Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
VM Name Purpose
NOTE
: This VM also runs SMA and SPF.
<
Prex
>APT01
Hosts the Windows Azure Pack tenant components. These include:
• Management portal for tenants— A customizable self-service portal to
pr
ovision, monitor, and manage services. In this portal, users sign up for
services and create services, VMs, and databases.
• Tenant Public API— Enables tenants to manage and con
gure cloud
services that are included in the plans that they subscribe to. Can be
exposed to the internet to provide command line access.
• Tenant authentication site
— By default, Windows Azure Pack uses an
ASP.NET Membership provider to provide authentication for the
management portal for tenants. Before going into production, you must
disable the ASP.NET provider, and use AD FS or an external third-party
identity system that supports WS-Federation and JWT tokens to
authenticate users.
For more information, see Windows Azure Pack components (http://technet.microsoft.com/library/dn469332.aspx) in the Microsoft
T
echNet Library.
Before you go into production
Dell Hybrid Cloud System for Microsoft installation prepares Windows Azure Pack for you to use, but there are some important things you
must do be
fore you go into production.
You must:
• Replace self-signed certicates for the Windows Azure Pack websites, SMA, and SPF with trusted SSL certicates that are issued by a
trusted certication authority (CA).
• Disable both the default tenant and admin authentication websites.
• Update both tenant and admin authentication to use a security token service such as AD FS or an external third-party identity system.
NOTE: There is also an optional procedure to set up tenant portal access on an isolated network. If you want to do this, you must
set up the tenant portal access before you replace self-signed certicates and congure integration for AD FS or some other
security token service.
Procedures for all these steps are included in the following sections.
Setting up tenant portal access on an isolated network
The following is an optional procedure you can do before you go into production.
When the Dell Hybrid Cloud System for Microsoft is deployed, all management VMs are connected to the Management network. This
includes the VM that hosts the Windows Azure Pack management portal for tenants,<
Prex
>APT01, the portal that tenants use to access
cloud services.
Sometimes, you may want to isolate the management network from tenant access. Follow the steps in this section if your organization
requires network level isolation between the tenant portal and other management VMs. This requirement is more common for cloud service
providers.
To isolate trac, the Windows Azure Pack management portal for tenants VM, referred to as the tenant portal VM, must be connected to
another network that is accessible by tenants. This section describes the general requirements and the steps to congure tenant access to
the portal over the isolated network.
36 Administration