Overview

We recommend, on a regular cadence, that you rotate secrets that are contained in the switches, HLH, and iDRACs, for example, passwords, certificates, or string keys. At the end of the deployment period, Dell Technologies assists the operator, if required, to set up accounts and remove any well-known user names and passwords.

For more information about guidance on secrets in use and how to use the available tools, see Rotate secrets in Azure Stack Hub on the Microsoft website.

The following table lists the supported Azure Stack Hub rotation matrix.

Table 39.           Microsoft Azure Stack Hub supported rotation

Important: We do not recommend using well-known user names such as ADMIN, admin, root, Administrator, USERID, and so on, or weak passwords, such as Password, Password1!, P@ssW0rd, Welcome, 1234567, Winter10, Calvin, and so on.

HLH-related password changes

By default, Windows Server 2019 account passwords on the HLH host, Management VM, and OpenManage Network Manager VM are set to expire after 30 days. This default includes the Administrator accounts and any other operator accounts that are created during deployment. These operating system account passwords can be changed through the system settings in Windows Server 2019.

If the passwords are allowed to expire, then you must open a console session to perform a reset; RDP connections are unable to connect if the password has expired. For the Management VM and OpenManage Network Manager VM, you can open the console session from the Hyper-V manager on the HLH host. For the HLH host, you must use a physical console or iDRAC virtual console.