Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
• You can stop the website and close the r
ewall port. This option enables you to easily re-enable the site at any time if needed for
troubleshooting.
• You can completely remove the site components from the VM. This includes the Windows Installer Package (.msi le) and the en
tries
from the Operations Manager management pack. This option helps to increase security by reducing the attack surface.
Disabling the tenant AuthSite website
1 On the Console VM, open a Windows PowerShell session as an administrator, and then run the following command: Enter-PSSession
–Comput
erName <
Prex
>APT01
2 Do either of the following:
• To stop the authentication site, but not remove the components, run the following command: Get-Website | Where-Object
{
$_.Name -eq "MgmtSvc-AuthSite"} | Stop-Website –Verbose
• To completely remove the site components, run the following command: $productCode = (Get-ItemProperty –Path HKLM:
\
SOFTWARE\Microsoft\MgmtSvc\AuthSite).ProductCode
if ($productCode){msiexec /x $productCode -qn}
3 Run the following command to close the Windows Firewall port for the site. By default, this is port 30071. To determine the port, type
Get-Website
. The port is listed under Bindings.Disable-NetFirewallRule –DisplayName "MgmtSvc-AuthSite (HTTPS-In)"
NOTE: This step fails if you have completely removed all components using the second option in the previous step.
4 Type
exit to exit the remote session.
Disabling the admin WindowsAuthSite website
1 Open a Windows PowerShell session as an administrator, and then run the following command:
Enter-PSSession –ComputerName< Prex>APA01
2 Do either of the following:
• To stop the authentication site, but not remove the components, run the following command:
Get-Website | Where-Object {$_.Name –eq "MgmtSvc-WindowsAuthSite"} | Stop-Website –Verbose
• To completely remove the site components, run the following command:
$productCode = (Get-ItemProperty –Path HKLM:\SOFTWARE\Microsoft\MgmtSvc\WindowsAuthSite).ProductCode
if ($productCode){msiexec /x $productCode -qn}
3 Run the following command to close the Windows Firewall port for the site. By default, this is port 30072. To determine the port, type
Get-Website. The port is listed under Bindings.
Disable-NetFirewallRule –DisplayName "MgmtSvc-WindowsAuthSite (HTTPS-In)"
NOTE: This step fails if you have removed all components using the second option in the previous step.
4 Type
exit to exit the remote session.
Updating to a Security Token Service and re-establishing trust
You must update both tenant and admin authentication to use a security token service such as AD FS or an external third-party identity
s
ystem that supports WS-Federation and JWT tokens.
To set up trust with an external third-party identity system that supports WS-Federation and JWT tokens, you can use the federation
me
tadata le exposed by the Identity Provider.
The following procedures show how to update both tenant and admin authentication to use AD FS as the identity system.
1 Set up trust between the AD FS instance and the Windows Azure Pack management portal for administrators.
For information about how to set up an AD FS instance through the user interface, and how to set up trust between the AD FS
inst
ance and the Windows Azure Pack management portal for administrators, see the following blog posts:
Administration 41