Administrator Guide
Table Of Contents
- Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.5 Administrators Guide based on release 1803
- Overview
- Administration
- What to do first
- Next steps
- Managing Dell Hybrid Cloud System for Microsoft
- Creating tenant VM networks
- Adding tenant VM networks to the cloud
- Flagging the operating system VHD in the VM templates
- Enabling guest-specified IP addresses in VMM
- Creating additional tenant storage shares
- Using Windows Azure Pack
- Default Windows Azure Pack configuration
- Before you go into production
- Setting up tenant portal access on an isolated network
- Replacing self-signed certificates
- Disabling the tenant AuthSite and the admin Windows AuthSite websites
- Updating to a Security Token Service and re-establishing trust
- How to open the management portal for administrators
- How to open the management portal for tenants
- Offering services to tenants
- Optional configuration
- Automating tasks for efficiency
- Windows Azure Pack API reference content for developers
- Configuring disaster recovery protection
- Operations
- Monitoring
- Backup and recovery
- Onboard to Azure Backup
- Default backup schedule and retention policy
- DPM protection groups
- Disable machine account password rotation on management VMs
- Protecting tenant VMs
- Recovering VMs and databases—high level
- Recovering from management component failures
- Recovering a tenant VM
- Recovering DPM from DPM failures
- Adding extra disks to DPM
- Monitoring DPM
- Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks
- Updating the Dell Hybrid Cloud System for Microsoft
- Shutting down and starting up the stamp
- Security
- Appendix A Expanding the stamp
- Appendix B Performing a factory reset
- Appendix C Retrieving cluster names, host names, and IP addresses
- Appendix D Ports and protocols
• Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3
• Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3
For additional information, see Congure A
ctive Directory Federation Services for Windows Azure Pack and
AD FS 2.0 Cmdlets in
Windo
ws PowerShell in the TechNet Library.
2 Congure the t
enant authentication site to trust AD FS.
Connect to the tenant portal VM (<
Prex
>-APT01), open a Windows PowerShell session, and run the following script.
NOTE
: First, replace the values in bold.
For username and password values, specify the username and password of a user who is a member of the <
Prex
>-Diag-Admins
group.
$fqdn = "<adfs.contoso.com"
$dbServer = "<Prefix>SQLIN01\SQLIN01"
$dbUser = "username"
$dbPassword = "password"
$portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial
Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID={1};Password={2}', $dbServer, $dbUser,
$dbPassword)
Set-MgmtSvcRelyingPartySettings -Target Tenant `
-MetadataEndpoint https://$fqdn/FederationMetadata/2007-06/FederationMetadata.xml `
-ConnectionString $portalConfigStoreConnectionString `
-DisableCertificateValidation
3 Congure AD FS t
o trust the tenant portal.
As an AD FS administrator, run the following Windows PowerShell script on the server on which AD FS is installed. Replace the values
in bold. F
or more information, see
Congure A
ctive Directory Federation Services for Windows Azure Pack.
$tenantRelyingPartyName = "Management Service - Tenant Site - 2012"
$tenantPortalUrl = "https://myfqdn:port"
$tenantRelyingPartyMetadataEndpoint = "$tenantPortalUrl/FederationMetadata/2007-06/
FederationMetadata.xml"
$identityProviderName = "Identity Provider Name – ex:Active Directory"
$transformationRules = (
"@RuleTemplate = ""LdapClaims"" @RuleName = ""UPN - LDAP"" c:[Type == ""http://
schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"", Issuer == ""AD
AUTHORITY""] => issue(store = ""Active Directory"", types = (""http://schemas.xmlsoap.org/ws/
2005/05/identity/claims/upn""), query = "";userPrincipalName;{0}"", param = c.Value);",
"@RuleTemplate = ""LdapClaims"" @RuleName = ""Groups - LDAP"" c:[Type == ""http://
schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"", Issuer == ""AD
AUTHORITY""] => issue(store = ""Active Directory"", types = (""http://schemas.xmlsoap.org/
claims/Group""), query = "";tokenGroups(domainQualifiedName);{0}"", param = c.Value);",
"@RuleTemplate = ""PassThroughClaims"" @RuleName = ""UPN - Passthrough"" c:[Type ==
""http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn""] => issue(claim = c);",
"@RuleTemplate = ""PassThroughClaims"" @RuleName = ""Groups - Passthrough"" c:[Type
== ""http://schemas.xmlsoap.org/claims/Group""] => issue(claim = c);")
$issuanceRules = (
"=> issue(Type = ""http://schemas.microsoft.com/authorization/claims/permit"", Value
= ""true"");")
$impersonationRules = (
"c:[Type == ""http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"",
Issuer =~""^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"" ] =>
issue(store=""_ProxyCredentialStore"", types=(""http://schemas.microsoft.com/authorization/
claims/permit""),query=""isProxySid({0})"", param=c.Value );c:[Type == ""http://
schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"", Issuer =~ ""^(AD AUTHORITY|SELF
AUTHORITY|LOCAL AUTHORITY)$"" ] => issue(store=""_ProxyCredentialStore"",types=(""http://
schemas.microsoft.com/authorization/claims/permit""),query=""isProxySid({0})"",
param=c.Value );c:[Type == ""http://schemas.microsoft.com/ws/2008/06/identity/claims/
42 Administration