Lessons Learned from a Customer Integrating a Custom Portal with the Azure Pack
Victor Arzate – Program Manager (Microsoft)Markus Klein – Cloud Architect (bytesatwork GmbH)
CDP-B338
The customerThe Cloud OS and Azure PackLessons learned from integrating a custom portal with the Azure Pack
1) Integrating a custom portal with Azure Pack2) Missing reseller role in Azure Pack3) Role-based access control
Agenda
The Customer
Wortmann AG
Wortmann AGManufacturer, distributor and service provider for resellers and systems integrators
The product strategy The indirect sales
Import and export as core competence
WORTMANN AG serves customers from the European Union, North and Eastern Europe, the Middle East and Africa.
The expansion focuses however on countries bordering on Germany like Austria, Switzerland, Spain, France and the Benelux countries.
Wortmann and the COSN Program
… Microsoft introduced the Cloud OS Network, a worldwide group of more than 25 leading cloud service providers who have embraced our Cloud OS vision and will deliver hosted services built on the Microsoft Cloud Platform, which includes Windows Server with Hyper-V, System Center and the Windows Azure Pack. This announcement represents important progress against our goals and strategy for Cloud OS
The Cloud OS
Customer
ServiceProviderMicrosoft
ConsistentPlatform
ONE
The Cloud OS Enables all the characteristics of a Cloud Service
On-demand Self-ServiceBroad Network AccessRapid ElasticityResource PoolingMeasured Service
Why choosing the Cloud OS
Microsoft’s answer:
The Cloud OS
Bringing Microsoft’s learnings to Wortmann’s datacenter
Windows Server
Microsoft Azure
High performance storage on industry-standard hardware
Policy-based automation
Multi-tenant environments with isolation
Application elasticity
Software-defined networking
Windows Server
Microsoft Azure
Cloud OS Consistent Experiences
R2 w/ Service Provider Foundation
Future Services
Service Bus
SQLVMsWebSites
Service Management API
ServicePlansUsers Provider
PortalConsumer
Self-ServicePortal
Web SitesAppsDatabaseVMs
Service ProviderCustomer
Self Service Portal Moves On-Premises
Common Mgt. Experience
Workloads
Cloud-Enabled Services Move On-
Premises
Consistent Dev.
Experience
Other Service
sCDN.
Media,, etc.
Caching
Service Bus
SQLVMsWebSites
WorkerRole
Service Management API
Web SitesAppsDatabaseVMs
Subscriber Self-
ServicePortal
Windows Azure
R2
Azure Pack Management Portal
Web sites
Web Platform application Services
(PaaS)
Virtual machines
Infrastructure
Services (IaaS)
Service bus
Reliable Messagin
g
Service Management REST API
Virtual Networks
Virtual Networkin
g
Database
SQL Server & MySQL
Database
Azure Pack Sites & EndpointsPortal•Admin Site•Admin Authentication Site•Tenant Site•Tenant Authentication Site•Configuration Site
API•Tenant API•Tenant Public API•Admin API
Resource Providers•Virtual Machines•Web Sites•Service Bus•SQL RP•My SQL RP
Infrastructure•Monitoring•Web App Gallery•PowerShell Modules•Usage•Usage Collector
WAP Component Interaction
TenantPortal
Tenant Public
API
TenantAPI
Admin Portal
Admin API
AD FS
Management
Databases
SQL Cluster
Infrastructure Services
Service Management APIs
Admin API Tenant API Tenant Public API
- Provides Access to Admin Functionality
- Claims based Authentication
- Resource Management
- Used for Automation, Panel/Portal Integration, Admin PowerShell
- Provides Access to Tenant Functionality
- Claims based Authentication
- Provides access to all subscriptions
- Used for Automation (triggered by Admin), Panel/Portal Integration
- Provides Access to Tenant Functionality
- Certificate based Authentication
- Provides access to the subscription that the certificate is tied to
- Tenant PowerShell
Portal Login Scenario using Claims
ASP.Net
ADFS
3rd party
Portal
IdentityProvider
with Secure Token
Service
1. User without Claims2. User is redirected to STS (multiple redirects*)3. User Enters Credentials4. User is authenticated & Claim Token is issued to the user5. User uses claim to access Portal6. Portal Grants access to Resources
STEPS
1
3
4
5
6
User 2
Azure Pack PowerShellAdmin Tenant
Management of Admin resources Management of Tenant resources available under a specific subscription
Claims based authentication Certificate based authentication
Connects to the Admin \ Tenant API Connects to the Tenant Public API
Available with WAP Available with the Microsoft Azure SDK (Open Source)
WAP Service Management Plan & Add-On managementTenant & Subscription management
Resource Provider Management
Resource Management
Lessons learned
1) Integrating a custom portal with the Azure Pack
Wortmann is a local OEM, Distributor of MS Software and will become Hosting Service Provider
Wortmann recognizes that their HW sales will reduce long term, as Cloud Solutions will gain popularity.Wortmann aims to play a key role in the local ecosystem
Wortmann‘s Active Value Added Reseller (VAR) Channel = 10,000 PartnerWortmann‘s VAR Partner Program includes 1,500 PartnerWortmann‘s pre-registered 700+ Partner for their Terra Partner CloudWortmann‘s Partner sell into Mid Market incl. Several niche markets
Wortmann wants to bring the Cloud business into the Channel
Wortmann’s Vision
Extensibility Options in Azure Pack
PowerShellTheming Tenant PortalCustom Tenant PortalCustom Resource Provider
w/ Service Provider Foundation& Service Management Automation
VMs,Networks
,
Automation
Service Bus
DatabaseSQL
SeverMySQL
WebSites
Service Management API
ServicesPlansUsersAutomation
Admin Site
Tenant Site
Web SitesAppsDatabaseVMs
CustomResourceProviders
Requirement to add other Wortmann offerings
HousingHosting
Build to order functionalitySupport to fully customize and create end customer quotes
Challenges of adopting Azure Pack
Minimize impact to resellers and end usersNot easy to retrain 700+ resellersPortal had to be very simple for end users to place orders and consume servicesPortal should be familiar with the tools they’re used toShould reflect Wortmann’s corporate identity
Maximize PowerShell automation as much as possibleHow to leverage WAP APIs?
Infrastructure team know System Center, but no DEV backgroundDevelopers know how to write code, but no System Center background
Challenges of adopting Azure Pack
PowerShell used for deployment of tenant workloads from Wortmann’s custom portal
Wortmann portal integration with WAP
Used the Sample Portal based on WAP, SPF and VMM for guidance on how to work with the APIs
Latest version available here: http://blogs.technet.com/b/privatecloud/archive/2014/06/26/sample-portal-code-based-on-windows-azure-pack-service-provider-foundation-and-virtual-machine-manager-version-2.aspx
Scenarios covered in this sample portal:Control Panel or Portal Integration
Authentication, list plans, subscriptions, quotaVM Clouds Resource Provider (SPF)
List VMs for a subscription (tenant)Common actions on VMs: Start, Stop, Create VM, Console Connect
Custom Portal Sample
Cloud OS (IaaS)
Virtual Machines
Virtual MachineManager
VM networksVirtual MachineManager
Virtual Machine Roles
Virtual MachineManager
AutomationSMA
Microsoft System Center 2012 R2
Windows Server 2012 R2
Service Management API / Service Provider Foundation
terraCLOUD Portal
Virtual Machines
Virtual MachineManager
VM networksVirtual MachineManager
Virtual Machine Roles
Virtual MachineManager
AutomationSMA
Housing
Physical Servers
Microsoft System Center 2012 R2
Windows Server 2012 R2
Service Management API / Service Provider Foundation
Billing
Wortmann terraCLOUD portal
Hosting
Physical Servers
SaaS
(in the future)
Demo – terraCLOUD PortalMarkus Klein
2) Missing reseller in Azure Pack
No reseller model in placeReseller is key for Wortmann’s business model
Idea listed in the Azure Pack forum
Challenges
Implementation: Use co-admin
Tenant (Service Consumer)
• Use Modern UI (Portal) to order, consume Cloud Services• Assigned as Owner of WAP Subscription• Perform VM Operations (Start, Stop, Backup, …)
Re-seller (Service Reseller)
• Use Cloud Center (Portal) to manage Cloud Services• Re-seller Tenants (1:many)• Assigned as Co-Admin in WAP Subscription (Tenant)
Wortmann (Service Provider)
• Manages user accounts for Re-sellers & Tenants• Wortmann Re-sellers (1:many)• Creates Plan for Re-sellers & Subscribes Tenants to it
3) Role-Based Access Control
Only show users what they’re entitled to seeNumber 1 required suggestion in the Azure Pack forum
RBAC
Demo – Single portal for Reseller and TenantsMarkus Klein
Putting all together
Demo – Buying a Cloud Service in the terraCLOUD portalMarkus Klein
Summary
Azure Pack can be customized in depth thanks to the Service Management APIs Azure Pack APIs are comparable to Azure APIRich PowerShell cmdlets to manage Azure Pack resources
Flexible and Friendly Framework
Questions
Appendix
Sample Code – Admin APICreating a user
// 1. Creating a user on the Tenant Authentication site using ASP.NET Membership API. Membership.CreateUser(emailAddress, password, emailAddress); // 2. Creates the user in the WAP API layer using (var myAdminClient = new AdminManagementClient(new Uri(adminApiEndpoint), token)) { var userInfo = new User() { Name = emailAddress, Email = emailAddress, State = UserState.Active, }; myAdminClient.CreateUserAsync(userInfo); }
Sample Code – Tenant APIRetrieving a plan
// 1. Initialize Plan Object Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); } } catch (Exception exception) { throw exception }
Sample Code – Tenant APIGet the quotas with specific state from a plan // 1. Initialize Plan Object
Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); foreach (ServiceQuota serviceQuota in plan.ServiceQuotas) { if (serviceQuota.ConfigState == quotaConfigurationState) { return serviceQuota; } } } } catch (Exception exception) { throw exception }
Sample Code – Tenant APIReturn quotas for networking settings in the plan // 1. Initialize Plan Object
Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); foreach (ServiceQuota serviceQuota in plan.ServiceQuotas) { foreach (ServiceQuotaSetting serviceQuotaSetting in serviceQuota.Settings) { if (serviceQuotaSetting.Key == "Networks") { return serviceQuotaSetting.Value; } } } } } catch (Exception exception) { throw exception }
Sample Code – Tenant APIReturn quota from a specific network ID
// 1. Initialize Plan Object Plan plan; Try { // 2. Creates the user in the WAP API layer using (TenantManagementClient tenantClient= new TenantManagementClient(baseEndpoint, token)) { plan = await tenantClient.GetPlanAsync(planID); foreach (ServiceQuota serviceQuota in plan.ServiceQuotas) { foreach (ServiceQuotaSetting serviceQuotaSetting in serviceQuota.Settings) { if (serviceQuotaSetting.Key == "Networks") && serviceQuotaSetting.Value.Contains("0851933d-468f-4134-9a21-d66df74a7665")) { return serviceQuota; } } } } } catch (Exception exception) { throw exception }
CDP-B416 Azure Pack Extensibility
CDP-B353 Automated Workload Provisioning with the Azure Pack and Windows PowerShell
CDP-B332 Azure Pack Roadmap and Ecosystem
CDP-B327 Planning and Designing Management Stamps with the Azure Pack
Related content
TechEd Mobile app for session evaluations is currently offline
SUBMIT YOUR TECHED EVALUATIONSFill out an evaluation via
CommNet Station/PC: Schedule Builder
LogIn: europe.msteched.com/catalog
We value your feedback!
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Developer Network
http://developer.microsoft.com
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Top Related