How Azure Pack is using Service Provider Foundation
A while ago, I wrote several posts about the different APIs in Azure Pack.
As you may be aware of, Azure Pack consists of what we often refer to as “Service Management API”.
The API is similar to the one we will (not literally) find in Microsoft Azure, where the portal interacts with the APIs, that again aggregate all the wide diversity of resource providers available for us to consume.
A short summary
The Azure Pack Management Portal offers a familiar, self-service interface that every subscriber (tenant) uses to provision and manage services such as the web site offerings and the virtual machine with its virtual network capabilities.
We have portals for the admin (service provider) and the tenants.
Underlying the Management Portal is an OData Rest application programming interface (API) known as the Service Management API.
This API provides access to the underlying services and enables automation and replacement of the existing management portal.
Some of my API posts:
Working with the Admin API in Windows Azure Pack - http://kristiannese.blogspot.no/2014/06/working-with-admin-api-in-windows-azure.html
Azure Pack – working with the Tenant Public API - http://kristiannese.blogspot.no/2014/06/azure-pack-working-with-tenant-public.html
REST APIs that are only available to Service Management for administrators. Default this Admin API is using port 30004, so the URI requests should reflect that.
REST APIs that are available for both administrators and tenants. Default the tenant API is using port 30005.
Public tenant API
Public REST APIs that support end-user subscription management for services presented by the service management API. Default the port is set to 30006.
Let us get back on track
When we are working with the VM Cloud Resource Provider in WAP, we are touching many many APIs on our journey, and one of the important ones (well, all of them are important for this to work) is the Service Provider Foundation (SPF).
SPF is provided with System Center 2012 R2 – Orchestrator (no, you don’t have to install Orchestrator, but the SPF setup is located in the Orchestrator setup/media).
SPF exposes an extensible OData web service that interacts with VMM. This enables service providers to design and implement multi-tenant self-service portals that integrate IaaS capabilities available in System Center 2012 R2 and Windows Server 2012 R2 – Hyper-V.
SPF contains several web services that has two locations to set credentials. On the server that has the SPF installed we use the application domain pool in IIS and the respective group in Computer Management. These groups (SPF_Admin, SPF_VMM, SPF_Usage and SPF_Provider) must contain a local credential (not a domain credential) that is also member of the Administrators group on the SPF server.
The SPF_VMM user must be added as an administrator to VMM in order to invoke actions from the WAP portal.
The Service Provider Foundation Web Services:
Admin Web Service (http://spfserver:8090/SC2012R2/Admin/Microsoft.Management.Odata.svc )
The admin web service is used to create and manage tenants, user roles, servers (like Remote Console), stamps (VMM), and other administrative objects.
VMM Web Service ( https://server:8090/SC2012R2/VMM/Microsoft.Management.Odata.svc )
The VMM web service invokes the VMM server to perform requested operations.
Examples of operations could be:
- Creating virtual machines
- Creating virtual networks
- Creating user role definitions
- Create cloud services and other fabric
Communication is bidirectional, so that actions triggered by a portal that’s using SPF (like WAP) as well as actions happening directly in VMM will be reflected on both sides.
You do something in VMM that affect one or more tenants, like adding a new VM to the tenant’s subscription. This will pop up in the tenant portal of WAP.
Another example is when a tenant makes changes to a virtual network in the portal, the jobs are triggered in VMM, aggregated by SPF and shows immediately.
Usage Web Service
SPF has also a Usage Web Service that can only be used by WAP, and uses data from Operations Manager’s data warehouse, which is integrated with VMM in order to collect information of the virtual machine metrics. You must use the spfcmdlets to register SCOM with SPF.
Provider Web Service
Resource providers for delivering infrastructure as a service (IaaS) uses this web service that provides a Microsoft ASP.NET web API. This one uses also the VMM and Admin web services but is not an Open Data (OData) service.
Registering SPF endpoint with Windows Azure Pack
As an administrator, you log on to the management portal and register the Service Provider Foundation endpoint. This will register a connection between the Service Management API and SPF.
Since SPF provides a programmatic interface to the stamps (VMM management servers), it enables service providers and enterprises to design and implement multi-tenant self-service portals that leverage IaaS capabilities provided by System Center and Windows Server.
After you have registered the SPF endpoint with the Service Management API:
· All stamps that you have created directly in SPF will be listed in the management portal for administrators
· All clouds created within the VMM stamp(s) will appear in the management portal for administrators
· You can register stamps directly using the management portal for administrators
· You can remove/change the association between stamp and service provider foundation