enter the password.
If the Service Account does not already exist in the SQL Server and the Configuration Account has securityadmin server privileges, the account will be created.
Select the Authentication Type:
- Windows Authentication: A Windows username and password must be supplied each time access to the database is required.
- SQL Authentication: Specify a SQL Authentication account to provide access to the database.
gMSA - Enter the Service Account name with a terminal $ to indicate a virtual or special account.
Mydomain\psaaccount
The password field is disabled for the gMSA authentication option.
Select CHECK to validate the credentials.
This does not test whether the gMSA successfully connects to the database. It only verifies that the account exists in AD.
- Update the username, and enter the password.
- Select SAVE CHANGES to save the details.
Configure Databases with Low SQL Privileges
The Management and Personalization Servers use a SQL Server database to store environmental and personalization data. The installation procedure requires sysadmin access to the SQL Server instance in order to create and initialize the database. When the user installing the Management or Personalization Servers does not have sysadmin access, export scripts enable the database to be set up. It is assumed that the SQL Server instance is on a separate machine from the Management and Personalization Servers.
You can only export scripts using PowerShell; you can not export scripts from the Server Configuration Portal. For more information on PowerShell scripts, see the Server Configuration Portal Scripting Guide.