I read the cluster service account needs to be in the public role at a minimum in a cluster environment. I removed the account from the instance completely expecting to see the instance failover when it couldn't log in. Nothing happened. I monitored the event and SQL logs and the Security log shows the account logging into each node of the server (successfully) but there's no indication of the account attempting to log into SQL. Does the cluster service account need to be added to SQL? Also, When I create an instance on a cluster, I provide a private IP. Does any SQL traffic go over the private network? I read that it is sometimes used to send replication traffic and such but could find nothing about any system level traffic.