Manualshelf

Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft
31323334353637383940
$pcs = "Data Source=$sql; Initial Catalog=$pdb; Integrated Security=True"
$mcs = "Data Source=$sql; Initial Catalog=$mdb; Integrated Security=True"
$mdeip = "https://$fqdn`:30081/FederationMetadata/200706/FederationMetadata.xml"
$mderp = "https://$fqdn`:30071/FederationMetadata/200706/FederationMetadata.xml"
Set-MgmtSvcFqdn NameSpace TenantSite FullyQualifiedDomainName $fqdn
Port 30081 PortalConnectionString $pcs ManagementConnectionString
$mcs
Set-MgmtSvcFqdn NameSpace AuthSite FullyQualifiedDomainName $fqdn
Port 30071 PortalConnectionString $pcs ManagementConnectionString
$mcs
Set-MgmtSvcFqdn NameSpace TenantPublicAPI FullyQualifiedDomainName
$fqdn Port 30006 PortalConnectionString $pcs ManagementConnectionString
$mcs
Set-MgmtSvcIdentityProviderSettings Target Membership MetadataEndpoint
$mdeip PortalConnectionString $pcs ManagementConnectionString $mcs
DisableCertificateValidation
Set-MgmtSvcRelyingPartySettings Target Tenant MetadataEndpoint $mderp
PortalConnectionString $pcs ManagementConnectionString $mcs DisableCertificateValidation
7 Validate that you can access the Windows Azure Pack management portal for tenants from the tenant access network.
Replacing self-signed certicates
The self-signed certicates that are generated as part of Dell Hybrid Cloud System for Microsoft installation are intended to be temporary.
As a security best practice, before you begin using Windows Azure Pack in production, you should promptly replace self-signed certicates
with Secure Sockets Layer (SSL) certicates that are issued by a trusted certication authority (CA), such as VeriSign or Thawte. For
detailed information about how to do this, see Replacing self-signed certicates with CA-signed certicates.
Disabling the tenant AuthSite and the admin Windows
AuthSite websites
NOTE
: Before you do this, make sure you have replaced the self-signed
certicates.
By default, Dell Hybrid Cloud System for Microsoft uses the following authentication methods for the Windows Azure Pack portals:
An ASP.NET membership provider database for tenant authentication
Windows Authentication for the management portal for administrators.
Both of these authentication methods are not supported in a Dell Hybrid Cloud System for Microsoft production environment. Before you
go into production, you must shut down the default tenant authentication site (the AuthSite) and the default admin authentication site
(WindowsAuthSite), and then update to a security token service to make authentication more secure.
WARNING
: If you shut down the default tenant and admin authentication sites, but do not update to a security token service,
nobody can access the management or tenant portals.
When you disable either site, you have the following two options:
You can stop the website and close the rewall port. This option enables you to easily re-enable the site at any time if needed for
troubleshooting.
You can completely remove the site components from the VM. This includes the Windows Installer Package (.msi le) and the entries
from the Operations Manager management pack. This option helps to increase security by reducing the attack surface.
38
Administration