Wednesday, September 10, 2014

How Azure Pack is using Service Provider Foundation

How Azure Pack is using Service Provider Foundation

A while ago, I wrote several posts about the different APIs in Azure Pack.
As you may be aware of, Azure Pack consists of what we often refer to as “Service Management API”.
The API is similar to the one we will (not literally) find in Microsoft Azure, where the portal interacts with the APIs, that again aggregate all the wide diversity of resource providers available for us to consume.

A short summary

The Azure Pack Management Portal offers a familiar, self-service interface that every subscriber (tenant) uses to provision and manage services such as the web site offerings and the virtual machine with its virtual network capabilities.
We have portals for the admin (service provider) and the tenants.

Underlying the Management Portal is an OData Rest application programming interface (API) known as the Service Management API.
This API provides access to the underlying services and enables automation and replacement of the existing management portal.

Some of my API posts:

API summary:

Administrator API
REST APIs that are only available to Service Management for administrators. Default this Admin API is using port 30004, so the URI requests should reflect that.

Tenant API
REST APIs that are available for both administrators and tenants. Default the tenant API is using port 30005.

Public tenant API
Public REST APIs that support end-user subscription management for services presented by the service management API. Default the port is set to 30006.

Let us get back on track

When we are working with the VM Cloud Resource Provider in WAP, we are touching many many APIs on our journey, and one of the important ones (well, all of them are important for this to work) is the Service Provider Foundation (SPF).

SPF is provided with System Center 2012 R2 – Orchestrator (no, you don’t have to install Orchestrator, but the SPF setup is located in the Orchestrator setup/media).
SPF exposes an extensible OData web service that interacts with VMM. This enables service providers to design and implement multi-tenant self-service portals that integrate IaaS capabilities available in System Center 2012 R2 and Windows Server 2012 R2 – Hyper-V.

SPF contains several web services that has two locations to set credentials. On the server that has the SPF installed we use the application domain pool in IIS and the respective group in Computer Management. These groups (SPF_Admin, SPF_VMM, SPF_Usage and SPF_Provider) must contain a local credential (not a domain credential) that is also member of the Administrators group on the SPF server.

The SPF_VMM user must be added as an administrator to VMM in order to invoke actions from the WAP portal.

The Service Provider Foundation Web Services:

The admin web service is used to create and manage tenants, user roles, servers (like Remote Console), stamps (VMM), and other administrative objects.

The VMM web service invokes the VMM server to perform requested operations.
Examples of operations could be:

-          Creating virtual machines
-          Creating virtual networks
-          Creating user role definitions
-          Create cloud services and other fabric

Communication is bidirectional, so that actions triggered by a portal that’s using SPF (like WAP) as well as actions happening directly in VMM will be reflected on both sides.

An example:

You do something in VMM that affect one or more tenants, like adding a new VM to the tenant’s subscription. This will pop up in the tenant portal of WAP.

Another example is when a tenant makes changes to a virtual network in the portal, the jobs are triggered in VMM, aggregated by SPF and shows immediately.

Usage Web Service

SPF has also a Usage Web Service that can only be used by WAP, and uses data from Operations Manager’s data warehouse, which is integrated with VMM in order to collect information of the virtual machine metrics. You must use the spfcmdlets to register SCOM with SPF.

Provider Web Service

Resource providers for delivering infrastructure as a service (IaaS) uses this web service that provides a Microsoft ASP.NET web API. This one uses also the VMM and Admin web services but is not an Open Data (OData) service.

Registering SPF endpoint with Windows Azure Pack

As an administrator, you log on to the management portal and register the Service Provider Foundation endpoint. This will register a connection between the Service Management API and SPF.
Since SPF provides a programmatic interface to the stamps (VMM management servers), it enables service providers and enterprises to design and implement multi-tenant self-service portals that leverage IaaS capabilities provided by System Center and Windows Server.

After you have registered the SPF endpoint with the Service Management API:

·         All stamps that you have created directly in SPF will be listed in the management portal for administrators

·         All clouds created within the VMM stamp(s) will appear in the management portal for administrators

·         You can register stamps directly using the management portal for administrators

·         You can remove/change the association between stamp and service provider foundation

Tuesday, September 9, 2014

Deploying Service Bus for Windows Azure Pack

Many organizations worldwide has implemented many Azure Pack solutions over the last months.
Especially the VM Cloud has been a highly appreciated resource provider in this solution, but we are also seeing more and more adoption of the PaaS offerings, such as Web Site Clouds and SQL Server Clouds.

Recently, I’ve been implementing the Service Bus Cloud too, which is very relevant for the other PaaS I just mentioned.

Eh, Service Bus? What’s that?

My first meeting with Service Bus was back in 2008 when Windows Azure was new.
In a nutshell, Service Bus provides messaging capabilities that enables you to build, test and run loosely-coupled message-driven applications.
This was something we first saw in Azure, where the developers could take advantage of this scalable service.

Later, we got Service Bus for Windows Server which provides similar capabilities as the ones we find in Azure (one consistent platform), which gives flexibility in developing and deploying applications. It is built on the same architecture as the Service Bus cloud service and provides scale and resiliency capabilities.

What about Azure Pack in this context?

Again, we will return to the Cloud OS vision with the one consistent platform. A developer can now easily develop, test and tune their applications using Azure Pack on-premise. In this case, perhaps they do not have a 24/7 environment where the IT organizations are watching things closely, or do not provide the required support outside of business hours.
Now, the developer and its organization can turn to a service provider who offers the same Azure technologies delivered through Windows Azure Pack. In this case, the service provider will be responsible for the entire Azure Pack environment where these services are living and provide support and ensure business continuity.
Therefore, as a result of having the same platform, this customer can easily deploy the same applications to the service provider cloud using the same experience as on-premises, once they move to production.
The next step is of course to leverage the hyper-scale cloud of Microsoft Azure, which again, has the same capabilities as delivered through Azure Pack.

To summarize, we have a very flexible deployment options now using the Cloud OS where each tenant are able to take advantage of the most appropriate cloud option for their applications.

Great, now I understand a bit more, but what kind of features do we have for Service Bus using Azure Pack?

As stated earlier, the Service Bus on-premise supports the same brokered messaging feature set as Microsoft Azure Service Bus. Service Bus queues offer reliable message storage and retrieval with a choice of protocols and APIs.

First of all, we have the Service Bus Queues which provide load leveling by allowing the message receiver to process messages at its own pace. Service Bus provide load balancing by having multiple competing receivers that accept messages from the same queue.

Next, we have Service Bus Topics which provide rich publish-subscribe capabilities that enable multiple, concurrent subscribers to independently retrieve filtered or unfiltered views of the published message stream.
Deployment of Service Bus for Windows Azure Pack

You should at least start with a new virtual machine running Windows Server 2012 R2.
Next, download and install Web Platform Installer so that you can get your hands on the “Windows Azure Pack: Service Bus 1.1” component. Yes, this one is also provided in the same way as every extension, site and API for the Azure Pack.

After the installation, you will find the “Service Bus Configuration” located under Apps.
This will prompt you with a wizard that need some inputs so that you can configure the service bus service.

The options you have is to either create a new farm using the default settings, custom settings, or add to an existing farm.
In this case we will create a new farm using the default settings.

The Service Bus requires a SQL in the backend, and we will use an already existing SQL Cluster to ensure HA for our services. Specify name, username and password and test the connection before you proceed.
Service Bus also requires a service account. Once created in AD, assign the name and the password.

Under Certificate Generation Key, you must specify this and re-enter it in the box below. Please keep a record of this key for future use as you have to provide it every time you add a computer to this farm.
The configuration cmdlets use this key for generating certificates.

The option for “Enable firewall rules on this computer” should be enabled so that the configuration wizard creates required firewall rules. Only uncheck this box if Service Bus clients (applications) will run on the same server as Service Bus.

The last section of the configuration page is where you will enable the Service Bus to be managed by the Service Management API in Azure Pack.
Set the usernames and passwords which are used to secure API calls between the portal and the Service Bus farm.

In the end, you will get a summary that shows your configuration and click finish to proceed.

Adding the Service Bus Cloud to Windows Azure Pack

Logon to the admin portal as an administrator and navigate to the Service Bus Cloud.

Click on “Connect to an existing Service Bus cloud” to register with the endpoint.
Fill in the required information that connects you to the API. Once completed, you will have you new Service Bus Cloud added to WAP.

In order to expose the capabilities to your tenants, you need to present this offering through a Hosting Plan. Either create a new Plan meeting your requirements, or simply add to an existing Hosting Plan to extend your service offerings. In our case, we are adding the Service Bus cloud to an existing Plan.

Heading over to the tenant portal, we can see that the Service Bus offering is made available and that I have already created my first Namespace.
Next, I can go ahead and work with queues, topics and use this as part of my applications.

Happy developing!

Monday, September 1, 2014

Presenting at TechEd Barcelona 2014 - Windows Azure Pack

Hi everyone.
I just want to inform you that I will be presenting at TechEd in Barcelona in October.
This is truly an honor and I am really looking forward to meet my friends from all around the globe.

I have one session that is titled “Planning and Designing Management Stamps for Windows Azure Pack”.

This session will indeed focus on the underlying stamp that we turn into a resource provider for the VM Cloud in Azure Pack.
Throughout the entire session, I will share best practices, things you would like to know and also things you should already know.
This is where you will get the inside tips on how to design and build a management stamp to serve cloud computing with WAP, designed to scale and be fault tolerant.
In essence, I will be explaining and demonstrating my bread and butter and what I have done the last 12 months.

I really hope to see you there and if you have any questions upfront and would like to have answered during the session, please let me know.

Wednesday, August 20, 2014




Our whitepaper “Hybrid Cloud with NVGRE (Cloud OS)” has reached an unbelievable milestone today.
The paper has been downloaded more than 10.000 times!

I am truly humbled and honored to know that our effort by writing this whitepaper has been greatly appreciated by the community worldwide.

The Story

The initial idea back in October in 2013 was to create a comprehensive guide that would help people to implement Network Virtualization (NVGRE) using System Center Virtual Machine Manager 2012 R2 and Hyper-V in Windows Server 2012 R2.
I started the job together with Flemming Riis – which had this real-world fabric available for us to test, crash and build. Learn, apply, and repeat.

The first release was based on the Preview bits of the Cloud OS and we decided to update the content with the RTM builds as soon as possible; in order to address many questions we knew would arise in the different TechNet forums.

Our reviewers was Daniel Neumann and Stanislav Zhelyazkov.

We had now a new version.

In addition, we added a comprehensive “FAQ” chapter to the paper based on experience from early adoption, TechNet forums and feedback.
This is when we decided that we had to “hire” Stanislav Zhelyazkov. He provided us with unique details that gave a much better quality to the whitepaper, and especially around this section.

This was the third version.

Our forth version added Windows Azure Pack to the paper where we ended up putting NVGRE into context. We highlighted how to leverage the multi-tenant IaaS platform we had been building with VMM, with the service management API in Azure Pack. This was a big update, which included several other elements such as gallery items, remote console and much more.

Our fifth version is where we added a “FAQ” chapter for the Azure Pack part, and hence the “hiring” of Marc Van Eijk, which gave us a deeper insight and a better perspective based on his experience as well, and this is still the current version that we know are helping people on a day-to-day basis.

We know that this whitepaper has been greatly appreciated by Microsoft Support and is widely used by their customers when they are facing challenges regarding these technologies. That is truly a confirmation that we really did something useful this time J

My promise to you:

Instead of putting too much effort into books with all those heavy processes, I will instead continue to write fresh, up-to-date and deep technical whitepapers that can make your life easier.
That means that you can expect more to come from this side as we are seeing new releases of this stack.

I also know that my team are with me and on behalf of them; I can only say that we are very grateful and appreciate all the feedback we have received on our way.

A big thank you from me, Flemming, Stanislav, Daniel and Marc!

Monday, August 18, 2014

VM Cloud is missing in Windows Azure Pack

Recently, I’ve encountered a bug when working with WAP and VM Cloud as the resource provider.


You have connected the service management API to your SPF endpoint and added a VMM management stamp together with a Remote Desktop Gateway.

If you decide to change the FQDN of the Remote Desktop Gateway registered with your VMM management stamp, you will end with a blank VM Cloud in the admin portal.
The connection to the SPF endpoint is still present, but the VMM management stamp with its cloud is missing.

This causes also the VMs and the virtual network for the tenants to appear as missing in the tenant portal.

On the SPF server you will find the following event logged for ManagementODataServices:

On the server where the admin API is installed, you will find the following in the event viewer:

When you make changes to the FQDN of the Remote Desktop Gateway in WAP, you will have another SCSPFServer record present in SPF together with a SCSPFSetting that has the same ID as the previous records.

As you can see from the screenshot below, we have now two records of the ServerType “RDGateway”.

If we dig deeper, the following screenshot shows that we have two entries with the same ID, both registered to the VMM management stamp.

In short, the VMM management stamp is registered again, which generates a duplicate ID that results in this behavior.


In order to clean up, we have to work directly on the SPF server using the SPFAdmin module with PowerShell.

Note: when doing this correctly, you will not delete, loose or cause any harm to your production environment so pay attention.

1.       Log on to your SPF server and import the SPFAdmin module

2.       Run the following cmdlets to identify and remove your RDGateway servers! In our case, we have two records and have to remove both of them before we later add the RDGateway we want.
The reason for that is that because when you try to add the RDGateway in WAP afterwards, you will see that this column is empty although it exist in SPF. If you try to add the RDGateway again, you will end up in the exact same situation. Therefore we must remove both servers in SPF.

3.       Remove the duplicate SCSpfSetting with the following cmdlets. The SCSpfSetting on the top is the setting you want to remove with the duplicate ID.

4.       Next, we want to register the RDGateway directly to our stamp with SPF to avoid creating duplicate ID's.

Once this is done, you can perform a refresh in both the admin portal and the tenant portal, and your VMM management stamp should again be present.
Also edit the connection to verify that the RDGW is registered with the correct values.

 Please note: If you register your VM Cloud resource provider in WAP with all the settings at once, you will not run into this issue. It's only if you decide to add the RDGateway afterwards, or are making changes to the existing one.

Tuesday, August 12, 2014

Applied UR3 for VMM? Update your VMM DHCP Server Extension now!

Update your SCVMM DHCP Server Extension now!

From the KB:

“When using System Center 2012 R2 Virtual Machine Manager (VMM 2012 R2), you may discover that some virtual machines that are deployed on Hyper-V Network Virtualization networks with dynamic IP address allocation may not get an IP address for a few minutes after a reboot of the VM. Eventually the VM gets the IP address and otherwise functions normally.

The behavior can occur if the host has an older version of the VMM DHCP server extension. In order to verify this, find the version of “Microsoft System Center Virtual Machine Manager DHCP Server (x64)” installed on the host by running the following Powershell command:

Get-WmiObject –Class win32_product –filter ‘Name = “Microsoft System Center Virtual Machine Manager DHCP Server (x64)”’

The resolution is to first uninstall the old version of the DHCP extension manually, and then install the updated version from VMM installation folder\SwExtn\DHCPExtn.msi

Default path is: C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn\DHCPExtn.msi

Once this is done, the VMs should no longer experience a delay in acquiring an IP address after a reboot.


Windows Server 2012 R2 Hyper-V introduced several enhancements related to NVGRE.
One of these things are “Dynamic IP address learning”.

What is Dynamic IP address learning?

Feedback from customers told Microsoft that it was important to enable highly available services to run in a VM network. To support that, dynamic IP address learning was brought to the table.
In other words, services such as DHCP, DNS and AD is supported in a NVGRE based network on Hyper-V.
First for broadcast or multicast packets in a VM network, we will use a PA multicast IP address if configured. However, the typical data center operator does not enable multicast in their environments. As a result, when a PA multicast address is not available we use intelligent PA unicast replication. What this means is that we unicast packets only to PA addresses that are configured for the particular virtual subnet the packet is on. In addition, we only send one unicast packet per host no matter how many relevant VMs are on the host. Finally, once a host learns a new IP address it notifies SCVMM. At this point, the learned IP address becomes part of the centralized policy that SCVMM pushes out. This allows for both rapid dissemination of HNV routing policy and limits the network overhead for disseminating this HNV routing policy.”

Second, what is the SCVMM DHCP Extension?

In order to leverage NVGRE, you would have to manage your hosts entirely with powershell, if you didn't have VMM in place.

When VMM is in place (and really should be in place, when using NVGRE), VMM act as the complete management layer, also for the NVGRE part. Since NVGRE basically is a policy driven technology, VMM need to keep track of every IP address used with NVGRE. During deployment of virtual machines connected to a VM Network with NVGRE (often referred to as Customer Addresses), VMM is able to configure static IP addresses on to these VMs, using the agent you are mentioning. This was introduced in VMM 2012 SP1, and is present in the R2 Release. 
Therefore, to summarize, it is a Hyper-V Switch Extension that is required on all Windows Server with Hyper-V to have DHCP to work correctly.

Great. But can I deploy the updated agents to all my Hyper-V hosts in a single operation?

From your VMM server, you can run the following script (please let it match your computer names in the fabric before you run it):

$setup = "\\vmm01\c$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn\DHCPExtn.msi"

Invoke-Command -ComputerName hv03, hv04, hv01, hv02, hvfm01, hvfm02, hvgw01, hvgw02 -Command { $setup }

Monday, August 11, 2014

Free Webinars - Azure Technologies in the Private Cloud

This is just an announcement that I will be holding a presentation related to my last whitepaper, published by Savision in the upcoming weeks.

During this session, I will walk through the importance of a private cloud and how you can make this become real with technologies from Microsoft.
Especially interesting is the focus on Windows Azure Pack that has gotten a lot of attention during the last months.

Dive in to see what Azure Pack is all about and what the benefits are.

I encourage you all to ask any questions during these webcast, as long as it is related to the content or Led Zeppelin ;-)