Upload
bernice-franklin
View
221
Download
3
Tags:
Embed Size (px)
Citation preview
Session Objectives And TakeawaysSession Objective(s): 1. Explore Integration Patterns and Best Practices2. Show basic integration via PowerShell + REST3. Demo service desk scenarios (approval/chargeback scenarios) w/Service Manager +
GridPro4. Demo control panel scenarios (storefront + billing) w/Parallels Automation5. Discuss advanced Hosting Scenarios - Reselling
Key Scenario 1 - WAP + Service Desk for Enterprises
Key Scenario 2 - WAP + Control Panel for Service Providers
Generates
Subscribes to
Tenants, Plans, and Subscriptions – Oh My!
Tenant
Identity System
Subscription
Plan
Authenticates with
MySQL
Service
Bus
SQLVMsWebSitesResource Providers Custo
m RP…
…Quota FanOut
Tenants acquires a unique subscription ID by signing up to a plan. Users can access resources (VMs, websites, …) via their subscription.
Resource providers govern access controls and quota limits via the subscription
It is a billing entity used to charge for a tier of service and resource consumption
Users who sign up to use the WAP. Identities can be managed via AD and ASP.NET membership. ADFS can federate to other identities providers
Control Panel Integration
1. Provider defines WAP Plan in WAP Admin Portal
2. Create offer in SP catalog referencing WAP Plan
3. Sell offer to customer in SP Control Panel
4. Provision/Enroll user for offer via SP Panel
5. Provision WAP Subscription to Plan
6. Show price of the purchased Subscription in SP Panel
7. Add/Mod/Del Users as Subscription Co-Admins
8. Users login/use WAP Services in WAP Tenant Portal
9. WAP usage per Sub gathered by SP billing system
10. SP Panel shows customer billing impact per Sub
Offers
Users
Billing
Control Panel
Catalog
Plans
12
3
4
Services
8
9
Sub
5/7
10
Tenant
Portal
Admin Portal
WAP
SP Store/Panel
IT Pro / Dev
Customers
$$
Base Provider
Panel Integration Pattern
Service ProviderStore/Panel
WindowsAzure Pack
Update-MgmtSvcCoAdministratorPATCH https://<ServiceMgmt>/subscriptions/<SubID>
Get-MgmtSvcPlanGET https://<ServiceMgmt>/plans/<PlanID>
Add-MgmtSvcUserPOST https://<ServiceMgmt>/users
Add-MgmtSvcSubscriptionPOST https://<ServiceMgmt>/subscriptions
/plans/users
/subscription
s
GET https://<Usage>/usage?startID=0&batchSize=1
/usage
POST http://<BillingAdapter>/subscriptions
/subscription
s/price
WAP Admin Portal
Admin Auth Site
AD FS
WAP Tenant Portal
Tenant Auth Site
1. Configure the management portals to trust AD FS
Set-
MgmtSvcRelyingPartySettings2. Configure AD FS to trust the management portals
Add-ADFSRelyingPartyTrust
3. Configure the tenant authentication site to trust AD FS Set-MgmtSvcIdentityProviderSettings
4. Configure the tenant authentication site to trust AD FS Add-ADFSIdentityProviderTrust
Claims-based Identity Configuration
(3*) For Third Party providers trust is set up corresponding to the requirements of the provider
http://technet.microsoft.com/en-us/library/dn296436.aspx
Federated IdentityA federated identity is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Source: Wikipedia http://en.wikipedia.org/wiki/Federated_identity
Application
STS 1
STS 2
AD FS
Contoso
Federation Chain
Plan + Addon CRUDUser CRUDSubscription CRUDApproval APIsPricing APIsUsage APIs
Windows Azure Pack APIs
Prerequisite – Endpoints and Authentication$adminuri = "https://" + $env:computername + ":30004"$authuri = "https://" + $env:computername + ":30072"
$token = Get-MgmtSvcToken –Type Windows `-AuthenticationSite $authuri `-ClientRealm
“http://azureservices/AdminSite” `-User (Get-Credential) `-DisableCertificateValidation
Add-MgmtSvcPlan (Creates Plan)Add-MgmtSvcPlanService (Adds Service to Plan)Add-MgmtSvcListQuota (Adds QuotaList to Plan)Add-MgmtSvcQuotaSetting (Adds QuotaSetting to QuotaList)Update-MgmtSvcPlanQuota (Update Quotas in Plan)
Plan Creation (PowerShell)
Create Plan w/Add-MgmtSvcPlan$plan = Add-MgmtSvcPlan -AdminURI $adminuri `
-Token $token `-DisableCertificateValidation `-DisplayName "Service Plan 01" `-State Public `-MaxSubscriptionsPerAccount 15 `-InvitationCode "Welcome01“
Add Service to Plan w/ Add-MgmtSvcPlanService $RP = Get-MgmtSvcResourceProvider -AdminUri $adminuri `
-Token $token `-DisableCertificateValidation `| where-object {$_.Name -eq "sqlservers"}
Add-MgmtSvcPlanService -AdminUri $adminuri `-Token $Token `-DisableCertificateValidation `-ServiceName $RP.Name `-InstanceID $RP.InstanceId `-PlanID $plan.Id
Build QuotaLists and QuotaSettings$QuotaList = New-MgmtSvcQuotaList$Quota = Add-MgmtSvcListQuota -QuotaList $QuotaList `-ServiceName $RP.Name `-ServiceInstanceId $RP.InstanceId Add-MgmtSvcQuotaSetting -Quota $Quota `
-Key Editions `-Value `
'[{"displayName":"Default","groupName":"Default","supportedAuthenticationModes":1,"resourceCount":"11","resourceSize":"1025","resourceSizeLimit":"1025","offerEditionId":"20141022020721","groupType":null}]'
. . . And Update$QuotaList | Update-MgmtSvcPlanQuota -AdminUri $adminuri `
-Token $Token `-DisableCertificateValidation `-PlanId $plan.Id
Add-MgmtSvcAddOn (Creates AddOn)Add-MgmtSvcAddOnService (Adds Service to Plan)Add-MgmtSvcListQuota (Adds QuotaList to Plan)Add-MgmtSvcQuotaSetting (Adds QuotaSetting to QuotaList)Update-MgmtSvcAddOnQuota (Update AddOn in Plan) Add-MgmtSvcPlanAddOn (Links AddOn to Plan)
AddOn Creation (PowerShell)
Create AddOn w/Add-MgmtSvcAddOn$addon = Add-MgmtSvcAddOn -AdminURI $adminuri `
-Token $token `-DisableCertificateValidation `-DisplayName “AddOn 01" `-State Public `-MaxOccurrencesPerPlan 15
Add Service to AddOn w/ Add-MgmtSvcAddOnService $RP = Get-MgmtSvcResourceProvider -AdminUri $adminuri `
-Token $token `-DisableCertificateValidation `| where-object {$_.Name -eq "sqlservers"}
Add-MgmtSvcAddOnService -AdminUri $adminuri `-Token $Token `-DisableCertificateValidation `-ServiceName $RP.Name `-InstanceID $RP.InstanceId `-AddOnID $AddOn.Id
Build QuotaLists and QuotaSettings$QuotaList = New-MgmtSvcQuotaList$Quota = Add-MgmtSvcListQuota -QuotaList $QuotaList `-ServiceName $RP.Name `-ServiceInstanceId $RP.InstanceId Add-MgmtSvcQuotaSetting -Quota $Quota `
-Key Editions `-Value `
'[{"displayName":"Default","groupName":"Default","supportedAuthenticationModes":1,"resourceCount":"11","resourceSize":"1025","resourceSizeLimit":"1025","offerEditionId":"20141022020721","groupType":null}]'
Update AddOn and Link AddOn to Plan$QuotaList | Update-MgmtSvcAddOnQuota -AdminUri $adminuri `
-Token $Token `-DisableCertificateValidation `-AddOnId $addon.Id
Add-MgmtSvcPlanAddOn –AdminUri $adminuri `-Token $Token `-DisableCertificateValidation `-AddOnId $AddOn.Id `-PlanId $Plan.Id
Actual User exists in the Identity ProviderADFSASP.Net MembershipWS-Trust Identity Provider
Create User in WAP which maps to external UPN
Create Subscription, referencing Plan + User
User + Subscription Creation
Create User$username = “[email protected]”
$user = Add-MgmtSvcUser -AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-Name $username `-Email $username `-State Active
Create Subscription$subscription = Add-MgmtSvcSubscription -AdminUri $AdminUri `
-Token $token `-DisableCertificateValidation `-AccountAdminLiveEmailId $user.Email `-AccountAdminLivePuid $user.Email `-PlanId $plan.Id `-FriendlyName “Tasha is my dog”
Add Addon, referencing Addon
Add CoAdministrator referencing User
Suspend Subscription
Common Subscription Updates
Add Addon to SubscriptionAdd-MgmtSvcSubscriptionAddOn `
-AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId `-AddOnId $addon.Id
Add CoAdmin to Subscription$username = “[email protected]”
$user = Add-MgmtSvcUser -AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-Name $username `-Email $username `-State Active
Update-MgmtSvcCoAdministrator `-AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId `-CoAdministratorName $user.name
Enable/Disable SubscriptionDisable-MgmtSvcSubscription -AdminUri $AdminUri `
-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId
Enable-MgmtSvcSubscription -AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId
Removing it all (literally, without filters) Get-MgmtSvcSubscription -AdminUri $AdminUri -Token $token –DisableCertificateValidation `
| Remove-MgmtSvcSubscription -AdminUri $AdminUri -Token $token `–DisableCertificateValidation –confirm:$false
Start-sleep –seconds 5Get-MgmtSvcUser -AdminUri $AdminUri -Token $token –DisableCertificateValidation `
| Remove-MgmtSvcUser -AdminUri $AdminUri -Token $token `–DisableCertificateValidation –confirm:$false
Start-sleep –seconds 5Get-MgmtSvcPlan -AdminUri $AdminUri -Token $token –DisableCertificateValidation `
| % {Remove-MgmtSvcPlan -AdminUri $AdminUri -Token $token `–DisableCertificateValidation $_.Id –confirm:$false}
Start-sleep –seconds 5Get-MgmtSvcAddon -AdminUri $AdminUri -Token $token –DisableCertificateValidation `
| % {Remove-MgmtSvcAddon -AdminUri $AdminUri -Token $token `–DisableCertificateValidation $_.Id –confirm:$false}
Create Subscription /subscriptionsAdd AddOn to Subscription/subscriptionaddons
Delete Subscription /subscriptionsDelete AddOn from Subscription/subscriptionaddons
Get Plan Price /planPriceGet Addon Price /addonPrice
Notification Types
Configure Notification Subscriber$notificationep = $adminuri = "http://" + $env:computername + ":8888/"
Set-MgmtSvcNotificationSubscriber -Name MySubscriber –SubscriberType BillingService `-Enabled $true -Endpoint $notificationep -AuthenticationMode None
Restart-WebAppPool –Name MgmtSvc-Usage
SubscriberType:BillingService – blocking, with pricing requestsMandatoryService – blocking, without pricing requestsOptionalService – nonblocking
AuthenticationMode:Basic – Basic AuthenticationNone
Subscription Create Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptions HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 564Expect: 100-continue
{ "EventId": 130, "State": 2, "Method": "POST", "Entity": { "SubscriptionID": "28b4a771-507a-4cd4-b038-8106d313cb4d", "SubscriptionName": "asdf", "AccountAdminLiveEmailId": "[email protected]", "ServiceAdminLiveEmailId": null, "CoAdminNames": [ ], "AddOnReferences": [ ], "AddOns": [ ], "State": 1, "QuotaSyncState": 0, "ActivationSyncState": 0, "PlanId": "asdfi1mlocz9", "Services": [ ], "LastErrorMessage": null, "Features": null, "OfferFriendlyName": null, "OfferCategory": null, "Created": "0001-01-01T00:00:00Z" }, "EntityParentId": null, "NotificationEventTimeCreated": "2014-10-23T23:31:49.591468Z"}
Subscription Delete Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptions HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 564Expect: 100-continue
{ "EventId": 139, "State": 2, "Method": "DELETE", "Entity": { "SubscriptionID": "14cfe9fa-f7ed-48d3-b898-f2daf397e1ab", "SubscriptionName": "asdf", "AccountAdminLiveEmailId": "[email protected]", "ServiceAdminLiveEmailId": null, "CoAdminNames": [ ], "AddOnReferences": [ ], "AddOns": [ ], "State": 1, "QuotaSyncState": 0, "ActivationSyncState": 0, "PlanId": "asdfi1mlocz9", "Services": [ { "Type": "sqlservers", "State": "registered", "QuotaSyncState": 0, "ActivationSyncState": 0, "BaseQuotaSettings": null } ], "LastErrorMessage": null, "Features": null, "OfferFriendlyName": null, "OfferCategory": null, "Created": "2014-10-23T23:56:34.877Z" }, "EntityParentId": null, "NotificationEventTimeCreated": "2014-10-23T23:57:14.9307156Z"}
Addon Create Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptionAddons HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 242Expect: 100-continue
{ "EventId": 144, "State": 2, "Method": "POST", "Entity": { "AddOnId": "blahai1mvj4ds", "AddOnInstanceId": null, "AcquisitionTime": null }, "EntityParentId": "9ffca869-d702-4878-9f2b-7fb3e8fa473e", "NotificationEventTimeCreated": "2014-10-24T01:44:36.6656734Z"}
AddOn Delete Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptionAddons HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 278Expect: 100-continueConnection: Keep-Alive
{ "EventId": 147, "State": 2, "Method": "DELETE", "Entity": { "AddOnId": "blahai1mvj4ds", "AddOnInstanceId": "7d8beab3-9322-4151-86e4-5a2c514d91d4", "AcquisitionTime": null }, "EntityParentId": "9ffca869-d702-4878-9f2b-7fb3e8fa473e", "NotificationEventTimeCreated": "2014-10-24T01:47:48.8051236Z"}
Plan Pricing Query Request/ResponseGET http://ryanwapwsql:8888/planPrice?id=asdfi1mlocz9®ion=en-US&username=ryan.d.jones%40microsoft.com HTTP/1.1Host: ryanwapwsql:8888Connection: Keep-Alive
HTTP/1.1 200 OKContent-Length: 9Content-Type: application/json
"1M Euro"
AddOn Pricing Query Request/ResponseGET http://ryanwapwsql:8888/addonPrice?id=blahai1mvj4ds®ion=en-US&username=ryan.d.jones%40microsoft.com&subscriptionId=9ffca869-d702-4878-9f2b-7fb3e8fa473e HTTP/1.1Host: ryanwapwsql:8888
HTTP/1.1 200 OKContent-Length: 9Content-Type: application/json
"1M Euro"
Configure Usage ServiceSet-MgmtSvcSetting -Namespace UsageService `
-Name Username -Value ‘UsageUser'
Set-MgmtSvcSetting -Namespace UsageService `-Name Password -Value ‘UsagePassword' –Encode
Consume Usage Service$credential = Get-Credential
Invoke-RestMethod –Uri “https://${env:computername}:30022/usage?startId=1&batchSize=5” –Credential $credential
NOTE: Usage Record semantics are unique per resource provider
Website: http://www.gridprosoftware.comTwitter: @gridpro / @gridpatrikFacebook: https://www.facebook.com/GridproLicensing and evals: [email protected] Suite: http://systemcentersolutionstore.com
Gridpro
Admin Portal Extension
Service Management Automation
Tenant Portal Extension 1. Create Request
• Get Offerings from Service Catalog
• Create Request2. Approve Request
• Get Activities from CMDB• Approve Request
3. Run SMA Runbook4. Create Subscription
Request Management
http://technet.microsoft.com/en-us/library/dn296436.aspx
System Center Service
Manager
CMDBand
Service Catalog
Configuration
Get Service Catalog OfferingsGet/Create/Update RequestGet/Update Activities
Resource Provider(Request Management
API)
Run SMA Runbook
WAP Admin API
What is reselling?
Base Provider /Service Provider
(SP)
Reseller
Customer/ IT Pro/Dev
• Owns the Infrastructure
• Integrates Infrastructure
with WAP
• Provisions resell
Accounts, resell offers
and associates them
with Plans
• Bills Reseller for
customer’s usage
• Subscribes to the
reseller offers
• Creates and Manages
Resources on Base
Provider’s
infrastructure
InfrastructureAnd Platform
Services
Base Provider Services
+ Value Added Services
• Creates Customer Offers
• Manages Customer
Accounts
• Provides Support*
• Bills Customer for usage
SP Panel• Shopping Cart• Catalog/Offers• Users• Billing
WAP Resell Architecture
Ability to Resell• Create Resell Plans• Manage
Customers
Customer
Reseller
Base Provider
IT Pro / Dev
WAP
• Plans
• Quotas
• Subscriptions• Resource
Management
WAP Tenant Portal
Introducing Reseller functionality
Parallels Case Study
Offers
Users
Billing
Control Panel
Catalog
Plans
Services
Sub
Tenant
Portal
Admin Portal
WAP
SP Store/Panel
IT Pro / DevCustomer
s$$
Base Provider
ResellerResell Panel
12Resell
Offer
3
3
4
5
67
8
1011
9Offers
Users
Billing
Control Panel
Catalog
Plans
12
3
4
Services
8
9
Sub
5/7
10
Tenant
Portal
Admin Portal
WAP
SP Store/Panel
IT Pro / Dev
Customers
$$
Base Provider
Introducing Reseller functionality1. Provider defines WAP Plan in WAP Admin Portal2. Create offer in SP catalog referencing WAP Plan3. Base Provider creates a Reseller and provides access to reseller Panel.
Reseller Creates Resell Plans which may or may not inherit the plans provided by Base Provider
4. Expose Resell Plans to Customer via Catalog5. Reseller Creates Customer in the User management system 6. Customer gets access to SP Control Panel and accesses Catalog7. Customer Subscribes to the Resell Plan from the Catalog8. Provision WAP Subscription to corresponding Plan. Reseller may be
added as Co-administrator to the subscription9. Users login/use WAP Services in WAP Tenant Portal10. WAP usage per Sub gathered by SP billing system11. Reseller Panel shows customer billing impact per Sub
Ability to add Multiple different Tenant Portals
Each portal can be themed
differently
Each portal can be pointed to a
different Identity Provider
Each Portal can be managed and
scaled independently
Multiple Tenant Portals
Resource Provider
Service Management API
WAP Tenant Portal
Customer 2
WAP Tenant Portal
Customer 1
Customer 2 AD FS
Customer 1 AD FS
Different themes for Tenant Portal based on domains
Domain information comes to the portal through the host header in the
request
Less Resources required to set up and maintain
Useful in situations where a single Identity Provider handles all the
customers
Hostname based Theming
Domain based Theming
SP Panel
reseller1.com
contoso.com
reseller3.com
WAP Tenant Portal
WAP Tenant Portal
reseller1.com
reseller3.com
contoso. com
+
contoso.com
SP PanelSP
PanelSP
Panel
Redirect
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
Developer Network
http://developer.microsoft.com
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC
TechEd Mobile appPhone or Tablet
QR code
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.