Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft

111

112

113

114

115

116

117

118

119

120

• MgmtSvc-UsageCollector_Management

• MgmtSvc-WebAppGallery

• MgmtSvc-WindowsAuthSite

• TenantSiteNoticationServiceUser

You do not have to touch any of these accounts. For all these accounts:

• The passwords are autogenerated.

• Password rotation is done when you run the MCPasswordReset script.

The password expiration for SpfUser and SMAUser is controlled by domain policy. All Windows Azure Pack database account passwords do

not expire. However, they are rotated on the same schedule.

NOTE: Password policies are located in the following location in the Group Policy Management Console: Default Domain Policy/

Computer Conguration/Policies/Windows Settings/Security Settings/Account Policies/Password Policy. For more information

about security considerations of editing password policy settings, see Domain Level Account Policies on Microsoft TechNet.

Domain service accounts

The domain service accounts that are part of Dell Hybrid Cloud System for Microsoft are listed in the following table.

You do not have to touch any of these accounts. The following statements apply for all domain service accounts except for the

<Prex>SA-SMA and <Prex>Installer accounts:

• The passwords are auto generated.

• Password rotation is done when you run the MCPasswordReset script.

• Password expiration is controlled via the domain policy.

NOTE

: The password for the SMA group Managed Service Account, <

Prex

>-SA-SMA, is autogenerated and automatically

rotated by Active Directory Domain Services every two days. This password is not rotated by the MCPasswordReset script.

Table 35. Domain service accounts

Account Privileges/Usage

<Prex>-Installer Used during deployment. By default, this account is disabled after deployment. This password

is not rotated by the MCPasswordReset script

NOTE: Do not remove or manually enable this account. This account is used during

stamp expansion and backup deployment scenarios, where it is automatically

enabled and then disabled again.

<Prex>-Fabric Administrator on physical hosts. Used for host management operations. For example, physical

computers are added into VMM by using this account.

<Prex>-System Administrator on all management VMs. Used to communicate between VMs to run role

operations, for example, to run runbooks, agent installation, and updates.

<Prex>-SVC-SQL Administrator on SQL VMs. Also has Read/Write permission for ServiceAccountPrincipal to

do SPN registration. Used to run SQL Server services.

<Prex>-SVC-VMM Administrator on the VMM VM. Used to run the VMM service.

<Prex>-SVC-OM Administrator on the Operations Manager VM. Used to carry out actions on monitored

computers across a network connection.

<Prex>-SVC-SPF Used to run all SPF services.

116 Security