Your Browser is Out of Date

Nytro.ai uses technology that works best in other browsers.
For a full experience use one of the browsers below
Concepts Guide—Dell EMC Integrated System for Microsoft Azure Stack Hub
Executive Summary Solution Overview Prerequisites Hardware Infrastructure Networking and Cabling Operations and Management Software Security
Security overview
Least-privilege authority
Secrets rotation
Maintaining the Solution Backup and Recovery Conclusion License Retrieval Dell Technologies Support and Consulting Offerings Revisions

Secrets rotation

Secrets rotation

  • Overview

    We recommend, on a regular cadence, that you rotate secrets that are contained in the switches, HLH, and iDRACs, for example, passwords, certificates, or string keys. At the end of the deployment period, Dell Technologies assists the operator, if required, to set up accounts and remove any well-known user names and passwords.

    For more information about guidance on secrets in use and how to use the available tools, see Rotate secrets in Azure Stack Hub on the Microsoft website.

    The following table lists the supported Azure Stack Hub rotation matrix.

    Table 39.           Microsoft Azure Stack Hub supported rotation

    Certificate installed

    Rotate certificate to

    Supported

    Azure Stack Hub release

    Self-Signed

    Enterprise

    Not supported

     N/A

    Self-Signed

    Public

    Supported

     1803 and later

    Self-Signed

    Self-Signed

    Not supported

     N/A

    Enterprise

    Public

    Supported

    1803 and later

    Enterprise

    Self-Signed

    Not supported

     N/A

    Enterprise

    Enterprise

    This is supported in 1803 if customers use the same enterprise CA that is used at deployment

    1803 and later

    Public

    Self-Signed

     Not supported

    N/A 

    Public

    Enterprise

     Not Supported

    N/A

    Public

    Public

     Supported

    1803 and later

    Important: We do not recommend using well-known user names such as ADMIN, admin, root, Administrator, USERID, and so on, or weak passwords, such as Password, Password1!, P@ssW0rd, Welcome, 1234567, Winter10, Calvin, and so on.

    HLH-related password changes

    By default, Windows Server 2019 account passwords on the HLH host, Management VM, and OpenManage Network Manager VM are set to expire after 30 days. This default includes the Administrator accounts and any other operator accounts that are created during deployment. These operating system account passwords can be changed through the system settings in Windows Server 2019.

    If the passwords are allowed to expire, then you must open a console session to perform a reset; RDP connections are unable to connect if the password has expired. For the Management VM and OpenManage Network Manager VM, you can open the console session from the Hyper-V manager on the HLH host. For the HLH host, you must use a physical console or iDRAC virtual console.

    Note: We recommend that you create strong passwords that include at least one each of uppercase and lowercase letters, numerals, and special characters.

    Caution: Due to limitations in OpenManage Network Manager, the switch passwords for admin, admin user, SSH, and SNMP group should only include ! (exclamation mark) as the special character. For more information about passwords and user ID requirements, see the Dell EMC Integrated System for Microsoft Azure Stack Hub Deployment Planning Guide.