Lessons Learned from a Customer Integrating a Custom Portal with the Azure Pack

Victor Arzate – Program Manager (Microsoft)Markus Klein – Cloud Architect (bytesatwork GmbH)

CDP-B338

The customerThe Cloud OS and Azure PackLessons learned from integrating a custom portal with the Azure Pack

1) Integrating a custom portal with Azure Pack2) Missing reseller role in Azure Pack3) Role-based access control

Agenda

The Customer

Wortmann AG

Wortmann AGManufacturer, distributor and service provider for resellers and systems integrators

The product strategy The indirect sales

Import and export as core competence

WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.

The expansion focuses however on countries bordering on Germany like Austria, Switzerland, Spain, France and the Benelux countries.

Wortmann and the COSN Program

… Microsoft introduced the Cloud OS Network, a worldwide group of more than 25 leading cloud service providers who have embraced our Cloud OS vision and will deliver hosted services built on the Microsoft Cloud Platform, which includes Windows Server with Hyper-V, System Center and the Windows Azure Pack. This announcement represents important progress against our goals and strategy for Cloud OS

The Cloud OS

Customer

ServiceProviderMicrosoft

ConsistentPlatform

ONE

The Cloud OS Enables all the characteristics of a Cloud Service

On-demand Self-ServiceBroad Network AccessRapid ElasticityResource PoolingMeasured Service

Why choosing the Cloud OS

Microsoft’s answer:

The Cloud OS

Bringing Microsoft’s learnings to Wortmann’s datacenter

Windows Server

Microsoft Azure

High performance storage on industry-standard hardware

Policy-based automation

Multi-tenant environments with isolation

Application elasticity

Software-defined networking

Windows Server

Microsoft Azure

Cloud OS Consistent Experiences

R2 w/ Service Provider Foundation

Future Services

Service Bus

SQLVMsWebSites

Service Management API

ServicePlansUsers Provider

PortalConsumer

Self-ServicePortal

Web SitesAppsDatabaseVMs

Service ProviderCustomer

Self Service Portal Moves On-Premises

Common Mgt. Experience

Workloads

Cloud-Enabled Services Move On-

Premises

Consistent Dev.

Experience

Other Service

sCDN.

Media,, etc.

Caching

Service Bus

SQLVMsWebSites

WorkerRole

Service Management API

Web SitesAppsDatabaseVMs

Subscriber Self-

ServicePortal

Windows Azure

R2

Azure Pack Management Portal

Web sites

Web Platform application Services

(PaaS)

Virtual machines

Infrastructure

Services (IaaS)

Service bus

Reliable Messagin

g

Service Management REST API

Virtual Networks

Virtual Networkin

g

Database

SQL Server & MySQL

Database

Azure Pack Sites & EndpointsPortal•Admin Site•Admin Authentication Site•Tenant Site•Tenant Authentication Site•Configuration Site

API•Tenant API•Tenant Public API•Admin API

Resource Providers•Virtual Machines•Web Sites•Service Bus•SQL RP•My SQL RP

Infrastructure•Monitoring•Web App Gallery•PowerShell Modules•Usage•Usage Collector

WAP Component Interaction

TenantPortal

Tenant Public

API

TenantAPI

Admin Portal

Admin API

AD FS

Management

Databases

SQL Cluster

Infrastructure Services

Service Management APIs

Admin API Tenant API Tenant Public API

- Provides Access to Admin Functionality

- Claims based Authentication

- Resource Management

- Used for Automation, Panel/Portal Integration, Admin PowerShell

- Provides Access to Tenant Functionality

- Claims based Authentication

- Provides access to all subscriptions

- Used for Automation (triggered by Admin), Panel/Portal Integration

- Provides Access to Tenant Functionality

- Certificate based Authentication

- Provides access to the subscription that the certificate is tied to

- Tenant PowerShell

Portal Login Scenario using Claims

ASP.Net

ADFS

3rd party

Portal

IdentityProvider

with Secure Token

Service

1. User without Claims2. User is redirected to STS (multiple redirects*)3. User Enters Credentials4. User is authenticated & Claim Token is issued to the user5. User uses claim to access Portal6. Portal Grants access to Resources

STEPS

1

3

4

5

6

User 2

Azure Pack PowerShellAdmin Tenant

Management of Admin resources Management of Tenant resources available under a specific subscription

Claims based authentication Certificate based authentication

Connects to the Admin \ Tenant API Connects to the Tenant Public API

Available with WAP Available with the Microsoft Azure SDK (Open Source)

WAP Service Management Plan & Add-On managementTenant & Subscription management

Resource Provider Management

Resource Management

Lessons learned

1) Integrating a custom portal with the Azure Pack

Wortmann is a local OEM, Distributor of MS Software and will become Hosting Service Provider

Wortmann recognizes that their HW sales will reduce long term, as Cloud Solutions will gain popularity.Wortmann aims to play a key role in the local ecosystem

Wortmann‘s Active Value Added Reseller (VAR) Channel = 10,000 PartnerWortmann‘s VAR Partner Program includes 1,500 PartnerWortmann‘s pre-registered 700+ Partner for their Terra Partner CloudWortmann‘s Partner sell into Mid Market incl. Several niche markets

Wortmann wants to bring the Cloud business into the Channel

Wortmann’s Vision

Extensibility Options in Azure Pack

PowerShellTheming Tenant PortalCustom Tenant PortalCustom Resource Provider

w/ Service Provider Foundation& Service Management Automation

VMs,Networks

,

Automation

Service Bus

DatabaseSQL

SeverMySQL

WebSites

Service Management API

ServicesPlansUsersAutomation

Admin Site

Tenant Site

Web SitesAppsDatabaseVMs

CustomResourceProviders

Requirement to add other Wortmann offerings

HousingHosting

Build to order functionalitySupport to fully customize and create end customer quotes

Challenges of adopting Azure Pack

Minimize impact to resellers and end usersNot easy to retrain 700+ resellersPortal had to be very simple for end users to place orders and consume servicesPortal should be familiar with the tools they’re used toShould reflect Wortmann’s corporate identity

Maximize PowerShell automation as much as possibleHow to leverage WAP APIs?

Infrastructure team know System Center, but no DEV backgroundDevelopers know how to write code, but no System Center background

Challenges of adopting Azure Pack

PowerShell used for deployment of tenant workloads from Wortmann’s custom portal

Wortmann portal integration with WAP

Used the Sample Portal based on WAP, SPF and VMM for guidance on how to work with the APIs

Latest version available here: http://blogs.technet.com/b/privatecloud/archive/2014/06/26/sample-portal-code-based-on-windows-azure-pack-service-provider-foundation-and-virtual-machine-manager-version-2.aspx

Scenarios covered in this sample portal:Control Panel or Portal Integration

Authentication, list plans, subscriptions, quotaVM Clouds Resource Provider (SPF)

List VMs for a subscription (tenant)Common actions on VMs: Start, Stop, Create VM, Console Connect

Custom Portal Sample

Cloud OS (IaaS)

Virtual Machines

Virtual MachineManager

VM networksVirtual MachineManager

Virtual Machine Roles

Virtual MachineManager

AutomationSMA

Microsoft System Center 2012 R2

Windows Server 2012 R2

Service Management API / Service Provider Foundation

terraCLOUD Portal

Virtual Machines

Virtual MachineManager

VM networksVirtual MachineManager

Virtual Machine Roles

Virtual MachineManager

AutomationSMA

Housing

Physical Servers

Microsoft System Center 2012 R2

Windows Server 2012 R2

Service Management API / Service Provider Foundation

Billing

Wortmann terraCLOUD portal

Hosting

Physical Servers

SaaS

(in the future)

Demo – terraCLOUD PortalMarkus Klein

2) Missing reseller in Azure Pack

No reseller model in placeReseller is key for Wortmann’s business model

Idea listed in the Azure Pack forum

Challenges

Implementation: Use co-admin

Tenant (Service Consumer)

• Use Modern UI (Portal) to order, consume Cloud Services• Assigned as Owner of WAP Subscription• Perform VM Operations (Start, Stop, Backup, …)

Re-seller (Service Reseller)

• Use Cloud Center (Portal) to manage Cloud Services• Re-seller Tenants (1:many)• Assigned as Co-Admin in WAP Subscription (Tenant)

Wortmann (Service Provider)

• Manages user accounts for Re-sellers & Tenants• Wortmann Re-sellers (1:many)• Creates Plan for Re-sellers & Subscribes Tenants to it

3) Role-Based Access Control

Only show users what they’re entitled to seeNumber 1 required suggestion in the Azure Pack forum

RBAC

Demo – Single portal for Reseller and TenantsMarkus Klein

Putting all together

Demo – Buying a Cloud Service in the terraCLOUD portalMarkus Klein

Summary

Azure Pack can be customized in depth thanks to the Service Management APIs Azure Pack APIs are comparable to Azure APIRich PowerShell cmdlets to manage Azure Pack resources

Flexible and Friendly Framework

Questions

Appendix

Sample Code – Admin APICreating a user

// 1. Creating a user on the Tenant Authentication site using ASP.NET Membership API. Membership.CreateUser(emailAddress, password, emailAddress); // 2. Creates the user in the WAP API layer using (var myAdminClient = new AdminManagementClient(new Uri(adminApiEndpoint), token)) { var userInfo = new User() { Name = emailAddress, Email = emailAddress, State = UserState.Active, }; myAdminClient.CreateUserAsync(userInfo); }

Sample Code – Tenant APIRetrieving a plan

// 1. Initialize Plan Object Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); } } catch (Exception exception) { throw exception }

Sample Code – Tenant APIGet the quotas with specific state from a plan // 1. Initialize Plan Object

Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); foreach (ServiceQuota serviceQuota in plan.ServiceQuotas) { if (serviceQuota.ConfigState == quotaConfigurationState) { return serviceQuota; } } } } catch (Exception exception) { throw exception }

Sample Code – Tenant APIReturn quotas for networking settings in the plan // 1. Initialize Plan Object

Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); foreach (ServiceQuota serviceQuota in plan.ServiceQuotas) { foreach (ServiceQuotaSetting serviceQuotaSetting in serviceQuota.Settings) { if (serviceQuotaSetting.Key == "Networks") { return serviceQuotaSetting.Value; } } } } } catch (Exception exception) { throw exception }

Sample Code – Tenant APIReturn quota from a specific network ID

// 1. Initialize Plan Object Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); foreach (ServiceQuota serviceQuota in plan.ServiceQuotas) { foreach (ServiceQuotaSetting serviceQuotaSetting in serviceQuota.Settings) { if (serviceQuotaSetting.Key == "Networks") && serviceQuotaSetting.Value.Contains("0851933d-468f-4134-9a21-d66df74a7665")) { return serviceQuota; } } } } } catch (Exception exception) { throw exception }

CDP-B416 Azure Pack Extensibility

CDP-B353 Automated Workload Provisioning with the Azure Pack and Windows PowerShell

CDP-B332 Azure Pack Roadmap and Ecosystem

CDP-B327 Planning and Designing Management Stamps with the Azure Pack

Related content

TechEd Mobile app for session evaluations is currently offline

SUBMIT YOUR TECHED EVALUATIONSFill out an evaluation via

CommNet Station/PC: Schedule Builder

LogIn: europe.msteched.com/catalog

We value your feedback!

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Developer Network

http://developer.microsoft.com

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.