Jaa


Enable the Caching Service in a Workgroup Scenario

This topic describes how to deploy a cache cluster in a workgroup. The following must be true for this deployment:

  • All the hosts/computers are in a workgroup (not in a domain).

  • All the computers have a common local account, and each account has the same name and same password.

  • You must install and configure Caching Services on all the workgroup computers using the common local account.

To configure the Caching Service on a computer that is part of a workgroup

In Microsoft AppFabric 1.1 for Windows Server, all Distributed Cache configuration scenarios are supported with XML-based configuration only. There are some manual steps involved in ensuring that the Distributed Cache service identity account has appropriate security permissions.

To configure the Caching Service on a computer that is part of a workgroup, using a network share for the configuration store, proceed as follows:

  1. Create a local user account with the same name and same password on all computers that will be running the Caching Service and on the computer that will be hosting the caching configuration.

  2. The shared account must have the following rights granted to it on all the computers that will be running the Caching Service: Generate security audits, Bypass traverse checking, and Logon as a service. Grant the shared account this permission by using the Local Security Policy (Secpol.msc) tool, and moving to the following path: Secpol.msc, Security Settings, LocalPolicies, and User Rights Assignment. Add the account to each of the policies listed above.

    Important

    You must grant the preceding rights to the shared account on each computer that will be running the Caching Service.

  3. On the computer that will be hosting the caching configuration, create a network share. Add the shared account to the local administrator group and add this account to the network share permissions as co-owner.

  4. Use Microsoft AppFabric 1.1 for Windows Server setup to install the Caching Service on all the computers that participate in the cluster as nodes.

  5. Use the AppFabric Configuration Wizard to change the identity of the Caching Service and perform the caching configuration.

  6. Configure the Caching Service on all computers pointing to the network share that was created as the configuration store.

    Note

    If a warning that reads “Could not set permissions on the configuration store” is posted while configuring the hosts, ignore it.

To administer the workgroup cluster

To administer the workgroup cluster by using the Cache Administration tool, proceed as follows:

  1. Install and configure the Cache Administration tool on a computer where the common local account with the same user name and password is available.

  2. Turn off UAC remote restrictions on all computers in the cluster.

    Important

    This is required because local admin accounts other than built-in Administrator run in Admin Approval mode. This Admin Approval mode prevents remote administration such as service control. The admin tool will not be able to access the Caching Service if UAC is enabled on the cluster computers. For more information, see Description of User Account Control and remote restrictions in Windows Vista (https://support.microsoft.com/kb/951016).

On the Cache Client

If security is disabled (change mode to “None” in the cluster configuration), then a Cache Client running on any other computer under any account will be able to access the cluster.

If security is enabled (change mode to “Transport” in cluster configuration), then the following will occur:

  • A client running on a computer under local account N, where N is a local administrator on all the cache cluster computers with the same password, will be able to access the cluster.

  • A client running on a computer under local account N, where N is a local account (non-admin) on all the cache cluster computers with same password and is added to the cluster configuration, will be able to access the cluster.

  2012-09-12