Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
• View the certica
tes to determine whether or not certicates are self-signed, and when certicates will expire.
• If you have not already done so, replace self-signed certica
tes with CA-signed certicates to help improve the security of Dell Hybrid
Cloud System for Microsoft.
• As certica
tes expire, you must periodically perform tasks in
Replacing self-signed certica
tes with CA-signed certicates again.
Viewing the certica
tes
You can view certicates in the GUI, by opening the certlm.msc snap-in on the Console VM, and targeting the snap-in at Dell Hybrid Cloud
System for Microsoft computers that are running Windows Azure Pack website services, SMA, and SPF. These VMs are <
Prex
>APT01
and <
Prex
>APA01.
Replacing self-signed certica
tes with CA-signed certicates
The self-signed certicates that are generated as part of Dell Hybrid Cloud System for Microsoft installation are intended to be temporary.
As a security best practice, if there are self-signed certicates still supporting Dell Hybrid Cloud System for Microsoft website services, you
should promptly replace them with certicates that are issued by a trusted certication authority (CA), such as VeriSign or Thawte. The
type of certicate you want for Dell Hybrid Cloud System for Microsoft website services is also called an SSL certicate.
You must also perform procedures in this section when you are updating expired certicates, as part of regular certicate management.
It is especially important that the following components use trusted certicates:
• Tenant portal
• Tenant public API
• Tenant authentication site
• Management portal for administrators
• SMA
Updating self-signed certica
tes to CA-signed certicates involves the following tasks:
• Step 1: Export the self-signed certica
tes to .pfx les, and create a folder tree for the certicates.
• Step 2: Obtain certica
tes from a trusted certication authority, and copy the .cer les to a share.
• Step 3: Import the trusted root and intermediate certica
tion authority .cer les to establish the certicate chain on each VM.
• Step 4: Prepare the le shar
e with the new .pfx certicates.
• Step 5: Update to the new trusted certication authority certicate on each component virtual machine.
• Step 6: Secure the shares that you created.
Each of these steps is described in the sections that follow.
Step 1 Export self-signed certica
tes to .pfx les, and create a folder tree
for the certicates
1 On the Console VM, create a Universal Naming Convention (UNC) le shar
e to back up existing certicates:
a Create a folder, for example C:\WAPCerts.
b Right-click the folder, point to Share with, and then click Specic people.
c Type the user account
<Prefix>-System, and then click Add.
d Under
Permission Level for the <Prex>-System account, click Read, and change it to Read/Write.
e Click
Share, and then click Done.
The le shar
e path is \\<Prex>CON01\WAPCerts.
2 Sign in to the Windows Azure Pack management portal for administrators by using an account that is a member of the <
Prex
>-Ops-
Admins group.
Security 133