Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
• MgmtSvc-UsageCollector_Management
• MgmtSvc-WebAppGallery
• MgmtSvc-WindowsAuthSite
• TenantSiteNoticationServiceUser
You do not have to touch any of these accounts. For all these accounts:
• The passwords are autogenerated.
• Password rotation is done when you run the MCPasswordReset script.
The password expiration for SpfUser and SMAUser is controlled by domain policy. All Windows Azure Pack database account passwords do
no
t expire. However, they are rotated on the same schedule.
NOTE
: Password policies are located in the following location in the Group Policy Management Console: Default Domain Policy/
Computer Conguration/Policies/Windows Settings/Security Settings/Account Policies/Password Policy. For more information
about security considerations of editing password policy settings, see
Domain Level Account Policies on Microsoft TechNet.
Domain service accounts
The domain service accounts that are part of Dell Hybrid Cloud System for Microsoft are listed in the following table.
You do not have to touch any of these accounts. The following statements apply for all domain service accounts except for the
<Prex>SA-SMA and <Prex>Installer accounts:
• The passwords are auto generated.
• Password rotation is done when you run the MCPasswordReset script.
• Password expiration is controlled via the domain policy.
NOTE: The password for the SMA group Managed Service Account, <
Prex
>-SA-SMA, is autogenerated and automatically
rotated by Active Directory Domain Services every two days. This password is not rotated by the MCPasswordReset script.
Table 35. Domain service accounts
Account Privileges/Usage
<Prex>-Installer Used during deployment. By default, this account is disabled after deployment. This password
is not rotated by the MCPasswordReset script
NOTE: Do not remove or manually enable this account. This account is used during
stamp expansion and backup deployment scenarios, where it is automatically
enabled and then disabled again.
<Prex>-Fabric Administrator on physical hosts. Used for host management operations. For example, physical
computers are added into VMM by using this account.
<Prex>-System Administrator on all management VMs. Used to communicate between VMs to run role
operations, for example, to run runbooks, agent installation, and updates.
<Prex>-SVC-SQL Administrator on SQL VMs. Also has Read/Write permission for ServiceAccountPrincipal to
do SPN registration. Used to run SQL Server services.
<Prex>-SVC-VMM Administrator on the VMM VM. Used to run the VMM service.
<Prex>-SVC-OM Administrator on the Operations Manager VM. Used to carry out actions on monitored
computers across a network connection.
<Prex>-SVC-SPF Used to run all SPF services.
116 Security