Dell Hybrid Cloud System for Microsoft Cloud Platform System (CPS) Standard Version 1.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 Overview........................................................................................................................................................ 7 What is installed for Dell Hybrid Cloud System for Microsoft?.................................................................................... 7 On-premises software.................................................................................................................................................
How to open the management portal for tenants..................................................................................................41 Offering services to tenants...................................................................................................................................... 41 Optional configuration...............................................................................................................................................
User accounts and groups that are added by default................................................................................................ 115 User accounts............................................................................................................................................................115 Service accounts.......................................................................................................................................................116 Groups...........
Get infrastructure VM names and addresses............................................................................................................. 155 Appendix D: Ports and protocols...................................................................................................................
1 Overview Dell Hybrid Cloud System for Microsoft CPS Standard™, referred to in this guide as Dell Hybrid Cloud System for Microsoft, is an infrastructure-as-a-service (IaaS) solution that allows you to quickly get a hybrid cloud solution up and running in your data center. Built on Dell hardware, and a foundation of Windows Server 2012 R2 and System Center 2012 R2, Dell Hybrid Cloud System for Microsoft allows you to easily extend your solution to Microsoft Azure.
Microsoft-provided software Table 1. Microsoft software Product/Software Name Purpose TechNet Library Reference Windows Server 2012 R2 Datacenter Edition The operating system on all physical hosts and VMs. Windows Server 2012 R2 System Center Virtual Machine Manager (VMM) 2012 R2 Use to manage the virtualization hosts, networking, and storage resources. Virtual Machine Manager System Center Operations Manager (SCOM) 2012 R2 Use to monitor the infrastructure.
Product/Software Name BMC Utility OpenManage Deployment Toolkit Purpose More Information • Monitors the modular disk (MD) • • Sets firmware Debugs (mostly BMC/iDRAC) • • Staged on local disk; see Dell Open Manage Sets firmware Deployment Toolkit Debugs (firmware beyond BMC/iDRAC) Staged on local disk: see Dell Storage Enclosure Administrator's Guide SupportAssist Gathers hardware and software information for support group Staged on local disk; see SupportAssist OpenManage Server Administrator
All of these physical nodes run Windows Server 2012 R2 Datacenter edition (Server Core configuration). • The storage cluster is named SFS. • The Windows name of the storage cluster is SCL. The following table describes the default storage share layout: Table 3. Default storage share Share Name Description Storage Classification ManagementShare Stores the .vhdx files for all the infrastructure VMs on the compute cluster.
VM Name Role/Component Name APA01 • • • Windows Azure Pack management portal for administrators (and other administrator components) Service Provider Foundation (SPF) Service Management Automation (SMA) APT01 Windows Azure Pack management portal for tenants (and other tenant components) OM01 Operations Manager SQL01 SQL Server guest cluster SQL02 SQL Server guest cluster The management infrastructure components require SQL Server databases.
• Storage2_Pool By default, there are three VM networks, Management, Storage1, and Storage2; all are associated with the Infrastructure logical network. These have the same associated IP address pools configured as the pools for the logical network. For more information about networking concepts in VMM, see this blog post. You must configure VM networks for tenant use, as described in the Create tenant VM networks section. Cloud configuration By default, there is a single cloud for tenant resources.
Table 7. Default library share Library Share Name Purpose MSSCVMMLibrary The default VMM library share. Also, for tenants, this is the read-only library share that is used to store tenant resources. By default, in the VHDs folder, there are the following virtual hard disk files: • • • • • • Core.vhdx Full.vhdx Blank Disk – Small.vhdx Blank Disk – Large.vhdx Blank Disk – Large.vhd Blank Disk – Small.vhd In the library, there are several pre-built VM templates that tenants can use for VM creation.
NOTE: Windows Azure Pack does not require a license. License activation • The Windows Server license requires activation after deployment. Ensure that the license on each physical host and on each infrastructure VM is activated. For more information, see Volume Activation Overview in Microsoft TechNet. • If you have an existing Key Management Service (KMS) server in the domain or have Active Directory-based activation configured, the licenses should automatically activate.
Running the script You must run the ADPreCreationTool script from a domain-joined computer, logged on as a domain administrator. (You cannot run the script from the DVM.) To run the script: 1 Open a Windows PowerShell session. 2 Change to the directory in which the script is stored. 3 Run the script. The script has only one required parameter — the name of the parent OU to create for Dell Hybrid Cloud System for Microsoft. For example: PS C:\>.\ADPreCreationTool -OU "" NOTE: OU_Name is the nam
2 Administration This chapter contains detailed information about administrative tasks required for implementing Dell Hybrid Cloud System for Microsoft.
• Deploy the Data Protection Manager (DPM) backup infrastructure • Ensure that the stamp has the latest approved updates • Configure VLANs on your physical network switches for tenant use • Review known issues for the current release. There are other steps, not part of the initial deployment, that you must complete as soon as possible to enable tenants to use the stamp. For example, you must configure management accounts and tenant VM networks. You may also want to add storage shares.
Figure 2. Enter Product Key box If you do not see this box, you have a valid retail license key and can skip the rest of this procedure. What to do if you enter an incorrect product license key If you specified an incorrect System Center key during deployment, you must update VMM, Operations Manager, and Service Management Automation (SMA) to use a valid System Center product license key. Run all of the following procedures from an elevated Windows PowerShell session on the Console VM.
TabulationMethod : Unique ProductName LicenseType LicenseBy UnitLabel TabulationMethod : : : : : System Center Virtual Machine Manager 2012 Volume ManagementServer Server Unique ProductName LicenseType LicenseBy UnitLabel TabulationMethod : : : : : System Center Virtual Machine Manager 2012 Volume VOSE Server Unique To update Operations Manager Use these procedures to update Operations Manager if you specified an incorrect System Center key during deployment.
Hybrid Cloud System for Microsoft. The error has no immediate effect on operations, but it will continue to occur after each host cluster refresh unless you reassign the IP address to the host cluster. Also, it may cause issues if there is a cluster failover. Error (25112) The specified address ((AllocatedIPAddressData#c9c1) { id = 1e0a529c-0d01-4fdc-af7b-64b4aa2f932c, LastUpdatedTimestamp = 8/18/2015 2:31:27 AM })is already allocated by the pool (Management_Pool).
Configure the physical network adapter of the virtual switch to include one or more of the appropriate network sites (logical network definitions), and refresh the host. Azure Site Recovery entity names differ based on stamp version during onboarding The naming convention for the Azure Site Recovery entities varies based on the Microsoft update version of the Dell Hybrid Cloud for Microsoft stamp when Azure onboarding was performed. The following table shows the differences.
1 Restart the VMM Service by entering the following commands: Enter-PsSession -ComputerName vmm01 Stop-Service SCVMMService Start-Service SCVMMService 2 Go to VMM Settings > Microsoft Azure Site Recovery. 3 Continue Azure onboarding from the Dell user interface.
3 Restart each host for the setting to take effect. You can do this when it is convenient, such as during a scheduled maintenance window. Note the following: • 4 If you are restarting a backup host, first stop any running backup jobs. For more information, see "Step 1: Stop any backups" in Shutting down the stamp. • Restart the hosts one at a time. Wait for a host to be up and running before you restart the next.
Wizard Page Instructions Display name: Enter the name AdvisorProxyRunAsAccount. 3 Credentials Enter the user name and password of the proxy server credentials. Distribution Security Accept the default setting. Onboard to Azure services again. Onboarding to Operational Insights completes successfully. Ensure that the stamp has the latest approved updates To apply the latest approved software, firmware, and driver updates, follow the instructions provided with the P&U.
For more information about user accounts and groups in Dell Hybrid Cloud System for Microsoft, see User accounts and groups that are added by default. Connecting to management tools The following table includes the tools that you use most often for administration. There are many other tools available on the Console VM. To view all tools, click Start, and then click the down arrow. This displays all applications that are installed on the Console VM, for example Windows PowerShell. Table 10.
NOTE: If you try to open Operations Manager Shell as an administrator, you receive an error. To continue, you must run the following commands each time. Press Enter after each command. cd "$env:SystemDrive\Program Files\Microsoft System Center 2012 R2\Operations Manager\Powershell" .\OperationsManager\Functions.ps1 .\OperationsManager\Startup.ps1 How to run runbooks Runbooks are Windows PowerShell scripts that provide automation.
Input Parameter Description LogicalNetworkName The name of the VMM logical network that will be used for tenant networks. If not specified, the default name of Tenant VLANs will be used. Name An optional name that is used to generate the IP address pool name and VM Network name. If not specified, the default name Tenant will be used. The resulting VM Network and IP address pool names would be Tenant – VLAN #, where # is the VLAN ID specified for the network.
4 Do the following: a b 5 Make sure that the Infrastructure check box is clear. Select the check box for each tenant VM network that you want to make available to users when they create their VMs. Click OK. Flagging the operating system VHD in the VM templates For a tenant VM to be protected through Azure Site Recovery, if the tenant uses a VM template to deploy the VM, the operating system virtual hard disk (VHD) must be flagged as such . This setting is not configured in the default VM templates.
Creating additional tenant storage shares By default, there is only one tenant storage share (Share01). This share is approximately 220 GB, and is used for any Patch and Update packages that are applied to the solution. You can deploy additional tenant shares as needed, depending on anticipated usage and types of workloads. To create an additional tenant share: 1 Create a script similar to the following sample and save it to \\S6\C$\Dell\Scripts.
# Begin - Long Line 01 New-Volume -StoragePoolFriendlyName "StoragePool" -FriendlyName $VolumeFriendlyName ResiliencySettingName "Mirror" -ProvisioningType "Fixed" -Size $SSDSize -FileSystem NTFS PhysicalDiskRedundancy 1 -NumberOfColumns 2 # End - Long Line 01 #Begin - Long Line 02 $ClusterDiskName = (Get-ClusterResource | Where-Object {($_.ResourceType -match "Physical Disk")} | Get-ClusterParameter VirtualDiskName | Where-Object {$_.Value -match $VolumeFriendlyName}).ClusterObject.
Figure 5. Provider information 5 Press Refresh. 6 Select File Servers and right-click on the new share to bring up Properties. NOTE: It may take a few seconds for the recently created file share to appear. Figure 6. File Server shares 7 Check the box to let VMM manage the file share and set Classification to Primary Storage.
Figure 7. Share properties 8 Register the share to the compute cluster. Expand the Servers, and right-click on the Compute Cluster to bring up its properties. Figure 8. Registering the share 9 32 Then select File Share Storage, click Add, and select the new share.
Figure 9. Adding the file share 10 The new File Share is made available for VM deployment on the Compute Cluster within a few minutes. Figure 10. New file share storage available Using Windows Azure Pack With Windows Azure Pack, you can offer rich, self-service cloud IaaS services. With the Dell Hybrid Cloud System for Microsoft solution, you can easily provision and offer virtual machines and VM roles for your users.
Default Windows Azure Pack configuration In the Dell Hybrid Cloud System for Microsoft, the Windows Azure Pack components are installed on two VMs, as described in the following table. Table 11. Windows Azure Pack VMs VM Name Purpose APA01 Hosts the Windows Azure Pack admin components. These include: • • • • Management portal for administrators— A portal for administrators to configure and manage resource clouds, user accounts, tenant plans, quotas, and pricing.
Procedures for all these steps are included in the following sections. Setting up tenant portal access on an isolated network This is an optional procedure you can do before you go into production. When the Dell Hybrid Cloud System for Microsoft is deployed, all management VMs are connected to the Management network. This includes the VM that hosts the Windows Azure Pack management portal for tenants,APT01, the portal that tenants use o access cloud services.
Figure 11. Isolated Tenant Portal Network Configuration Here are the network requirements for this configuration: 1 Tenant access network as a separate VLAN. You must create a tenant access network as a separate VLAN (for example, VLAN 110), tagged to all ports of the network switches where DHCS servers are connected. 2 A DNS server that tenants use for name resolution.
traffic to both the tenant access network and the management network, and to domain controllers for the internal domain (for example, contoso.local) that may be on different networks routable to the management network. The step-by-step instructions in the next section show how to configure this. Configuring the tenant portal Follow these steps to configure the tenant portal for tenant access through an isolated network: 1 Make sure that DNS is configured as described in Network requirements.
$pcs = "Data Source=$sql; Initial Catalog=$pdb; Integrated Security=True" $mcs = "Data Source=$sql; Initial Catalog=$mdb; Integrated Security=True" $mdeip = "https://$fqdn`:30081/FederationMetadata/2007‑06/FederationMetadata.xml" $mderp = "https://$fqdn`:30071/FederationMetadata/2007‑06/FederationMetadata.
Disabling the tenant AuthSite website 1 On the Console VM, open a Windows PowerShell session as an administrator, and then run the following command: Enter-PSSession –ComputerName APT01 2 Do either of the following: • To stop the authentication site, but not remove the components, run the following command: Get-Website | Where-Object {$_.
NOTE: First, replace the values in bold. For username and password values, specify the username and password of a user who is a member of the -Diag-Admins group. $fqdn = "SQLIN01\SQLIN01" $dbuser=username $dbpassword=password $portalconfigstoreconnectionstring="[string]::Format('Data" source={0};Initial catalog="Microsoft.MgmtSvc.
-IssuanceAuthorizationRules ([System.String]::Concat($issuanceRules)) ` -ImpersonationAuthorizationRules ([System.String]::Concat($impersonationRules)) How to open the management portal for administrators You can manage and provide Windows Azure Pack IaaS services through the Windows Azure Pack management portal for administrators. Using the Windows Azure Pack management portal for administrators, you can create plans, each of which provides some combination of services that you offer.
• The Windows Azure Pack Wiki (http://social.technet.microsoft.com/wiki/contents/articles/20689.the-windows-azure-pack-wikiwapack.aspx) • Provision and configure services in Windows Azure Pack (http://technet.microsoft.com/library/dn457759.aspx) • Virtual Machine Clouds troubleshooting (http://technet.microsoft.com/library/dn554317.aspx) • Troubleshooting Windows Azure Pack & Gallery Items (VM Roles) (Part 1) (http://blogs.technet.
@FirewallAPI.dll,-28752 all true 2 Copy the RemoteDesktopUnattend.xml file to the VMM library: a b c In the VMM console, open the Library workspace. Under Library Servers, under the library server name, right-click the library share (MSSCVMMLibary), and then click Explore. You can drag and drop the .xml file to the share.
Figure 12. VM status 12 By default, Remote Desktop is not enabled in the images that are used by the default templates. If you did not enable it through an answer file, you can do any of the following to connect to the VM: • • • 13 You can administer the VM by using a remote Windows Power Shell session. You can configure Remote Console access, as discussed in the following section.
c 3 On the Configure Operating System page: a b 4 Under Advanced, mark the VM as highly available. Click Availability, and then select the Make this virtual machine highly available check box. For Guest OS profile, select Create new Windows operating system customization settings. For Operating System, make sure that you select the operating system of the virtual machine.
Figure 14. Subscription details On this page you can: • Suspend, migrate, and delete subscriptions—You can manage each subscription separately. • Manage administrators—You can add co-administrators to allow teams to share a subscription. This can be helpful for development operations, where everyone can have tenant administrative access to a subscription. • Manage plan add-ons—Users can add add-ons to their subscriptions, and you can manage them here.
Monitoring capacity To ensure high-availability for your plans and services and help keep your tenants productive, you need to monitor the performance of your resources. Dell Hybrid Cloud System for Microsoft uses Operations Manager and Operational Insights to monitor the health of your cloud infrastructure. See the Operations chapter of this guide for more information.
Configuring Remote Console access Remote Console provides tenants with the ability to access the console of their VMs in scenarios when other remote tools such as Remote Desktop are unavailable. Tenants can use Remote Console to access VMs when the VM is on an isolated network, an untrusted network, or across the Internet. The Remote Desktop Gateway (RD Gateway) component enables you to offer Remote Console to tenants who do not have direct network connectivity to the Hyper-V hosts.
Step 1: Onboard to Azure Site Recovery You can opt in to Azure Site Recovery during Dell Hybrid Cloud System for Microsoft deployment, or at any time afterward by using a wizard you can access using the instructions that follow. Pre-requisites: • Internet access is required. You must have an internet connection available for the solution to use. • You must have a valid Azure account to a subscription prior to configuring this feature.
Once the Microsoft server is reached, a sign-in window appears for Azure log in. A few different dialog boxes may appear, depending on the type of credentials provided. The sign-in dialog box on your system may differ from the following dialog box. 5 Follow the prompts to sign in to Azure. NOTE: It may take up to two minutes for the Sign in dialog box to appear. The UI imports the Azure subscription information.
7 To begin the onboarding process, click Finish. The onboarding process begins. A screen displays output from the configuration scripts that are running to complete the process. CAUTION: Since Azure is a public service, you may encounter connectivity or other issues. If you encounter any issues or failures, refer to Microsoft Azure Documentation. If you encounter an error where MapCloud Job fails, rerun the deployment. 8 When the process completes, click Next Steps and then Finish to close the UI.
NOTE: If you deploy the DPM backup infrastructure, and then later onboard to Azure Site Recovery, you see the following error in the Microsoft Azure portal during the onboarding process. Protection couldn't be configured for cloud/site ''. (Error code: 10003) Provider error: The Microsoft Azure Recovery Services Agent isn't installed on the Hyper-V host server '' The agent isn't installed. Install the agent (https://go.microsoft.com/fwLink/?LinkID=399336) on the server.
Step 3: Tenants create resources To set up VM protection, tenants need to do the following in the Windows Azure Pack management portal for tenants: 1 Subscribe to the plan or add-on—Tenants subscribe to a plan or add-on that has VM protection enabled. 2 Create a virtual machine—Under the plan subscription, tenants create a VM or VM role on the Dell Hybrid Cloud System for Microsoft stamp. The VM is created on the associated VMM cloud. The VM owner name is the name of the user who created the VM.
e f Under Compute stack, click Resource Management. Under Target network, the service detects the VM networks on the target location and lists them. Choose the appropriate target network, as identified in Step 1 of this procedure, and then click OK. Figure 16. Add network mapping g h This step triggers a job. To track the progress of the job triggered in the previous step, click Settings. Under Monitoring and reports, click Jobs. In Jobs, under General, click Site Recovery jobs.
Figure 17. Test Failover commands f Under Azure virtual network, select the virtual network that you created in the first step of this procedure, and then click OK. Figure 18. Choosing the network g h This step triggers a job. To track the progress of the job triggered in the previous step, click Settings. Under Monitoring and reports, click Site Recovery jobs. Test failover creates an Azure IaaS virtual machine that corresponds to the VM on the VMM server.
Figure 19. Completing the test failover 2 Planned failover — Run for planned maintenance. Run a planned failover as follows: a b c d In the Azure portal, open Recovery Services vaults, and then click the name of the vault for the Dell Hybrid Cloud System for Microsoft deployment. In Settings, under Protected items, click Replicated items. Click the VM that you want to fail over, and then click Planned Failover. Verify the failover direction, and then click OK. Figure 20.
c d Click the VM you want to fail over, and then click Unplanned Failover. Verify the failover direction. If desired, select the Shut down the virtual machine check box. Click OK. e This step triggers a job. To track the progress of the job triggered in the previous step, click Settings. Then, under Monitoring and reports, click Site Recovery jobs. Step 6: Access replicated VMs Failover with Azure Site Recovery creates the replica VM in Azure.
3 Operations This chapter discusses how you can monitor system health using the Operations Manager. Topics: • Monitoring • Backup and recovery • Updating the Dell Hybrid Cloud System for Microsoft • Shutting down and starting up the stamp Monitoring By default, you can use Operations Manager to monitor the health of the system. Any member of the group -Ops-Admins can connect to the Operations console. If you opt in to Azure services, you can also use Operational Insights.
Using Operations Manager From the Monitoring workspace in Operations Manager, you can view the health of the Dell Hybrid Cloud System for Microsoft stamp and its components. Take time to familiarize yourself with what information is available in the various views and dashboards. For example, under Monitoring, you can click Active Alerts to view all active alerts. To view the health of the Dell Hybrid Cloud System for Microsoft stamp, the best place to look is the Microsoft Cloud Dashboard.
For example: 1 If you double-click the Compute tile, you will see a list of all compute nodes, and their overall health. 2 You can click one of the nodes, and run several tasks against the node from here. For example, in the Tasks pane, in the Object Tasks section, there is a long list of operations that you can perform against the node. For example, for a compute node, you can display the local users, the network shares, the IP address information, ping the computer, and start a Remote Desktop Session.
• Investigate remaining alerts and computers with a Critical or Warning health state. To resolve rule-based alerts, use the Operations Manager task Resolve Rule Generated Alerts: 1 In Operations Manager, expand Management Server, and then click Management Servers State. 2 In the Management Server State pane, click the Operations Manager server. 3 In the Tasks pane, under Health Service Tasks, click Resolve Rule Generated Alerts to resolve rule-based alerts.
Parameter Name Description AzureRegion StorageType The region in which the Azure backup vault must be created, for example West US. For a list of regions, see http:// azure.microsoft.com/regions/. The storage type to use for the backup vault. Permitted values are: • Geo Redundant • Locally Redundant For more information, see https://azure.microsoft.com/documentation/articles/storage-redundancy/. Passphrase An alpha-numeric string of at least 16 characters that is used as an encryption key.
+ CategoryInfo: NotSpecified: (:) [Start-DPMCloudRegistration], DlsException + FullyQualifiedErrorId : CloudServiceRetryableError,Microsoft.Internal.EnterpriseStorage.Dls.UI.Cmdlet.CloudCmdlets.Sta rtDPMCloudRegistration NOTE: The corresponding log file is located at the path C:\ProgramData\Microsoft Cloud Solutions\DeployDriver \BackupOnboarding.log on the Console VM. These messages indicate that onboarding to Azure Backup failed. To work around this issue, you can manually onboard to Azure Backup.
Verify that DPM is attached to Azure Do the following for verification: 1 Verify that DPM servers are attached to Azure. a b c Open the DPM Administration console and connect to a DPM server. Open the Management workspace. Click Online in the navigation pane, and verify that Azure Backup registration was successful. Figure 22. Azure Backup registration 2 Verify that infrastructure VMs and databases are protected to the cloud.
Default backup schedule and retention policy By default, all infrastructure components are protected by DPM with the following schedule. Table 15.
DPM protection groups The following table provides information about the default protection groups for the infrastructure components. Table 18. DPM protection groups Protection Group Data Sources InfraDBPG Instance level protection of all management infrastructure databases. These include databases for VMM, Operations Manager, SPF, Windows Azure Pack, SMA, and WSUS. Also protects the system databases on the DPM instance. InfraVMPG Protects all management infrastructure VMs.
You should plan to run the Protect-TenantVMs runbook so that it does not interfere with the backup window. Therefore, run it any time between 6:00 AM to 6:00 PM local time (at least three to four hours before the backup window starts). If more than 75 new VMs were created (on one rack), and you need to add them to a protection group on the same day, you can run the Protect-TenantVMs runbook more than once to protect the additional VMs.
Table 20. Runbook parameters Parameter Name Description Required/Optional AzureBackupStartTime Make sure this starts after the disk backup window is over. By default, this is 6:00 AM. Optional AzureRetentionRange Retention range, in days, for Azure. By default, this is 20 days. Optional BackupWindowDuration The backup window duration. By default, this is 8 hours Optional BackupWindowStartTime The tenant disk backup start time. By default, this is 10:00 PM.
Figure 24. Recoverable Item b c d Click any date and time in the calendar to see available recovery points. Dates that show as bold have active recovery points. To minimize data loss, it is important to choose to recover from the latest possible recovery point. To select the recovery source, in the Recovery time list, select a recovery point that either indicates Disk or Online (from Azure). On the ribbon, click Recover to start the Recovery Wizard.
Figure 25. Select Recovery Type 3 On the Specify Destination page, click Browse. Locate one of the Scale-Out File Server nodes, and then expand Volumes > C:\ > ClusterStorage. 4 Select any clustered volume that is mapped to a production share. (Although not required, as a best practice, create a folder in the share that you can point to, such as a Recovery folder.) Figure 26. Alternate Recovery folder 5 Complete the wizard using the default options to recover the VM files.
7 In the VMM console, shut down the new VM. 8 Next, you must remove the VHDs of the newly-created VM, and add the VHDs that you recovered in the production share earlier in this procedure. a Get the VM location by running the following command: Get-SCVirtualMachine-Name | select Location b In the VMM console, in the VMs and Services workspace, right-click the VM, click Properties, and then click the Hardware Configuration tab. Remove all the current VHDs.
Figure 28. Add External DPM 4 Click Browse, and then select vault credentials file that you downloaded. This populates the list of registered servers in the DPM Server list. 5 Select the server that you want, enter the encryption passphrase, and then click OK. A job to get the datasources starts. You can monitor the job on the Monitoring tab. 6 When the job completes, you can browse the protected online datasources. Select a datasource to see the available online recovery point.
a b c Click any date and time in the calendar to see available recovery points. Dates that are shown in bold have active recovery points. To minimize data loss, it is important to choose to recover from the latest possible recovery point To select the recovery source, in the Recovery time list, select a recovery point that either indicates Disk or Online (from Azure). On the ribbon, click Recover to start the Recovery Wizard.
c Connected to the instance that is specified in the table, run the following T-SQL commands: ALTER DATABASE OperationsManager SET ENABLE_BROKER ALTER DATABASE OperationsManagerDW SET ENABLE_BROKER 4 Start the Operations Manager VM. 5 Detect and repair any data consistency issues by following the required steps in How to use data consistency runbooks. Recovering the Operations Manager VM 1 From the VMM console, shut down the Operations Manager VM (OM01).
Verifying the VMM library server is working If you recovered the VMM VM, you should verify that the VMM library is working correctly. 1 After recovery, open the VMM console, and then open the Library workspace. 2 Under Library Servers, verify that the VMM server is listed as the library server, with the correct library shares of MSSCVMMLibrary. 3 If the library server or share does not appear, see the TechNet Library article How to Add a VMM Library Server or VMM Library Share (http://technet.
Table 25. SPF Database Name SQL Server Instance Database Name SQLIN02 SCSPFDB 3 From the VMM console, start the VM. 4 Detect and repair any data consistency issues by following the required steps in How to use data consistency runbooks. Recovering Windows Azure Pack Windows Azure Pack provides the portals (and additional features) where application administrators and subscribers manage their resources.
SQL Server VM recovery To recover a SQL Server VM: 1 Log on to the Console VM. 2 Start Failover Cluster Manager, and then connect to the SQL Server cluster SQLCL. 3 Evict the node that you want to recover, for example SQL02. To do this, under the cluster name, click Nodes. Right-click the node that you want to evict, point to More Actions, and then click Evict. 4 Under Nodes, verify that the server you evicted is no longer listed.
$dummyVms = $VHDMap[$vhd.ParentDisk.ID].split(","); foreach($dummyVm in $dummyVms) { if($VmsWithParentVHDs[$dummyVm] -eq $null) { $VmsWithParentVHDs.Add($dummyVm,"1") } } } else { $VHDMap.Add($vhd.ParentDisk.ID , $vm.Name) } } } } if($VmsWithParentVHDs[$vmname]) { Write-Host "The VM has a parent VHD configuration." } else { Write-Host "The VM does not have a parent VHD configuration." } The script output indicates whether the VM has a parent VHD configuration.
Recovering a VM with a parent VHD configuration Perform the following steps for a VM that does not use a differencing disk. 1 If the VM is present in the Windows Azure Pack management portal for tenants, delete the VM from the portal. 2 Use the steps in Recovering a VM to an alternate location to recover the VM. 3 From the VMM console, start the VM.
Figure 30. Add initiator ID 3 Click Next, and follow the wizard to complete the VHD setup. Step 2: Add the iSCSI disk to the DPM server as a staging area 1 Log on to the DPM server and start the ISCSI initiator. In Server Manager, on the Tools menu, click iSCSI Initiator. When prompted to start the service, click Yes. The iSCSI Initiator Properties dialog box opens.
Figure 32. Configure Online Protection d On the Recovery Folder Settings page, point to the new volume (or folder on that volume) that you added. Figure 33. Recovery Folder Settings 5 Now recover the VM. 6 After you recover the VM, clean up the configuration. a b c Reconfigure the DPM staging area to point to the original location (E:\StagingArea). Remove the iSCSI connection by disconnecting it via the iSCSI initiator. Delete the VHD from the source server.
Determining whether to recover or rebuild If you have trouble with a DPM server, you can either perform DPM recovery or you can rebuild the DPM server. Use the following steps to determine which method to choose. 1 Log on to the backup host (or browse through a network connection), and do the following: a b 2 Browse to H:\\Virtual Hard Disks. For each DPM VM, verify that there is a DPM0#-Scratch VHD file listed. On the Console VM, in the VMM console, check the DPM VM properties.
d If you are running version 1.1 or later, do the following: 1 In the section, if the following line exists, remove it for each DPM VM: 2 Search for the section.
41153741f454be9b3ec7fc6fff1cc0e1a3ca2e56fb7f7af16c5d4a6fd71e0d91c742b38782e03a648c8eb39da " SerialNumber="22PGD42"> d On the backup host, open a Windows PowerShell session as an elevated user, and then run the following commands to enable the local administrator account, and to update to the same password that you specified for $password, in step 10a (that is, the plain text password). net user administrator /active:yes net user administrator 10 Set the password field in the .
13 If the DPM is an infrastructure DPM server, update the server map. a b c d 14 15 Log on to the APA VM (APA01). Open Windows PowerShell. Run the following command, and note the result: (Get-SmaVariable -Name "dpm-configurationmap" -WebServiceEndpoint https://localhost).value.PendingDPMServerMap If the output is null, run the following: $variableName = "DPM-configurationmap" $a = (Get-SMAVariable -Name $variableName -WebServiceEndpoint https://localhost).value $a.
Figure 35. Allow Re-registration 21 Next, re-register the DPM server with the same backup vault. a b c d e Download the vault credentials file from the Azure portal to a location on the Console VM, and make sure that you have the passphrase that you used as an encryption key when you opted in to Azure Backup. In the DPM Administrator console, open the Management workspace. Click Online. On the ribbon, in the Online Protection group, click Register, and complete the wizard .
For example: b Update the DPM node configuration. Search for in the file. For each DPM server, update DeploymentStatus to "DomainJoined".
8 On the Console VM, update the registry subkey for deployment status. a b c Open Registry Editor. Locate the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cloud Solutions\Deployment\Status Update the values for the backup host and the DPM VMs from Deployed to DomainJoined. For example: Figure 36.
13 Use the steps in Recovering a datasource to an alternate DPM server to recover VMs and databases that were protected by the DPM server that was rebuilt. Recovering the DPM database 1 Log on to the DPM VM, and ensure that the backup copies of the DPMDB database are stored at the path E:\DPMDBBackup. 2 On the DPM VM, open SQL Server 2014 Management Studio. Connect to the DPM server and instance which stores the DPM database that you want to recover (for example, DPM01\MSDPMDB).
#create VHDs for($i=0;$i -lt $no_of_Vhds;$i++) { $diskNum = $i + $startNumber ; $path = $location[$i%3]; $vhdpath = "$path$DPMName-Backup$diskNum.vhdx" $vhdsize = 1024GB New-VHD -Path $vhdpath -Dynamic -SizeBytes $vhdsize $BackupDiskVHDPaths += $vhdpath } $VhdsToBeAdded2VM = $BackupDiskVHDPaths #VHDsOnBus contains the existing VHDs count for bus(index of array) $VHDsOnBus = @{} for($Bus = 0; $Bus -lt $AdaptersCount; $Bus++) { $VDDs = $DPMVM.hardDrives | where{$_.ControllerNumber -eq $Bus -and $_.
Add-VMHardDiskDrive -VM $DPMVM -ControllerType SCSI -ControllerNumber $Bus -Path $VhdTobeAdded $VHDsOnBus[$Bus] += 1 } 4 After the disks are created, connect to the DPM VM, and initialize the disk by using Disk Manager. 5 Add the disks to the DPM storage pool. For information about how to do this, see Configure storage pools and disk storage. Monitoring DPM DPM automatically backs up data according to the backup settings. At times, DPM backups might fail.
Using the Dell Hybrid Cloud System for Microsoft data consistency runbooks Dell Hybrid Cloud System for Microsoft includes runbooks that you can use to detect and, in some cases, to automatically recover from data inconsistencies between the databases of the components that are deployed as part of Dell Hybrid Cloud System for Microsoft. Specifically, the Invoke-DataConsistency runbook (and its associated child runbooks) detects and tries to recover from inconsistencies between components’ states.
NOTE: There is an additional data consistency runbook that is not called by the Invoke-DataConsistency runbook. This is the SyncVMClouds runbook. It refreshes fabric objects such as VMM hosts, clusters, library shares, virtual machines, and so on, to bring the VMM database to a consistent state with the current state of the underlying fabric. After a fabric sync completes, the runbook syncs VMM with Operations Manager.
Figure 37. Data Consistency Master Report d The report indicates a status of either "Succeeded" or "Inconsistencies Detected." If there are inconsistencies that were detected, expand the category for more details. To repair inconsistencies, do the following: NOTE: You can run repair operations when there is live traffic on the system. However, with live traffic, repair may take longer.
Error Cause/Resolution Resolution: Restore the SPF database to the last known good state. How to manually recover access to tenant-created objects The consistency scripts do not detect or recover tenant-created objects. These include VM networks, VMs, and VM roles. If a tenant loses access to a tenant-created object, you can restore access by using VMM cmdlets in the VMM command shell. You can also recover access to a tenant-created VM role.
When the P&U framework runs, it does the following: • Orchestrates the updates so that they are performed in the correct order. • Automatically puts servers in and out of maintenance mode during servicing. • Validates components when servicing is complete. The P&U framework installs approved software updates on infrastructure hosts and VMs for various combinations of the following products: NOTE: Any given package may or may not contain updates from all the categories listed.
When to run the update package Run the update package during a scheduled maintenance window when there is low activity. There is associated downtime for the infrastructure VMs if the package installs updates that require a server restart on the VMs. The patch and update mechanism does not target tenant workloads for software updates, so tenant VMs should not typically experience downtime. However, if an update package contains driver and firmware updates, there may be associated downtime.
6 The package is a self-extracting executable (.exe) file named DHCS-Update-YYMM.exe, where YYMM designates the year and the month of the updates contained in the package. Double-click the file to run the executable and extract the package contents to the shared folder. Do the following: a b c The Dell Hybrid Cloud System for Microsoft Setup Wizard opens. Click Confirm to step through the wizard. Click Install to extract the update package. Click Finish when the wizard completes.
Figure 38. Read-only Health Check 4 When prompted, enter the account credentials of the account you used when you logged on. 5 The Invoke-PURun script performs a one-time environment setup and may prompt you to restart Windows PowerShell on its first invocation. PowerShell environment settings have changed. Please restart the PowerShell console before proceeding.
\\CON01\PUShare\PU\Framework\PatchingUpgrade\Invoke-PURun.ps1 PUCredential (Get-Credential) To change to Prompt or Continue, specify the –ScomAlertAction parameter with the desired value, for example: \\CON01\PUShare\Framework\PatchingUpgrade\Invoke-PURun.ps1 ScomAlertAction "Continue" -PUCredential (Get-Credential) 4 When prompted, enter the account credentials of the account that you used when you logged on.
d 7 In the Temp folder, look for the file that is named PUProgressDetails.txt. View running jobs in the VMM console (in the Jobs workspace). At the very end of the patching process, the Console VM automatically restarts, closing the Windows PowerShell session. To verify that P&U successfully completed, look for the following event in the Event Viewer under Applications and Services Logs > PUEventLog > Operational on the Console VM. You can search for CompletePU. Figure 40.
3 To retrieve logs with more details, view the temp folder. To determine the temp folder, run the following command in Windows PowerShell: [System.IO.Path]::GetTempPath() The temp folder path is something similar to: C:\Users\\AppData\Local\Temp\2\. If the temp folder path includes a numbered folder, such as 2, 3, or 4, go up one folder level to the \Temp folder. If you browse in File Explorer, AppData is a hidden folder. You can type the folder path to get to it, for example: Figure 41.
Before you begin To perform a graceful shutdown of the Dell Hybrid Cloud System for Microsoft stamp you must follow this sequence: • The cluster names and IP addresses for the compute cluster, Scale-Out File Server (SOFS), and SQL Server guest cluster • Host names and IP addresses for the compute cluster, storage cluster, and SQL Server guest cluster • Infrastructure VM names and IP addresses.
Step 1: Stop any backups NOTE: Dell recommends that any infrastructure VM and database backups that may be in progress are completed before you shut down the infrastructure VMs. For information about the default schedule, see Default backup and retention policy. 1 Log on to the Console VM (CON01) using an account that is a member of the -Ops-Admins group. 2 Open the Operations console.
Step 4: Shut down the tenant VMs 1 Log on to the Console VM using an account that is a member of the -Setup-Admins group. 2 Open Failover Cluster Manager, right-click Failover Cluster Manager, click Connect to Cluster, click Browse, and then click the compute cluster.
d 2 When the host is shut down, continue to the next host. Always wait until the current host shuts down before you shut down the next host. Continue until all compute cluster hosts are shut down.
Ensure that your Active Directory Domain Services (AD DS) infrastructure is available, and functional. Step 1: Power on the hardware devices 1 Power on the PDUs. 2 Ensure the on/off switch is on for the JBODs.
c d APA01 APT01 8 In Failover Cluster Manager, while connected to the compute cluster, ensure you select all tenant VMs and start them as well. 9 Clear rule-based generated alerts that were created during the startup process. To do this, open the Operations Manager Shell from the Console VM, and run the following commands: $InstanceObject = Get-SCOMClass -Name Microsoft.SystemCenter.
Figure 44. DPM Refresh agents Known Issues Issue #1: WAP (Windows Azure Pack) Admin API, WAP Usage, and Usage Collector components report a Warning state. Symptoms: After a restart of Dell Hybrid Cloud System for Microsoft, the following Windows Azure portal components are in a Warning state, and there are the following alerts in Operations Manager: • Windows Azure Pack Site Unknown Error Monitor Usage • Windows Azure Pack Site Unknown Error Monitor Usage Collector.
2 Open the VMM console, open the Jobs workspace, and check for failed Refresh host cluster jobs. 3 In the error details for each of the failed jobs, check for the following error: Error (2912) An internal error has occurred trying to contact the server: : . WinRM: URL: [http://s54c01b.lajolla.local:5985], Verb: [ENUMERATE], Resource: [http://schemas.microsoft.
Step 1: Verify that the storage is available and functional 1 If the iDRACs are connected, Dell recommends that you use a laptop. Configure the laptop and connect it to port 39 or 40 of the switch, then complete the following steps. 2 From the laptop, connect to the IPv4 iDRAC address of one of the file server cluster hosts by using a browser, for example, open https://192.168.164.131. 3 Ping the file server cluster hosts until they respond. It may take 10-20 minutes for them to be reachable.
Step 3: Ensure the Windows Azure Pack services are running Because in this scenario there is no control over the order of the components coming up, Dell recommends that you restart the infrastructure VM named APA01. To do this, follow the steps below. 1 Use Remote Desktop Connection to connect to the Console VM with an account that is a member of the -Setup-Admins group. 2 Open Failover Cluster Manager. 3 Connect to the compute cluster.
e f L Backup-S20DPM02-1 NTFS Fixed Healthy M Backup-S20DPM02-2 NTFS Fixed Healthy N Backup-S20DPM02-3 NTFS Fixed Healthy C NTFS Fixed Healthy NTFS Fixed Healthy In the VMM console (in the VMs and Services workspace) or in Hyper-V Manager, check to make sure the DPM VMs that are hosted on this server are running. Log on to each DPM VM, and verify the following: 1 Open Disk Management (Diskmgmt.msc), and verify that there are 23 disks present, and that all are online.
Step 7: Verify the health of the Dell Hybrid Cloud System for Microsoft components 1 On the Console VM, open the Operations console. 2 In the Monitoring workspace, expand Microsoft Cloud Dashboard, and then click Microsoft Cloud Dashboard. 3 Make sure all components are healthy.
4 Security This chapter discusses security issues pertaining to: • User accounts • Passwords • Encryption keys • Managing antivirus, antimalware, and certificates.
Type Accounts Privileges Usage Password Management Out-of-band management Default password: Directory Domain Services. Dell Managed Accounts iDRAC Account administrator p@ssw0rd Password rotation: Manual Service accounts This section discusses: • Local service accounts • Domain service accounts. Local service accounts The local service accounts that are required for Windows Azure Pack are listed in the following table. Table 33.
• MgmtSvc-WebAppGallery • MgmtSvc-WindowsAuthSite • TenantSiteNotificationServiceUser You do not have to touch any of these accounts. For all of these: • The passwords are autogenerated. • Password rotation is done when you run the MCPasswordReset script. The password expiration for SpfUser and SMAUser are controlled by domain policy. Note that all Windows Azure Pack database account passwords do not expire. However, they are rotated on the same schedule.
Groups The following table describes security groups created by the Dell Hybrid Cloud System for Microsoft deployment process. Table 35. Security groups Group Name Scope Usage Details -Ops-Admin Domain Local To provide administrators with access for day-to-day management operations. • • Users and groups can be added to this group from trusted domains.
• -System • -SVC-SQL • -SVC-VMM • -SVC-OM • -SVC-SPF • -SA-SMA. It is recommended that you run the MCPasswordReset script to reset the passwords for these service accounts whenever you are alerted to do so by System Center Operations Manager. These accounts are described in User accounts and groups that are added by default. IMPORTANT: Read this entire section before you run the script.
How to run the MCPasswordReset script Do the following: 1 Log on to the Console VM. 2 Open Windows PowerShell. 3 Change directories to C:\Program Files\Microsoft Cloud Solutions\PasswordReset. For example: PS C:\Users> cd C:\Program Files\Microsoft Cloud Solutions\PasswordReset. 4 Type the following command to start the script, and then press Enter. .\MCPasswordReset.ps1 For example, PS C:\Program Files\Microsoft Cloud Solutions\PasswordReset> .\MCPasswordReset.ps1.
• SMA server • SMA database. 2 The script performs a basic health check on components it must access to change passwords. Specifically, the script verifies that all VMs, related services, and SQL Server instances are running. 3 If step 2 is successful, the script resets the passwords described at the start of this section. If required VMs or services are not running, the script prompts you with the following warning: Some virtual machines or services are not running.
Viewing job status and errors in the Windows Azure Pack portal You can also view password reset script job status and errors in the Windows Azure Pack management portal for administrators as follows: 1 In the Windows Azure Pack management portal for administrators, click Automation. 2 Click Runbooks. 3 In the search text box, type the word password, and then click Search. 4 In the search results, click PasswordReset-Log. 5 Click Jobs. On the Jobs page, you can view the status of current jobs.
Figure 48. Reset Password f g 2 Repeat this procedure for the -SVC-VMM account. Close Active Directory Users and Computers. Step 2: Reset the password of the service accounts in the Services snap-in. a b c On the Console VM, open the Failover Cluster Manager console from the Tools menu in Server Manager. In the Actions pane, click Connect to Cluster. Select the SQLCL cluster. If the cluster is not listed in the drop down list, click Browse. After you select the cluster, click OK.
a b Change the password for the -System account in Active Directory Users and Computers. Run the Set-SmaCredential cmdlet to set the matching password in SMA. To do this, run the following commands from the VM that is running SMA (APA01): $cred = Get-Credential When you are prompted, enter \-System, and the new password you set in Active Directory Users and Computers. Then, run the next line of the command.
6 Open the VMM console. 7 In the Settings workspace, expand Security, and then click Run As Accounts. 8 Right-click the -Fabric Run As account, and then click Properties. 9 Type the same password that you set in Active Directory Users and Computers. Click OK, and then close the VMM console. 10 Try running the MCPasswordReset script again.
Figure 50. Endpoints with FEP NOTE: If you click Endpoints without FEP, it is expected that storage nodes do not have Endpoint Protection installed. How to run unscheduled antimalware scans Endpoint Protection runs a quick scan of Dell Hybrid Cloud System for Microsoft resources every 24 hours, and runs a full scan once per week.
How to update antimalware definitions manually By default, Endpoint Protection checks for updated antimalware definitions every eight hours. You should not need to update antimalware definitions manually; this is optional. Antimalware updates are applied automatically by Windows Server Update Services (WSUS). Part of the initial installation and setup of Endpoint Protection included configuring WSUS to approve antivirus and antimalware updates automatically.
• As certificates expire, you must periodically perform tasks in Replacing self-signed certificates with CA-signed certificates again. Viewing the certificates You can view certificates in the GUI, by opening the certlm.msc snap-in on the Console VM, and targeting the snap-in at Dell Hybrid Cloud System for Microsoft computers that are running Windows Azure Pack website services, SMA, and SPF. These VMs are APT01 and APA01.
c d e f g Click Add Setting, and then click Add Credential. In the Credential Type list, click PowerShell Credential. In the Name box, type a name for the asset (for example, CertExport), and then click the Next arrow. In the User Name box, enter a user name; for example, SMACred. This does not need to be an existing user in the domain, or have any specific permissions. In the Password and Confirm Password boxes, type a password.
In each root level folder, there is a second-level folder that is the name of the VM on which the certificate is installed. This folder contains the following files: • The exported .pfx file • A Java Script Object Notation (JSON) representation of the certificate (.json file) • A text file where you can view the certificate subject name, expiration date, and other information. Step 2: Obtain certificates from a trusted certification authority and copy the .
Input Parameter Details StoreName Possible values include: • Root Use this for the Trusted Root Certification Authorities store. • CA Use this for the Intermediate Certification Authorities store • MY Use this for the Personal store. Step 4: Prepare the file share with the new .pfx certificates Prerequisites • Before you do this step, make sure that the new certificates are in .pfx file format. If not, you can use the Certificates snap-in (Certmgr.msc) to convert them.
\MgmtSvc-TenantPublicAPI \APT01 CF75D3CAE126353B0700F9820ECBA0F67F75001C.pfx \MgmtSvc-TenantSite \APT01 CF75D3CAE126353B0700F9820ECBA0F67F75001C.pfx \MgmtSvc-Usage \APA01 CF75D3CAE126353B0700F9820ECBA0F67F75001C.pfx \MgmtSvc-UsageCollector \APA01 CF75D3CAE126353B0700F9820ECBA0F67F75001C.pfx \MgmtSvc-WebAppGallery APA01 CF75D3CAE126353B0700F9820ECBA0F67F75001C.pfx \MgmtSvc-WindowsAuthSite APA01 CF75D3CAE126353B0700F9820ECBA0F67F75001C.pfx \SMA APA01 CF7
g 2 In the Password and Confirm Password boxes, type a password. This password must match the password that was used to protect the private key of the certificates that you want to import. Run the Set-SslCertificate runbook to update to the new trusted certification authority certificate. The SSL certificates must be provided as .pfx files, and must include a private key protected by a password. The runbook takes the following parameters: Table 39.
Appendix A: Expanding the stamp When customers initially purchase the Dell Hybrid Cloud System for Microsoft, the solution may be configured with fewer than the maximum number of compute nodes, storage JBODs, network switches, or backup hosts. The following figure outlines the components that may be ordered to expand the scale and/or functionality of the solution after it has already been deployed. This section outlines procedures for adding these components and integrating them into the solution.
However, if a significant amount of time has passed between the original order and the expansion, it is likely that image versions and/or firmware versions may be different. Before beginning the expansion deployment, it will then be necessary to bring the existing environment up to a solution release level that is compatible with the images provided on the expansion chassis. The Patch and Update (P&U) process can be used to update the solution stack. For more information about P&U, go to support.dell.
Appendix B: Performing a factory reset This section describes how to reset a deployed Dell Hybrid Cloud System for Microsoft stamp so that it can be redeployed. Before you redeploy, you must reset backup servers, storage servers, and compute nodes to factory defaults and prepare for a fresh deployment. CAUTION: Performing these steps results in loss of all workload VMs running in your private cloud.
Resetting the backup servers CAUTION: Before you start the factory reset for Backup Servers, make sure that you are using a Microsoft System Center Server product key, the Volume License Key. See the Solution Integration Document (SID) for Volume License Key information. If you are not using the Volume License Key, Backup Server deployment will fail after a reset as well. 1 Open iDRAC consoles for each physical host. The Field Engineer (FE) must be connected using the FE laptop.
6 As indicated in the graphic, Disk #1 requires clearing. To confirm that this disk is the backup disk, obtain a list of partitions by entering the command Get-Partition. Figure 56. Get-partition The list of partitions that is returned confirms that Disk #1 has the partition created to house the backed-up data. 7 Now delete Disk #1 and clean out all its data by entering the following PowerShell cmdlet: Clear-Disk -Number 1 -RemoveData -Verbose 8 Select Yes to proceed. Figure 57.
Figure 58. Confirmation disk is removed 10 11 12 13 Log on to the Console VM CON01 with Domain Account. For Domain Account information, see the Solution Integration Document Remove the host from VMM. a In the VMM console, open the VMs and Services workspace. b Under the All Hosts host group, remove the backup host on which the DPM VM resides. Remove the backup host and DPM VMs from Operations Manager. a Open the Operations Console.
Figure 60. Connect to Server Figure 61. Select Server 14 Next remove the DPM01 and DPM02 virtual machine folders from the Backup Host B01. To accomplish this, access your Backup Host B01 from the Console VM as follows: a b c 140 Click Start and search for Run. Access the D: drive of the Backup Host B01 by typing \\B01\d$. Delete the folders DPM01 and DPM02.
Figure 62. Delete folders from backup host 15 At the PowerShell prompt, run the reagentc /boottore command. If you receive a message saying REAGENTC.EXE: Operations successful, continue to the next step. If you do not receive this message, follow the escalation path. NOTE: If this is not the first time the server has been reset, you might receive an error message saying: REAGENTC.EXE: Windows RE is disabled. In that case, open an elevated Windows PowerShell session, and run the reagentc /enable command.
Figure 64. Troubleshoot advanced 19 In Advanced options, click Command Prompt. Figure 65. Advanced options 20 When a system command prompt is displayed, run the following commands: del c:\hostos.vhdx copy c:\recovery.vhdx c:\hostos.vhdx 21 Close the command prompt by typing Exit. 22 On the Windows Recovery Environment main menu, click Continue.
Figure 66. Troubleshoot options The server restarts and completes factory first-boot automation. CAUTION: After completing this factory reset process, wait for at least 30 minutes before proceeding to the next step. 23 From the iDRAC Virtual Console, select Power > Graceful Shutdown. Figure 67. iDRAC graceful shutdown The backup hosts power off. Later in the factory reset process, you follow the power-on procedures for Dell Hybrid Cloud System for Microsoft, as described in Starting up the stamp.
Figure 68. Backup Active Directory cleanup 2 Clean the DNS objects for B01, DPM01, and DPM02. a Log in to the customer’s DNS server, and delete the entries for B01, DPM01, and DPM02. In the following example, Dell Hybrid Cloud System environment is called “abcde.” Figure 69. Backup DNS cleanup 3 Delete Backup Deployment registry entries for B01, DPM01, and DPM02.
Figure 70. Backup registry cleanup 4 Delete all backup-related configuration for B01, DPM01, and DPM02 in deploymentmanifest.xml. a Open the manifest file on the CON01 console VM located at C:\Program Files\Microsoft Cloud Solutions\DeployDriver \Manifests\ deploymentmanifest.xml. Search (CTRL+F ) for the following sections and delete them. ……. and …….. Figure 71.
Figure 72. PowerShell Remove-SmaVariable The SMA variable is removed from the APA01 server. 6 Re-run BackupDeployDriver. Resetting the storage cluster (-SCL) 1 Open iDRAC consoles for each physical host. The Field Engineer (FE) must be connected using the FE laptop. The laptop is connected to port TE 1/40 on one of the Top of Rack switches. 2 Configure the FE laptop with the IP address in the Solution Integration Document (SID). 3 Power down the JBODs.
9 On the Troubleshoot menu, click Advanced options. Figure 74. Troubleshoot advanced 10 In Advanced options, click Command Prompt. Figure 75. Advanced options 11 When a system command prompt displays, change to the C: drive and run the following commands: • del c:\hostos.vhdx 12 • copy c:\recovery.vhdx c:\hostos.vhdx Close the command prompt by typing Exit. 13 On the Windows Recovery Environment main menu, click Continue.
Figure 76. Troubleshoot options The server restarts and completes factory first-boot automation. CAUTION: After completing this factory reset process, wait for at least 30 minutes before proceeding to the next step. 14 From the iDRAC Virtual Console, select Power > Graceful Shutdown. Figure 77. iDRAC Graceful Shutdown The storage hosts power off. Later in the factory reset process, you follow the power-on procedures for Dell Hybrid Cloud System for Microsoft, as described in Starting up the stamp.
NOTE: If this is not the first time the server has been reset, you might receive an error message saying: REAGENTC.EXE: Windows RE is disabled. In that case, open an elevated Windows PowerShell session, and run the following commands: • Stop-Service clussvc • reagentc /enable • If you receive a message saying REAGENTC.EXE: Operations successful, type reagentc /boottore. 5 Restart the server. From the Open Command windows type Shutdown –r –t 0.
Figure 80. Advanced options 9 When a system command prompt is displayed, run the following commands: del c:\hostos.vhdx copy c:\recovery.vhdx c:\hostos.vhdx del c:\vhd\console.vhdx copy c:\vhd\consolerecovery.vhdx c:\vhd\console.vhdx 10 Close the command prompt by typing Exit. 11 On the Windows Recovery Environment main menu, click Continue. Figure 81. Troubleshoot options The server restarts and completes factory first-boot automation.
Figure 82. iDRAC Graceful Shutdown Clean up Active Directory and DNS records If you want to redeploy a Dell Hybrid Cloud System for Microsoft stamp with the same customer prefix, you must remove stale objects left over from the previous deployment from your Active Directory and DNS databases. 1 On a domain member server or workstation with Active Directory management tools installed, open Active Directory Users and Computers.
Delete the VMM server First, delete the VMM server from Azure Site Recovery: 1 Sign in to the Azure portal, at https://portal.azure.com, and select the appropriate subscription. 2 Under Recovery Services vaults, click the name of the vault for the Dell Hybrid Cloud System for Microsoft deployment (look for - or cps-) to open the vault dashboard. 3 In Settings, under Management Servers, click Site Recovery servers.
Appendix C: Retrieving cluster names, host names, and IP addresses You can use the following Windows PowerShell commands to retrieve cluster and host names, and IP addresses for the clusters, hosts, and infrastructure VMs. Run the commands in an elevated Windows PowerShell session on the Console VM.
Example Get-Cluster -Name S54SCL | Get-ClusterResource "Cluster IP Address"| Get-ClusterParameter -Name Address Example 3: SQL Server clusters Syntax Get-Cluster -Name | Get-ClusterResource "Cluster IP Address"| GetClusterParameter -Name Address Example Get-Cluster -Name S54SQLCL | Get-ClusterResource "Cluster IP Address"| Get-ClusterParameter Name Address Get host names and IP addresses for cluster hosts Compute cluster host Syntax Get-ClusterNetworkInterface -Cluster
Get-ClusterNetworkInterface -Cluster S54SQLCL | Format-Table -Property Node, Name, IPv4Addresses, Ipv6Addresses Get infrastructure VM names and addresses Syntax Get-SCStaticIPAddressPool -Name "Management_Pool" | Get-SCIPAddress | Format-Table –Property Description,Address Appendix C: Retrieving cluster names, host names, and IP addresses 155
Appendix D: Ports and protocols The following table defines Dell Hybrid Cloud System for Microsoft protocol and port number mappings. Table 41.
Source Any Any Local subnets Any Target Windows Azure Pack admin (APA01) Windows Azure Pack public (APT01) Any Console VM Protocol Port Comment TCP 135 RPC, EPM TCP 1025:5000 RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS (2003) TCP 49152:65535 RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS (2008) TCP 5722 RPC, DFSR (SYSVOL) UDP 123 NTP TCP/UDP 464 Kerberos change/set password UDP 1025:5000 DCOM, RPC, EPM (2003) UDP 49152:65535 DCOM, RPC, EPM (2008) UDP 13
Source Target Protocol Port Comment All hosts and VMs Internet TCP 80:443 Azure services Local subnets Operations Manager (OM01) TCP 5723 Operations Manager agent communication TCP 5724 Operations Manager console communication Local subnets All hosts and SQL Server VMs TCP 135:1024-65535 DPM agent communication Management subnets Local subnets TCP/UDP 5985 WS-Management All iDRACs Local subnets TCP 5900:5901 iDRAC Console and Virtual Console 158 Appendix D: Ports an