Management of cloud resources involves the deployment, configuration, monitoring, and ongoing maintenance of hardware and software components. These components compose the infrastructure management platform, virtual machine hosts and instances, and their associated storage, network and facility components that support the cloud infrastructure. The tools required to manage these components are provided by hardware manufacturers and the cloud computing platform providers.

The Microsoft Private Cloud platform is composed of Microsoft Windows Server 2012 and Microsoft System Center 2012. These products provide the tools necessary to build, monitor and maintain a cloud fabric management infrastructure and the cloud resources that compose services running on the infrastructure. While these tools are ideal for the management of a cloud infrastructure, service providers and large IT organizations require additional capabilities that allow them to integrate the management of their infrastructure with existing self-service portals, support multiple tenants and distribute workloads across management instances that may be deployed geographically in multiple datacenters.

System Center Service Provider Foundation is provided with System Center 2012 – Orchestrator that enables organizations to gain this additional management capability and extend the service provided by their cloud platform.

Table of Contents


Introduction


IT Architects and Implementers designing and building a private cloud infrastructure to support the business needs of the enterprise share several common feature requirements with their peers in Service Provider Organizations. One feature area is providing self-service IT capabilities for their users. Self-service is a key characteristic of any cloud computing platform regardless of the vendor or cloud deployment model. Users of IT resources from the IT professional through business end users either expect or will come to expect to satisfy their IT resource needs through the use of some level of self-service.

This level of self-service provided has grown in depth and complexity as organizations progress from virtualized or highly virtualized infrastructure to private or hybrid cloud infrastructure platforms that supports a high degree of automation and service delivery maturity. Users of self-service demand the ability to stand up complete solutions that include the Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) layers that support the solution being deployed.

Each self-service solution is expected to be complete, that is the solution goes beyond provisioning of resources. Users must be able to monitor the health of their services and associated resource consumption and costs. Services must be able to dynamically respond to usage demands within the limits specified by the self-service user or tenant account authorization. The Private Cloud Reference Architecture includes a Reference Model that forms a foundation for designing reference architectures that enable end-to-end solutions that include self-service management from any device anywhere.

In private cloud deployments self-service users expect the ability to allocate and provision resources only limited by what they are willing to pay for. The Perception of Infinite Capacity principle assures users just that. In reality private cloud resources are limited by the available infrastructure that has been planned using the organizations Capacity Management and Demand Management processes. Additionally for business reasons the IT organization may determine that certain workloads or even complete services are suitable to provision using resources obtained outside the organization. To meet the self-service users’ perception of infinite capacity and accommodate business requirements that allow the use of resources outside of the organization the IT professional must plan to augment their own infrastructure capability with resources obtained from a cloud service provider.

IT organizations and Service Provider Organizations generally provide self-service through an online web based management portal or command line console interface. These management consoles often must interact with proprietary management interfaces potentially from multiple platform vendors to provide the level of self-service expected by end users.

Service Provider Foundation enables IT organizations and service providers to manage cloud resources on the Microsoft Cloud Platform using industry standard management interfaces from supported devices anywhere. Initially System Center Service Provider Foundation supports Infrastructure as Service on Microsoft Windows Server 2012 and Microsoft System Center 2012 SP1.

What is Service Provider Foundation?


Service Provider Foundation is provided with Microsoft System Center 2012 - Orchestrator, a component of Microsoft System Center 2012 Service Pack 1 (SP1). Service Provider Foundation exposes an extensible Open Data Protocol (OData) API over a Representational State Transfer (REST) web service that interacts with components of System Center. This enables service providers and large enterprise organizations to design and implement multi-tenant self-service portals that integrate IaaS capabilities available through Microsoft System Center 2012 SP1.

This release of Service Provider Foundation provides a programmatic web based management interface to a rich set of Microsoft System Center Virtual Machine Manager (VMM) scenarios that are presented later in this article. This interface allows self-service portals to perform many VMM management operations in a RESTful manner commonly used by implementers of web services.

Service Provider Foundation introduces several new capabilities that include multi-tenancy, security and identity independent of Active Directory, and the concept of a “stamp”. More information about these is provided later in the article and through links to other resources.

The Service Provider Foundation is installed as part of Microsoft System Center Orchestrator 2012. Information on the installation and deployment of System Center Service Provider Foundation can be found using this link and also through the link found in the resources section of this article.

The following graphic shows Service Provider Foundation in the context of Microsoft System Center 2012.


Figure 1: System Center Service Provider Foundation in Microsoft System Center 2012

Relationship with the Private Cloud Reference Architecture

The Private Cloud Reference Architecture defines many key principles, concepts and patterns that must be considered when designing a private cloud infrastructure for an organization. Many of these key considerations are aided by including the Service Provider Foundation in the design of a private cloud. Service Provider Foundation, as the name implies, is primarily intended for cloud service provider organizations to enable them to build self-service portals and expose management interfaces that may be used by their customers. However large enterprise organizations share many of the same needs and concerns as cloud service providers.

Consider that a large enterprise is comprised of several business entities or groups, that is they are actually tenants that require services of the IT organization. The internal IT organization is the provider of those services to the business groups. In the enterprise we have the consumer / service provider relationship that's similar to engaging with external service providers for IT resources.

That introduces the private cloud principle of Take a Service Providers Approach to providing IT in large enterprise organizations. A cloud service is a shared service offering select well defined capabilities to self-service consumers. These services include the actual capability, the capacity to grow and ability to collapse as appropriate, perform as expected, and provide continuous availability. These key expected principles require the service provider to enable self-service to respond to demands of consumers and programmatic management interfaces to enable fabric management automation to respond to changes in the demand or health of services running on the infrastructure.

Microsoft Windows Server 2012 and Microsoft System Center 2012 SP1 provide the platform to enable cloud infrastructures. Service Provider Foundation enables common management semantics across private and public cloud computing platforms.

Concepts

Management Stamp

Management Stamps, or stamp, is a new concept introduced with Service Provider Foundation. A stamp represents a unit of virtualized platform infrastructure that includes System Center Virtual Machine Manager, one or more virtual machine hosts and the virtual machines that are managed in the context of the System Center Virtual Machine Manager instance within the stamp. Each stamp also includes the configuration unique to each stamp such as service accounts and user roles.

Stamps must be capable of being monitored; therefore a stamp also includes an instance of System Center Operations Manager. However an instance of System Center Operations Manager may provide monitoring for multiple stamps so there is not necessarily a 1:1 relationship between the number of stamps and instances of System Center Operations Manager.

Put another way a stamp is an instance of System Center that supports a virtualized platform infrastructure up to the maximum number of virtual machine hosts and virtual machines supported by System Center.

Stamps are an important concept since they allow service providers to distribute tenants and their services across multiple instances of System Center components (such as Operations Manager and Virtual Machine Manager), datacenters and geographic locations. Similarly they allow service designers to define how their service is deployed. For example assume a tenant of the service provider wishes to deploy two services. This service provider is a global organization with datacenters throughout the world. The tenant defines their first service requiring multiple instances that are geographically separated. The second service is similarly defined but carries an additional constraint that it only runs in European datacenters. Stamps allow the service provider to design this flexibility into their self-service portal and platform orchestration. Once requests are accepted and validated the service provider fabric management would issue the appropriate requests through the Service Provider Foundation API to deploy the services across stamps.

Tenant

A tenant is an organization or user of the platform usually through creation of an account or subscription. The on-boarding of tenants will likely be defined by policy implemented and enforced by the Service Delivery Layer of the Reference Model. A tenant will have a tenant administrator role assigned to the tenant management artifact maintained by the platform. One or more users may be assigned the administrator role.

Tenants are responsible for all resources that have been provisioned by the platform on behalf of the tenant and generally a metering or chargeback model exists to expose a cost structure assigned to each resource offered by the platform and chargeable to the tenant based upon usage.

Scenarios Enabled

This section provides an overview of scenarios enabled by System Center Service Provider Foundation. In most cases these scenarios become enabled through the use of Service Provider Framework features used in conjunction with base platform capability provided by Microsoft System Center Virtual Machine Manager and System Center Orchestrator. Again this is an overview; for more specific information on each of the System Center Service Provider Foundation features that enable a scenario refer to the product guidance available here and through links available from the scenario description or the Resources section of this article.

  • Web Based Management Interfaces to System Center – Service Providers have invested over time as they have grown from virtualized infrastructures to a public or private cloud services provider offering self-service management portal capability. Web based management interfaces to System Center allow service providers to perform complex management operations using industry standard web service interfaces on cloud resources exposed by Microsoft System Center while retaining their investment in existing self-service portal capabilities.
  • Retain Existing Portal User Interface – This scenario is related to the previous web based management scenario in that service providers have built unique and differentiating capabilities into their self-service management portals. Traditionally System Center has required Microsoft provided management interfaces to perform operations on cloud resources exposed by System Center. By exposing System Center capability through web based management protocols service providers can easily integrate System Center Infrastructure as a Service capability into their existing user interfaces.
  • Multi-tenancy – Service providers have a broad customer base, these are tenants of the cloud service platform. Management portals that expose Infrastructure as a Service capability to tenants must do so in a manner that uniquely identifies them and isolates tenants from each other on the platform.
  • Management Across Instances of System Center Components – Users demand the ability to host their workloads across geographically separated boundaries for protection against a significant failure or other incident that may have broad reaching impact on a datacenter or facility. Service providers desire to distribute workloads across resources that are most efficient and/or manageable at any given moment of the life-cycle of each service. Both of these requirements require the platform to seamlessly support service management across multiple instances of System Center components. The instances of System Center components and associated infrastructure is referred to as a "stamp". The concept of stamps is covered in the Architecture section of this article.

 


Figure 2: Enable Service Providers to Offer Infrastructure as a Service

Architecture


The Service Provider Framework high-level architecture is presented in this section. The core of System Center Service Provider Foundation exposes a web service hosted on Microsoft Internet Information Services (IIS). The web service responds to management requests using a REST (OData) API that exposes cloud infrastructure resources managed by Microsoft System Center. More information about the Uniform Request Structure (URI) for each request is provided later in this section.

Microsoft System Center components such as Virtual Machine Manager provide rich feature manageability through PowerShell cmdlets. Management requests through Service Provider Foundation are aggregated to compose a fully qualified request to the appropriate management instance (or stamp) for resources accessed in the context of the tenant user identification and role. Requests are then processed on each stamp by invoking PowerShell cmdlets through the Aggregation layer.

The graphic below depicts this high level view, the components of Service provider Foundation and the relative layers between external components. The layers of System Center Service Provider Foundation are shown in blue. Each stamp is shown in purple and scale-out of cloud service provider resources is achieved through multiple instances of stamps.


Figure 3: System Center Service Provider Foundation Architecture

Service Provider Foundation exposes System Center components as an Open Data Protocol (OData) service. The OData service is accessed through a specific Uniform Resource Identifier (URI). The service then exposes resources which represent facets of the components they serve. For example, in the case of VMM, the OData service exposes Virtual Machine Manager and provides a collection named VirtualMachines. You can use this collection to access a list of virtual machines, query for a specific virtual machine, create a virtual machine, or delete a virtual machine.

The general format of the Service Provider Foundation Web service URI is “http://server:port/SC2012/component/Microsoft.Management.Odata.svc/”.

The following table describes parts of the URI:

URI Element
 Description
server
 The server that hosts Service Provider Foundation.
port
 The port on which Service Provider Foundation is hosted.
component
 The System Center component you will access.
For System Center 2012 SP1 – Virtual Machine Manager use VMM.

Multi-Tenancy


Enabling self-service for a broad range of users that span enterprise IT through to end users requires the self-service portal and underlying infrastructure to be multi-tenant aware. In the context of Service Provider Foundation the range is somewhat narrow spanning from Tenant Administrator to Tenant End Users. Still the requirement exists for tenant subscribers to manage and monitor the resources associated with the services or subscription.

Service Provider Foundation serves as the broker between the tenant and the Microsoft Cloud management platform and more specifically Virtual Machine Manager. Multi-tenancy is facilitated by mapping a self-service end-user token or Windows Authorization credential to a Virtual Machine Manager Self-Service User Role. Requests issued through Service Provider Foundation are executed on the management platform in the security context of the user role. Multi-tenancy is further aided by new feature capability available on Windows Server 2012 such as Network Isolation.

Management operations are logged appropriately to reflect the tenant performing the request to Service Provider Foundation.

Aggregation


Service Providers organize their infrastructure resources into a hierarchy or grouping that makes sense for their organization. This may take shape across physical boundaries such as geographically separated facilities, datacenters and scale units. Within a facility resources may be further classified by logical capability such as the class of resource being offered (Silver Tier/Gold Tier/Platinum Tier). Service Provider Foundation accommodates this division of resources by offering a single unified service endpoint and aggregating management operations across fabric infrastructure groups, or Stamps. This capability is provided by the Aggregation Layer illustrated in the architecture graphic (Figure 3).

As service providers deploy physical resources managed by the Microsoft Cloud platform, these resources are either added to the scope of an existing System Center management stamp or a new stamp, minimally new stamps consist of System Center Virtual Machine Manager. Once Service Provider Foundation has been deployed, each stamp must be defined with the associated Virtual Machine Manager Server name. When completed this forms the collection of management stamps that tenant services can be deployed across.

Tenants of the service provider subscribe to capabilities that are offered and added to their subscription. A tenant administrator is assigned to each tenant and is responsible for the management of the subscription within their organization or group. The scope of their subscription is defined to Service Provider Foundation in the form of User Roles. Each user role contains rights to the appropriate Virtual Machine Manager Clouds, Virtual Machine and Service Templates, and Networks associated with the class of services included in the tenants subscription.

When presented with a management request from a tenant client, each request occurs over a secure authenticated channel that allows the aggregation layer to fully expand the request. Requests may be loosely or firmly scoped within the context of the subscription. That is a tenant may issue a request that could be fulfilled on any management stamp the tenant has access to, or the request may specify an operation to occur on a specific stamp. Consider a request to show all my virtual machines. This request when expanded results in management operations to each stamp the tenant has access to that enumerates their virtual machines running in each stamp. The aggregation layer combines the results from each stamp into a single view of virtual machines owned by the tenant across the infrastructure.

Aggregation then is responsible for expanding Service Provider Foundation management requests into unique fully qualified operations that are issued across stamps with results unified into a single view of the infrastructure across the organization.

Reviewing Service Provider Foundation in your Environment

Staging Service Provider Foundation to review its capabilities and management interfaces or integrate into your development environment requires administrative access to one or more System Center Virtual Machine Manager instances that are actively managing at least one virtual machine host in a test or sandbox environment. You then need the physical or virtual machine resources to deploy System Center Orchestrator and Service Provider Foundation and configure with information about your Virtual Machine Manager stamps.

System Center 2012 Components and Other Requirements

  • System Center 2012 SP1 – Virtual Machine Manager
  • System Center 2012 SP1 – Orchestrator
    • Includes Service Provider Foundation
  • System Center 2012 SP1 – Operations Manager

Overview

Using System Center 2012 components together as outlined in this section you should come away with an understanding of how Service Provider Foundation with Virtual Machine Manager enables Infrastructure as a Service capabilities useful to service provider and large IT organizations. More specifically you will:

  • Gain and overview of Service Provider Foundation and how it fits in the overall scope of System Center 2012
  • Deployment of Service Provider Foundation
  • Association with Virtual Machine Manager
  • Programmatic access to Virtual Machine Manager Capabilities
  • Service Provider Foundation Command Line Usage

Preparation

In order to prepare your environment for this scenario, you should review guidance in the System Center 2012 Integration Guide hosted on the Microsoft TechNet Library.
There you can review community information of each System Center component in its role as a programmable platform to be used for the Microsoft Private Cloud. It is intended to provide an abstraction layer that guides partners and customers on their decision process for methods to build automated solutions across System Center components and between System Center and other systems.

Once you have the System Center 2012 components and other requirements met, you’re ready to explore Service Provider Foundation in your environment.

Explore

This section outlines the steps you should complete to accomplish reviewing Service Provider Foundation.

  1. Determine or Create a sample Virtual Machine Manager fabric – If you have an existing System Center test environment already established you can skip to the next step. Otherwise you'll need to have Virtual Machine Manager fabric created including items such as clouds containing CPUs, memory, storage, and VMs. You can read more about configuring fabric resources in Virtual Machine Manager here in the TechNet Library.
  2. Accessing Service Provider Foundation – You should decide how you will access Service Provider Foundation to explore its capabilities. Initially you may wish to use a browser to access Service Provider Foundation to perform some simple operations by constructing the appropriate URI and examining the results. Developers may wish to jump right in with a simple project and begin coding actions against Service Provider Foundation and acting programmatically on results. Developers should already have a development environment and references to an OData platform library appropriate for their environment.
  3. Deploy and Configure Service Provider Foundation – This step involves the actual deployment of Service Provider Foundation into your test environment and configuring Service Provider Foundation with knowledge about the Virtual Machine Manager instances (or Stamps) you plan to test against. Guidance on the deployment and configuration of Service Provider Foundation can be found here in the TechNet Library.
  4. Test connection to Service Provider Foundation – Test that you can connect to the Service Provider Foundation server instance and can perform simple operations. This will determine if you have physical network connectivity to the server and administrative access to perform management operations. You’ll need to construct a URI that includes the server, service endpoint and operation to perform.
  5. Test Infrastructure as a Service scenarios – Test some advanced Infrastructure as a Service scenarios such as the creation and collapse of resources across management stamps. Through this step you’ll gain confidence in your understanding of Service Provider Foundation concepts, management interfaces and capabilities as they apply to the needs of your organization. You'll find detailed guidance on the Service Provider Foundation API here in the TechNet Library.
Have a question about Service Provider Foundation? Have you integrated Service Provider Foundation into your self-service platform and have feedback? Discuss here on the TechNet Forum.

Resources

Architecture Resources

Community Resources

Community Blog Posts

Technical Documentation Resources

For more technical scenarios, see the Technical Scenarios page in the System Center TechCenter

Other Languages