You manage your virtual environment by using Microsoft System Center Virtual Machine
Manager (VMM) 2008 R2 running on the internal network. You have several host servers in
a perimeter network (also known as DMZ).
You are installing VMM agents on the host servers.
You need to ensure that the agents can communicate with the VMM server.
Which two elements should you configure? (Each correct answer presents part of the
solution. Choose two.)
A.
An encryption key
B.
The VMM server name
C.
The URL of the VMM Self-Service Portal
D.
A port number
Explanation:
Hosts in a non-trusted Active Directory domain
For a Windows Server–based host in an Active Directory domain that does not have a twoway trust relationship with the domain of the VMM server, VMM uses the same
authentication and encryption methods that it uses for a Windows Server–based host on a
perimeter network. For that reason, security requirements for those two topologies will be
discussed together. Hosts that don’t run on a Windows Server operating system NonWindows Server–based hosts in a managed VMware Infrastructure 3 (VI3) environment
have different security requirements than do Windows Server–based hosts, and are
discussed separately. For Windows-based hosts running either Hyper-V or Windows Server,
VMM uses the WSManagement protocol to transfer control data. WS-Management is an
HTTP protocol that connects via port 80 by default.
Windows Remote Management (WinRM), the Microsoft implementation of the WSManagement protocol, handles authentication and encryption internally.The authentication method that is used depends on the host location:
Trusted Active Directory domain—For Windows-based hosts in an Active Directory domain
that has a twoway trust relationship with the domain of the VMM server, Kerberos is used for
authentication.
Non-trusted Active Directory domain or perimeter network—For Windows Server–based
hosts in a nontrusted Active Directory domain or on a perimeter network, the VMM agent
uses NTLM for authentication and a CA-signed certificate that is installed on the host during
agent installation to encrypt communications between VMM and the host. The credentials
are created at random and support mutual authentication.
A host on a perimeter network requires local installation of the VMM agent. The host then
must be added to VMM by using the Add Hosts Wizard to provide credentials and to retrieve
the certificate and public key that were generated during agent installation. Any updates to
the VMM agent on a host on a perimeter network also require manual agent installation
followed by updating the host credentials in VMM. In a non-trusted Active Directory domain,
local installation of the VMM agent or any future updates to the agent is not required. VMM
installs the agent when the host is added to VMM.