Azure Pack Extensibility Ryan JonesShriram NatarajanPatrik Sundqvist

CDP-B416

Session Objectives And TakeawaysSession Objective(s): 1. Explore Integration Patterns and Best Practices2. Show basic integration via PowerShell + REST3. Demo service desk scenarios (approval/chargeback scenarios) w/Service Manager +

GridPro4. Demo control panel scenarios (storefront + billing) w/Parallels Automation5. Discuss advanced Hosting Scenarios - Reselling

Key Scenario 1 - WAP + Service Desk for Enterprises

Key Scenario 2 - WAP + Control Panel for Service Providers

Concept Review

Generates

Subscribes to

Tenants, Plans, and Subscriptions – Oh My!

Tenant

Identity System

Subscription

Plan

Authenticates with

MySQL

Service

Bus

SQLVMsWebSitesResource Providers Custo

m RP…

…Quota FanOut

Tenants acquires a unique subscription ID by signing up to a plan. Users can access resources (VMs, websites, …) via their subscription.

Resource providers govern access controls and quota limits via the subscription

It is a billing entity used to charge for a tier of service and resource consumption

Users who sign up to use the WAP. Identities can be managed via AD and ASP.NET membership. ADFS can federate to other identities providers

Integration Patterns &Best Practices

Control Panel Integration

1. Provider defines WAP Plan in WAP Admin Portal

2. Create offer in SP catalog referencing WAP Plan

3. Sell offer to customer in SP Control Panel

4. Provision/Enroll user for offer via SP Panel

5. Provision WAP Subscription to Plan

6. Show price of the purchased Subscription in SP Panel

7. Add/Mod/Del Users as Subscription Co-Admins

8. Users login/use WAP Services in WAP Tenant Portal

9. WAP usage per Sub gathered by SP billing system

10. SP Panel shows customer billing impact per Sub

Offers

Users

Billing

Control Panel

Catalog

Plans

12

3

4

Services

8

9

Sub

5/7

10

Tenant

Portal

Admin Portal

WAP

SP Store/Panel

IT Pro / Dev

Customers

$$

Base Provider

Panel Integration Pattern

Service ProviderStore/Panel

WindowsAzure Pack

Update-MgmtSvcCoAdministratorPATCH https://<ServiceMgmt>/subscriptions/<SubID>

Get-MgmtSvcPlanGET https://<ServiceMgmt>/plans/<PlanID>

Add-MgmtSvcUserPOST https://<ServiceMgmt>/users

Add-MgmtSvcSubscriptionPOST https://<ServiceMgmt>/subscriptions

/plans/users

/subscription

s

GET https://<Usage>/usage?startID=0&batchSize=1

/usage

POST http://<BillingAdapter>/subscriptions

/subscription

s/price

Identity

WAP Admin Portal

Admin Auth Site

AD FS

WAP Tenant Portal

Tenant Auth Site

1. Configure the management portals to trust AD FS

Set-

MgmtSvcRelyingPartySettings2. Configure AD FS to trust the management portals

Add-ADFSRelyingPartyTrust

3. Configure the tenant authentication site to trust AD FS Set-MgmtSvcIdentityProviderSettings

4. Configure the tenant authentication site to trust AD FS Add-ADFSIdentityProviderTrust

Claims-based Identity Configuration

(3*) For Third Party providers trust is set up corresponding to the requirements of the provider

http://technet.microsoft.com/en-us/library/dn296436.aspx

Federated IdentityA federated identity is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Source: Wikipedia http://en.wikipedia.org/wiki/Federated_identity

Application

STS 1

STS 2

AD FS

Contoso

Federation Chain

Windows Azure Pack APIs

Plan + Addon CRUDUser CRUDSubscription CRUDApproval APIsPricing APIsUsage APIs

Windows Azure Pack APIs

Prerequisite – Endpoints and Authentication$adminuri = "https://" + $env:computername + ":30004"$authuri = "https://" + $env:computername + ":30072"

$token = Get-MgmtSvcToken –Type Windows `-AuthenticationSite $authuri `-ClientRealm

“http://azureservices/AdminSite” `-User (Get-Credential) `-DisableCertificateValidation

Add-MgmtSvcPlan (Creates Plan)Add-MgmtSvcPlanService (Adds Service to Plan)Add-MgmtSvcListQuota (Adds QuotaList to Plan)Add-MgmtSvcQuotaSetting (Adds QuotaSetting to QuotaList)Update-MgmtSvcPlanQuota (Update Quotas in Plan)

Plan Creation (PowerShell)

Create Plan w/Add-MgmtSvcPlan$plan = Add-MgmtSvcPlan -AdminURI $adminuri `

-Token $token `-DisableCertificateValidation `-DisplayName "Service Plan 01" `-State Public `-MaxSubscriptionsPerAccount 15 `-InvitationCode "Welcome01“

Add Service to Plan w/ Add-MgmtSvcPlanService $RP = Get-MgmtSvcResourceProvider -AdminUri $adminuri `

-Token $token `-DisableCertificateValidation `| where-object {$_.Name -eq "sqlservers"}

Add-MgmtSvcPlanService -AdminUri $adminuri `-Token $Token `-DisableCertificateValidation `-ServiceName $RP.Name `-InstanceID $RP.InstanceId `-PlanID $plan.Id

Build QuotaLists and QuotaSettings$QuotaList = New-MgmtSvcQuotaList$Quota = Add-MgmtSvcListQuota -QuotaList $QuotaList `-ServiceName $RP.Name `-ServiceInstanceId $RP.InstanceId Add-MgmtSvcQuotaSetting -Quota $Quota `

-Key Editions `-Value `

'[{"displayName":"Default","groupName":"Default","supportedAuthenticationModes":1,"resourceCount":"11","resourceSize":"1025","resourceSizeLimit":"1025","offerEditionId":"20141022020721","groupType":null}]'

. . . And Update$QuotaList | Update-MgmtSvcPlanQuota -AdminUri $adminuri `

-Token $Token `-DisableCertificateValidation `-PlanId $plan.Id

Add-MgmtSvcAddOn (Creates AddOn)Add-MgmtSvcAddOnService (Adds Service to Plan)Add-MgmtSvcListQuota (Adds QuotaList to Plan)Add-MgmtSvcQuotaSetting (Adds QuotaSetting to QuotaList)Update-MgmtSvcAddOnQuota (Update AddOn in Plan) Add-MgmtSvcPlanAddOn (Links AddOn to Plan)

AddOn Creation (PowerShell)

Create AddOn w/Add-MgmtSvcAddOn$addon = Add-MgmtSvcAddOn -AdminURI $adminuri `

-Token $token `-DisableCertificateValidation `-DisplayName “AddOn 01" `-State Public `-MaxOccurrencesPerPlan 15

Add Service to AddOn w/ Add-MgmtSvcAddOnService $RP = Get-MgmtSvcResourceProvider -AdminUri $adminuri `

-Token $token `-DisableCertificateValidation `| where-object {$_.Name -eq "sqlservers"}

Add-MgmtSvcAddOnService -AdminUri $adminuri `-Token $Token `-DisableCertificateValidation `-ServiceName $RP.Name `-InstanceID $RP.InstanceId `-AddOnID $AddOn.Id

Build QuotaLists and QuotaSettings$QuotaList = New-MgmtSvcQuotaList$Quota = Add-MgmtSvcListQuota -QuotaList $QuotaList `-ServiceName $RP.Name `-ServiceInstanceId $RP.InstanceId Add-MgmtSvcQuotaSetting -Quota $Quota `

-Key Editions `-Value `

'[{"displayName":"Default","groupName":"Default","supportedAuthenticationModes":1,"resourceCount":"11","resourceSize":"1025","resourceSizeLimit":"1025","offerEditionId":"20141022020721","groupType":null}]'

Update AddOn and Link AddOn to Plan$QuotaList | Update-MgmtSvcAddOnQuota -AdminUri $adminuri `

-Token $Token `-DisableCertificateValidation `-AddOnId $addon.Id

Add-MgmtSvcPlanAddOn –AdminUri $adminuri `-Token $Token `-DisableCertificateValidation `-AddOnId $AddOn.Id `-PlanId $Plan.Id

Actual User exists in the Identity ProviderADFSASP.Net MembershipWS-Trust Identity Provider

Create User in WAP which maps to external UPN

Create Subscription, referencing Plan + User

User + Subscription Creation

Create User$username = “tasha@jones.com”

$user = Add-MgmtSvcUser -AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-Name $username `-Email $username `-State Active

Create Subscription$subscription = Add-MgmtSvcSubscription -AdminUri $AdminUri `

-Token $token `-DisableCertificateValidation `-AccountAdminLiveEmailId $user.Email `-AccountAdminLivePuid $user.Email `-PlanId $plan.Id `-FriendlyName “Tasha is my dog”

Add Addon, referencing Addon

Add CoAdministrator referencing User

Suspend Subscription

Common Subscription Updates

Add Addon to SubscriptionAdd-MgmtSvcSubscriptionAddOn `

-AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId `-AddOnId $addon.Id

Add CoAdmin to Subscription$username = “hollis@jones.com”

$user = Add-MgmtSvcUser -AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-Name $username `-Email $username `-State Active

Update-MgmtSvcCoAdministrator `-AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId `-CoAdministratorName $user.name

Enable/Disable SubscriptionDisable-MgmtSvcSubscription -AdminUri $AdminUri `

-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId

Enable-MgmtSvcSubscription -AdminUri $AdminUri `-Token $token `-DisableCertificateValidation `-SubscriptionId $subscription.SubscriptionId

Removing it all (literally, without filters) Get-MgmtSvcSubscription -AdminUri $AdminUri -Token $token –DisableCertificateValidation `

| Remove-MgmtSvcSubscription -AdminUri $AdminUri -Token $token `–DisableCertificateValidation –confirm:$false

Start-sleep –seconds 5Get-MgmtSvcUser -AdminUri $AdminUri -Token $token –DisableCertificateValidation `

| Remove-MgmtSvcUser -AdminUri $AdminUri -Token $token `–DisableCertificateValidation –confirm:$false

Start-sleep –seconds 5Get-MgmtSvcPlan -AdminUri $AdminUri -Token $token –DisableCertificateValidation `

| % {Remove-MgmtSvcPlan -AdminUri $AdminUri -Token $token `–DisableCertificateValidation $_.Id –confirm:$false}

Start-sleep –seconds 5Get-MgmtSvcAddon -AdminUri $AdminUri -Token $token –DisableCertificateValidation `

| % {Remove-MgmtSvcAddon -AdminUri $AdminUri -Token $token `–DisableCertificateValidation $_.Id –confirm:$false}

Approval + Pricing APIs

Create Subscription /subscriptionsAdd AddOn to Subscription/subscriptionaddons

Delete Subscription /subscriptionsDelete AddOn from Subscription/subscriptionaddons

Get Plan Price /planPriceGet Addon Price /addonPrice

Notification Types

Configure Notification Subscriber$notificationep = $adminuri = "http://" + $env:computername + ":8888/"

Set-MgmtSvcNotificationSubscriber -Name MySubscriber –SubscriberType BillingService `-Enabled $true -Endpoint $notificationep -AuthenticationMode None

Restart-WebAppPool –Name MgmtSvc-Usage

SubscriberType:BillingService – blocking, with pricing requestsMandatoryService – blocking, without pricing requestsOptionalService – nonblocking

AuthenticationMode:Basic – Basic AuthenticationNone

Subscription Create Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptions HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 564Expect: 100-continue

{ "EventId": 130, "State": 2, "Method": "POST", "Entity": { "SubscriptionID": "28b4a771-507a-4cd4-b038-8106d313cb4d", "SubscriptionName": "asdf", "AccountAdminLiveEmailId": "ryan.d.jones@microsoft.com", "ServiceAdminLiveEmailId": null, "CoAdminNames": [ ], "AddOnReferences": [ ], "AddOns": [ ], "State": 1, "QuotaSyncState": 0, "ActivationSyncState": 0, "PlanId": "asdfi1mlocz9", "Services": [ ], "LastErrorMessage": null, "Features": null, "OfferFriendlyName": null, "OfferCategory": null, "Created": "0001-01-01T00:00:00Z" }, "EntityParentId": null, "NotificationEventTimeCreated": "2014-10-23T23:31:49.591468Z"}

Subscription Delete Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptions HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 564Expect: 100-continue

{ "EventId": 139, "State": 2, "Method": "DELETE", "Entity": { "SubscriptionID": "14cfe9fa-f7ed-48d3-b898-f2daf397e1ab", "SubscriptionName": "asdf", "AccountAdminLiveEmailId": "ryan.d.jones@microsoft.com", "ServiceAdminLiveEmailId": null, "CoAdminNames": [ ], "AddOnReferences": [ ], "AddOns": [ ], "State": 1, "QuotaSyncState": 0, "ActivationSyncState": 0, "PlanId": "asdfi1mlocz9", "Services": [ { "Type": "sqlservers", "State": "registered", "QuotaSyncState": 0, "ActivationSyncState": 0, "BaseQuotaSettings": null } ], "LastErrorMessage": null, "Features": null, "OfferFriendlyName": null, "OfferCategory": null, "Created": "2014-10-23T23:56:34.877Z" }, "EntityParentId": null, "NotificationEventTimeCreated": "2014-10-23T23:57:14.9307156Z"}

Addon Create Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptionAddons HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 242Expect: 100-continue

{ "EventId": 144, "State": 2, "Method": "POST", "Entity": { "AddOnId": "blahai1mvj4ds", "AddOnInstanceId": null, "AcquisitionTime": null }, "EntityParentId": "9ffca869-d702-4878-9f2b-7fb3e8fa473e", "NotificationEventTimeCreated": "2014-10-24T01:44:36.6656734Z"}

AddOn Delete Notification Request/ResponsePOST http://ryanwapwsql:8888/subscriptionAddons HTTP/1.1Content-Type: application/json; charset=utf-8Host: ryanwapwsql:8888Content-Length: 278Expect: 100-continueConnection: Keep-Alive

{ "EventId": 147, "State": 2, "Method": "DELETE", "Entity": { "AddOnId": "blahai1mvj4ds", "AddOnInstanceId": "7d8beab3-9322-4151-86e4-5a2c514d91d4", "AcquisitionTime": null }, "EntityParentId": "9ffca869-d702-4878-9f2b-7fb3e8fa473e", "NotificationEventTimeCreated": "2014-10-24T01:47:48.8051236Z"}

Plan Pricing Query Request/ResponseGET http://ryanwapwsql:8888/planPrice?id=asdfi1mlocz9&region=en-US&username=ryan.d.jones%40microsoft.com HTTP/1.1Host: ryanwapwsql:8888Connection: Keep-Alive

HTTP/1.1 200 OKContent-Length: 9Content-Type: application/json

"1M Euro"

AddOn Pricing Query Request/ResponseGET http://ryanwapwsql:8888/addonPrice?id=blahai1mvj4ds&region=en-US&username=ryan.d.jones%40microsoft.com&subscriptionId=9ffca869-d702-4878-9f2b-7fb3e8fa473e HTTP/1.1Host: ryanwapwsql:8888

HTTP/1.1 200 OKContent-Length: 9Content-Type: application/json

"1M Euro"

Demo: Approval + Pricing

Usage APIs

Configure Usage Service via Powershell

Consume Usage APIs via Powershell

Usage APIs

Configure Usage ServiceSet-MgmtSvcSetting -Namespace UsageService `

-Name Username -Value ‘UsageUser'

Set-MgmtSvcSetting -Namespace UsageService `-Name Password -Value ‘UsagePassword' –Encode

Consume Usage Service$credential = Get-Credential

Invoke-RestMethod –Uri “https://${env:computername}:30022/usage?startId=1&batchSize=5” –Credential $credential

NOTE: Usage Record semantics are unique per resource provider

Partner Demo: GridPro

Website: http://www.gridprosoftware.comTwitter: @gridpro / @gridpatrikFacebook: https://www.facebook.com/GridproLicensing and evals: sales@gridprosoftware.comThe Suite: http://systemcentersolutionstore.com

Gridpro

Admin Portal Extension

Service Management Automation

Tenant Portal Extension 1. Create Request

• Get Offerings from Service Catalog

• Create Request2. Approve Request

• Get Activities from CMDB• Approve Request

3. Run SMA Runbook4. Create Subscription

Request Management

http://technet.microsoft.com/en-us/library/dn296436.aspx

System Center Service

Manager

CMDBand

Service Catalog

Configuration

Get Service Catalog OfferingsGet/Create/Update RequestGet/Update Activities

Resource Provider(Request Management

API)

Run SMA Runbook

WAP Admin API

Reseller functionality

What is reselling?

Base Provider /Service Provider

(SP)

Reseller

Customer/ IT Pro/Dev

• Owns the Infrastructure

• Integrates Infrastructure

with WAP

• Provisions resell

Accounts, resell offers

and associates them

with Plans

• Bills Reseller for

customer’s usage

• Subscribes to the

reseller offers

• Creates and Manages

Resources on Base

Provider’s

infrastructure

InfrastructureAnd Platform

Services

Base Provider Services

+ Value Added Services

• Creates Customer Offers

• Manages Customer

Accounts

• Provides Support*

• Bills Customer for usage

SP Panel• Shopping Cart• Catalog/Offers• Users• Billing

WAP Resell Architecture

Ability to Resell• Create Resell Plans• Manage

Customers

Customer

Reseller

Base Provider

IT Pro / Dev

WAP

• Plans

• Quotas

• Subscriptions• Resource

Management

WAP Tenant Portal

Introducing Reseller functionality

Parallels Case Study

Offers

Users

Billing

Control Panel

Catalog

Plans

Services

Sub

Tenant

Portal

Admin Portal

WAP

SP Store/Panel

IT Pro / DevCustomer

s$$

Base Provider

ResellerResell Panel

12Resell

Offer

3

3

4

5

67

8

1011

9Offers

Users

Billing

Control Panel

Catalog

Plans

12

3

4

Services

8

9

Sub

5/7

10

Tenant

Portal

Admin Portal

WAP

SP Store/Panel

IT Pro / Dev

Customers

$$

Base Provider

Introducing Reseller functionality1. Provider defines WAP Plan in WAP Admin Portal2. Create offer in SP catalog referencing WAP Plan3. Base Provider creates a Reseller and provides access to reseller Panel.

Reseller Creates Resell Plans which may or may not inherit the plans provided by Base Provider

4. Expose Resell Plans to Customer via Catalog5. Reseller Creates Customer in the User management system 6. Customer gets access to SP Control Panel and accesses Catalog7. Customer Subscribes to the Resell Plan from the Catalog8. Provision WAP Subscription to corresponding Plan. Reseller may be

added as Co-administrator to the subscription9. Users login/use WAP Services in WAP Tenant Portal10. WAP usage per Sub gathered by SP billing system11. Reseller Panel shows customer billing impact per Sub

Partner Demo: Parallels

Tenant Portal Extensibilityfor Reselling

Ability to add Multiple different Tenant Portals

Each portal can be themed

differently

Each portal can be pointed to a

different Identity Provider

Each Portal can be managed and

scaled independently

Multiple Tenant Portals

Resource Provider

Service Management API

WAP Tenant Portal

Customer 2

WAP Tenant Portal

Customer 1

Customer 2 AD FS

Customer 1 AD FS

Hostname based theming

Different themes for Tenant Portal based on domains

Domain information comes to the portal through the host header in the

request

Less Resources required to set up and maintain

Useful in situations where a single Identity Provider handles all the

customers

Hostname based Theming

Domain based Theming

SP Panel

reseller1.com

contoso.com

reseller3.com

WAP Tenant Portal

WAP Tenant Portal

reseller1.com

reseller3.com

contoso. com

+

contoso.com

SP PanelSP

PanelSP

Panel

Redirect

DemoHost header-based theming

Control Panels integrating with Windows Azure Pack

More coming…

Q3 CY14

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

Developer Network

http://developer.microsoft.com

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC

TechEd Mobile appPhone or Tablet

QR code

Evaluate this session

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.