Administrator Guide

VM Name Purpose

NOTE: This VM also runs SMA and SPF.

Prex

>APT01 Hosts the Windows Azure Pack tenant components. These include:

• Management portal for tenants— A customizable self-service portal to

provision, monitor, and manage services. In this portal, users sign up for

services and create services, VMs, and databases.

• Tenant Public API— Enables tenants to manage and congure cloud

services that are included in the plans that they subscribe to. Can be

exposed to the internet to provide command line access.

• Tenant authentication site— By default, Windows Azure Pack uses an

ASP.NET Membership provider to provide authentication for the

management portal for tenants. Before going into production, you must

disable the ASP.NET provider, and use AD FS or an external third-party

identity system that supports WS-Federation and JWT tokens to

authenticate users.

For more information, see Windows Azure Pack components (http://technet.microsoft.com/library/dn469332.aspx) in the Microsoft

TechNet Library.

Before you go into production

Dell Hybrid Cloud System for Microsoft installation prepares Windows Azure Pack for you to use, but there are some important things you

must do before you go into production.

You must:

• Replace self-signed certicates for the Windows Azure Pack websites, SMA, and SPF with trusted SSL certicates that are issued by a

trusted certication authority (CA).

• Disable both the default tenant and admin authentication websites.

• Update both tenant and admin authentication to use a security token service such as AD FS or an external third-party identity system.

NOTE

: There is also an optional procedure to set up tenant portal access on an isolated network. If you want to do this, you must

set up the tenant portal access before you replace self-signed certicates and congure integration for AD FS or some other

security token service.

Procedures for all these steps are included in the following sections.

Setting up tenant portal access on an isolated network

The following is an optional procedure you can do before you go into production.

When the Dell Hybrid Cloud System for Microsoft is deployed, all management VMs are connected to the Management network. This

includes the VM that hosts the Windows Azure Pack management portal for tenants,<

Prex

>APT01, the portal that tenants use to access

cloud services.

Sometimes, you may want to isolate the management network from tenant access. Follow the steps in this section if your organization

requires network level isolation between the tenant portal and other management VMs. This requirement is more common for cloud service

providers.

To isolate trac, the Windows Azure Pack management portal for tenants VM, referred to as the tenant portal VM, must be connected to

another network that is accessible by tenants. This section describes the general requirements and the steps to congure tenant access to

the portal over the isolated network.

Administration