Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft

111

112

113

114

115

116

117

118

119

120

• MgmtSvc-WebAppGallery

• MgmtSvc-WindowsAuthSite

• TenantSiteNoticationServiceUser

You do not have to touch any of these accounts. For all of these:

• The passwords are autogenerated.

• Password rotation is done when you run the MCPasswordReset script.

The password expiration for SpfUser and SMAUser are controlled by domain policy. Note that all Windows Azure Pack database account

passwords do not expire. However, they are rotated on the same schedule.

NOTE: Password polices are located in the following location in the Group Policy Management Console: Default Domain Policy/

Computer Conguration/Policies/Windows Settings/Security Settings/Account Policies/Password Policy. For more information

about security considerations of editing password policy settings, see Domain Level Account Policies on Microsoft TechNet.

Domain service accounts

The domain service accounts that are part of Dell Hybrid Cloud System for Microsoft are listed in the following table.

You do not have to touch any of these accounts. For all of these:

• The passwords are auto generated.

• Password rotation is done when you run the MCPasswordReset script.

• Password expiration is controlled via the domain policy.

NOTE

: The SMA group Managed Service Account (gMSA) is auto rotated every day.

Table 34. Domain service accounts

Account Privileges/Usage

<Prex>-Installer Used during deployment. By default, this account is disabled after deployment.

NOTE: Do not remove or manually enable this account. This account is used during

stamp expansion and backup deployment scenarios, where it is automatically

enabled and then disabled again.

<Prex>-Fabric Administrator on physical hosts. Used for host management operations. For example, physical

computers are added into VMM by using this account.

<Prex>-System Administrator on all management VMs. Used to communicate between VMs to run role

operations, for example, to run runbooks, agent installation, and updates.

<Prex>-SVC-SQL Administrator on SQL VMs. Also has Read/Write permission for ServiceAccountPrincipal to

do SPN registration. Used to run SQL Server services.

<Prex>-SVC-VMM Administrator on the VMM VM. Used to run the VMM service.

<Prex>-SVC-OM Administrator on the Operations Manager VM. Used to carry out actions on monitored

computers across a network connection.

<Prex>-SVC-SPF Used to run all SPF services.

<Prex>-SVC-SMA Account used to deploy SMA.

<Prex>-SA-SMA Used to run all SMA services (SMA Web Service and SMA Runbook Service). This is a group

Managed Service Account (gMSA account).

Security 117