Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
Account Privileges/Usage
<
Prex>-SVC-SMA Account used to deploy SMA.
<Prex>-SA-SMA Used to run all SMA services—SMA Web Service and SMA Runbook Service. This is a group
Managed Service Account, called a gMSA account.
Groups
The following table describes security groups created by the Dell Hybrid Cloud System for Microsoft deployment process.
Table 36. Security groups
Group Name Scope Usage Details
<
Prex
>-Ops-Admin
Domain Local
To provide administrators with
access f
or day-to-day
management operations.
Users and groups can be added
to this group from trusted
domains.
• Local administrator on all infrastructure
VMs
.
• Has administrator rights to VMM,
Oper
ations Manager, DPM, and the
Windows Azure Pack management
portal for administrators.
<
Prex
>-Diag-Admin
Domain Local
Provides administrators with
user righ
ts to perform
operations that require access to
physical hosts and to
management SQL Server
databases.
Users and groups can be added
to this group from trusted
domains.
• This group is a member of <
Prex
>-
Ops-Admins.
• Member of the
sysadmin role in SQL
Server.
• Member of the local
Administrators
group on all physical nodes.
<
Prex
>-Setup-Admins
Global
Provides administrators with
ele
vated user rights to perform
operations such as patching and
updating of Dell Hybrid Cloud
System for Microsoft, and
password reset.
Users and groups can be added
from the domain in which the
Dell Hybrid Cloud System for
Microsoft stamp is a member.
This group is a member of <
Prex
>-Diag-
Admins. Has elevated permissions within
the Dell Hybrid Cloud System for
Microsoft OU. For example, a member of
this group can run MCPasswordReset to
reset service account passwords for
components in the OU.
Dell recommends that you add users to
this group only for specic, setup-related
operations, and that you revoke access to
added users when setup operations are
nished.
<
Prex
>-SMA-VMs
Global Do not add or remove accounts
fr
om this group.
This is a security group that is needed to
assign access to the group Managed
Service Account (gMSA account) for
SMA. The SMA VM computer account is a
member of this group.
Security 117