Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
How service accounts are managed
Dell Hybrid Cloud System for Microsoft includes a password reset script that you can use to change passwords for the following service
accoun
ts:
• <
Prex>-Fabric
• <
Prex>-System
• <
Prex>-SVC-SQL
• <
Prex>-SVC-VMM
• <
Prex>-SVC-OM
• <Prex>-SVC-SPF
• <Prex>-SVC-SMA
It is recommended that you run the MCPasswordReset script to reset the passwords for these service accounts whenever you are alerted
t
o do so by System Center Operations Manager. These accounts are described in
User accounts and groups that are added by default.
IMPORTANT
: Read this entire section before you run the script.
Starting with the Microsoft update version 1603A, the Operations Manager alert for password expiration is raised 14 days before passwords
e
xpire, rather than three days as in previous releases. To view remaining time before the next password expiration without waiting for an
alert, run the following command in Windows PowerShell on the Console VM:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties
"DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property
"SAMAccountName",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-
UserPasswordExpiryTimeComputed")}}
For each account, the MCPasswordReset script does the following:
• Automatically generates a new password.
• Updates the credentials that are stored in SMA with the new password.
• Changes the password for each account in AD DS.
• Each runbook that is run by the MCPasswordReset script also updates the passwords in related management components. This
includes the Windows services and the Run As accounts, and all local passwords that are required by the Windows Azure Pack portals
for administrators and tenants.
Important information about the password reset script
Keep the following points in mind about the MCPasswordReset script:
• The MCPasswordReset script is fairly disruptive. It restarts many services, and results in some downtime of management infrastructure
components. Consider running it within a planned maintenance window.
• The MCPasswordReset script works when all Dell Hybrid Cloud System for Microsoft infrastructure VMs and services are running
normally (that is, not in maintenance mode), and Dell Hybrid Cloud System for Microsoft service account passwords described at the
start of this section are not expired and are in sync. Recovering from a condition when one or more Dell Hybrid Cloud System for
Microsoft service account passwords are expired is not the purpose of this script.
• Operations Manager sends the following alert to customers when passwords are about to expire.
Alert Name: Run As Account(s) Expiring Soon
Alert Description: One or more Run As account passwords are expiring soon. Update the passwords for Run As accounts to prevent
problems with monitoring. To update your Run As account passwords, please update the passwords using the procedures described in
the How service accounts are managed section of the Administrators Guide.
124 Security