Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
$pdb = 'Microsoft.MgmtSvc.PortalConfigStore'
$mdb = 'Microsoft.MgmtSvc.Store'
$pcs = "Data Source=$sql; Initial Catalog=$pdb; Integrated Security=True"
$mcs = "Data Source=$sql; Initial Catalog=$mdb; Integrated Security=True"
$mdeip = "https://$fqdn`:30081/FederationMetadata/2007‑06/FederationMetadata.xml"
$mderp = "https://$fqdn`:30071/FederationMetadata/2007‑06/FederationMetadata.xml"
Set-MgmtSvcFqdn ‑NameSpace TenantSite ‑FullyQualifiedDomainName $fqdn
‑Port 30081 ‑PortalConnectionString $pcs ‑ManagementConnectionString
$mcs
Set-MgmtSvcFqdn ‑NameSpace AuthSite ‑FullyQualifiedDomainName $fqdn
‑Port 30071 ‑PortalConnectionString $pcs ‑ManagementConnectionString
$mcs
Set-MgmtSvcFqdn ‑NameSpace TenantPublicAPI ‑FullyQualifiedDomainName
$fqdn ‑Port 30006 ‑PortalConnectionString $pcs ‑ManagementConnectionString
$mcs
Set-MgmtSvcIdentityProviderSettings ‑Target Membership ‑MetadataEndpoint
$mdeip ‑PortalConnectionString $pcs ‑ManagementConnectionString $mcs
‑DisableCertificateValidation
Set-MgmtSvcRelyingPartySettings ‑Target Tenant ‑MetadataEndpoint $mderp
‑PortalConnectionString $pcs ‑ManagementConnectionString $mcs ‑DisableCertificateValidation
7 Validate that you can access the Windows Azure Pack management portal for tenants from the tenant access network.
Replacing self-signed certicates
The self-signed certicates that are generated as part of Dell Hybrid Cloud System for Microsoft installation are intended to be temporary.
As a security best practice, before you begin using Windows Azure Pack in production, you should promptly replace self-signed certicates
with Secure Sockets Layer (SSL) certicates that are issued by a trusted certication authority (CA), such as VeriSign or Thawte. For
detailed information about how to do this, see Replacing self-signed certicates with CA-signed certicates.
Disabling the tenant AuthSite and the admin Windows
AuthSite websites
NOTE: Before you do this, make sure you have replaced the self-signed certicates.
By default, Dell Hybrid Cloud System for Microsoft uses the following authentication methods for the Windows Azure Pack portals:
• An ASP.NET membership provider database for tenant authentication
• Windows Authentication for the management portal for administrators.
Both of these authentication methods are not supported in a Dell Hybrid Cloud System for Microsoft production environment. Before you
go into production, you must shut down the default tenant authentication site (the AuthSite) and the default admin authentication site
(WindowsAuthSite), and then update to a security token service to make authentication more secure.
WARNING: If you shut down the default tenant and admin authentication sites, but do not update to a security token service,
nobody can access the managemen
t or tenant portals.
When you disable either site, you have the following two options:
40 Administration