Book Image

System Center 2016 Virtual Machine Manager Cookbook - Third Edition

By : Roman Levchenko, EDVALDO ALESSANDRO CARDOSO
Book Image

System Center 2016 Virtual Machine Manager Cookbook - Third Edition

By: Roman Levchenko, EDVALDO ALESSANDRO CARDOSO

Overview of this book

Virtual Machine Manager (VMM) 2016 is part of the System Center suite to configure and manage datacenters and offers a unified management experience on-premises and Azure cloud. This book will be your best companion for day-to-day virtualization needs within your organization, as it takes you through a series of recipes to simplify and plan a highly scalable and available virtual infrastructure. You will learn the deployment tips, techniques, and solutions designed to show users how to improve VMM 2016 in a real-world scenario. The chapters are divided in a way that will allow you to implement the VMM 2016 and additional solutions required to effectively manage and monitor your fabrics and clouds. We will cover the most important new features in VMM 2016 across networking, storage, and compute, including brand new Guarded Fabric, Shielded VMs and Storage Spaces Direct. The recipes in the book provide step-by-step instructions giving you the simplest way to dive into VMM fabric concepts, private cloud, and integration with external solutions such as VMware, Operations Manager, and the Windows Azure Pack. By the end of this book, you will be armed with the knowledge you require to start designing and implementing virtual infrastructures in VMM 2016.
Table of Contents (16 chapters)
Title Page
Packt Upsell
Contributors
Preface
Index

Configuring Distributed Key Management


Distributed Key Management (DKM) is used to store VMM encryption keys in an Active Directory Domain Services (AD DS) container.

When installing VMM, for security reasons (recommended, as it encrypts the information on AD) and when deploying HA VMM (required), choose to use DKM on the Configure service account and distributed key management page.

Why do we need DKM? By default, using the Windows Data Protection API (DPAPI), VMM encrypts some data in the VMM database (for example, the Run As account credentials and passwords), and this data is tied to the VMM server and the service account used by VMM. However, with DKM, different machines can securely access the shared data.

Once an HA VMM node fails over to another node, it will start accessing the VMM database and use the encryption keys conveniently stored under a container in AD to decrypt the data in the VMM database.

Getting ready

The following are some considerations for using DKM in VMM 2016:

  • When...