Service Provider Foundation – Part 3: Installation

In the last post, we covered the Requirements for installing Service Provider Foundation (SPF). Now we will walk through the installation of Service Provider Foundation.

 

You can install Service Provider Foundation on a single server or on multiple servers, with at least one server that has Microsoft SQL Server installed to contain the Service Provider Foundation database.

A side-by-side installation of different Service Provider Foundation versions that are on the same server is not supported.

The Setup wizard configures Service Provider Foundation along with the web services that you select for that computer. Installation of Service Provider Foundation onto a virtual machine is supported.

Before you install Service Provider Foundation, do the following:

• Make sure that each computer has sufficient RAM and hard disk space for all the web services that you intend to install. Also, be sure to have the prerequisite software installed.
• Make sure that you have a domain user account with administrative privileges on the computers on which you want to install Service Provider Foundation.
• Close any open programs, and make sure that the computer does not have a restart pending.

If there is a problem with the installation completing successfully, refer to the log files, named “Microsoft Service Provider*.log”, in the %SYSTEMDRIVE%%TEMP% folder.

You can also run a silent, unattended, installation.

To install Service Provider Foundation

On the server where you want to install Service Provider Foundation, double-click SetupOrchestrator.exe on the installation media to start the System Center 2012 – Orchestrator 2012 R2 Setup Wizard.

Note: We recommend that you run setup as Administrator. Doing so allows Customer Experience and Microsoft Update choices to be retained later in the setup.

On the main Setup page, click Service Provider Foundation.

On the Service Provider Foundation Setup page, click Install.

On the License Terms page, review the license agreement. If you agree with the terms, select the I have read, understood, and agree with the terms of the license agreement check box, and then click Next.

On the Prerequisites page, wait for the wizard to complete the prerequisite verification, and then review the results. If any of the prerequisites are missing, install the missing prerequisites, and then click Check prerequisites again.

When all of the prerequisites are met, click Next.

On the Configure the database server page, in the server text box, enter the name of the server that hosts SQL Server, or accept the default localhost. In Port Number, type the port number that accesses the database, or accept the default of 1433, and then click Next.

On the Specify a location for the SPF files page, accept or change the location for the web service files by using the Change Folder button. Optionally, change Website name. In the Port Number section, enter the Internet Information Services (IIS) port number that you want to use, or accept the default of 8090.

The Server certificate refers to a certificate to configure the site bindings for the Service Provider Foundation website in Internet Services Information (IIS) Manager. You can either generate a self-signed certificate or use an existing certificate.

Important: We recommend that generated self-signed certificates be used only for a testing purposes in a non-production environment.

Click Next.

On the Configure the Admin web service page, in the Domain security groups or users text box, type the domain and user name of each security group or user who will use this web service. Use the format domainuser name, and use a semicolon to separate multiple entries, for example, SC.LABJohnDoe; SC.LABTestGroup.

For application pool credentials, select the type of account that you want to use:

• Select Service Account, and then type the domain name, user name, and password of the account that you want the application pool to use.

Make sure that the application pool account exists in the domain and that it has sufficient permissions to manage the server.

• To use an internal system account, select Network Service.

We recommend that you do not use Network Service but instead use a Service Account using domain credentials.

If you select Network Service, the account must be a System Center 2012 R2 Virtual Machine Manager administrator, or it must have enough permission to perform the Service Provider Foundation requests.

Click Next.

In the same manner, specify the settings for Configure the Provider web service, and then click Next.

In the same manner, specify the settings for Configure the VMM web service, and then click Next.

In the same manner, specify the settings for Configure the Usage web service, and then click Next.

Choose the desired options on the Help improve Microsoft System Center Service Provider Foundation and Microsoft Update page, and then click Next.

Choices made on this page are not retained unless setup was run as Administrator.

On the Installation summary page, review your selections, and then do one of the following:

• Click Previous to change any selections.
• Click Install to install Service Provider Foundation.

After you click Install, the installation progress indicator appears.

Click Close when the message “Setup is complete” appears.

Repeat this procedure for each installation, such as for a web farm.

NOTE: When I opened Internet Information Manager (IIS), and attempted to browse the SPF website, I encountered the following error.

Notice that the error message says: “A default document is not configured for the requested URL, and directory browsing is not enabled on the server.”

And the solution? Enable directory browsing using IIS Manager by doing the following.

Open IIS Manager. In the Features view, double-click Directory Browsing.

On the Directory Browsing page, in the Actions pane, click Enable.

After enabling Directory Browsing, I was then able to browse the SPF site successfully.

 

Post Installation

The Service Account(s) that we configured for the Application Pools need to be added into the Security Group(s) we used for each Service.

In my lab example, the Application Pool account used is: SCSPF_AppPool, and the Security Groups are: SCSPF_Admins, SCSPF_Providers, SCSPF_VMM, and SCSPF_Usage.

Also, the Service Account(s) we used, needs to be added as an Administrator within SCVMM. In the SCVMM console, navigate to Settings > Security > User Roles > Administrator, and add the Service Account(s).

You will also need to grant the Service Account permissions in SQL Server that is running the Service Provider Foundation database. Open the SQL Server Management Studio, and connect to the SQL Server running the SPF database. Navigate to Security > Logins, and add the Service Account.

Open the account properties, navigate to User Mapping, and select the “SysAdmin” server role. Then click OK.

 

 

So that’s the installation of Service Provide Foundation (SPF). Now what? Well, SPF can be used with Portal systems like System Center App Controller, and Windows Azure Pack, to deliver Infrastructure As A Service (IaaS). In a related series, I will write about deploying the Windows Azure Pack.

Service Provider Foundation – Part 2: System Requirements and Prerequisites

Welcome to the second part in this series. In the first part, we were introduced to Service Provider Foundation. In this next part we will review what is required to prepare the environment and the system requirements.

The following information is take from the following TechNet article: http://technet.microsoft.com/en-us/library/dn266008.aspx.

Here are the system requirements and considerations to keep in mind before you deploy Service Provider Foundation.

The two main products that Service Provider Foundation requires are System Center 2012 R2 Virtual Machine Manager and SQL Server. Please note:

• Only the VMM Console must be on the same server as Service Provider Foundation but the VMM Management Server can be on a different server. You can also have them all on the same server. The SQL Server database can be on any server, as only the server name and port number of the SQL Server installation are needed to install Service Provider Foundation.
• If you plan to implement usage metering to manage tenant costs, you will need an System Center 2012 R2 Operations Manager server and an Operations Manager Data Warehouse server.

Operating System Requirements

According to the Server Operating System Requirements for System Center, in order to deploy Service Provider Foundation (SPF for short), you need to be using Windows Server 2012 R2. That’s right, not even Windows Server 2012 is support, it must be the “R2” version. I’m not sure if that is completely true, but that’s what the article seems to indicate.

Server Roles and Features

The following Roles and Features are required as prerequisites for Service Provider Foundation (SPF).

Server Manager Roles

Web Server (IIS) server. Include the following services:

• Security > Basic Authentication
• Security > Windows Authentication
• Application Deployment > ASP.NET 4.5
• Application Development > ISAPI Extensions
• Application Deployment > ISAPI Filters
• Management Tools > IIS Management Scripts and Tools

Server Manager Features

• Management OData IIS Extension
• .NET Framework 4.5 features > ASP.NET 4.5
• .NET Framework 4.5 features > WCF Services > HTTP Activation

You can also install these roles and features by running the following PowerShell command.

Install-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Request-Monitor, Web-Http-Tracing, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Basic-Auth, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Scripting-Tools, NET-Framework-45-ASPNET, NET-WCF-HTTP-Activation45, ManagementOdata, WAS, WAS-Process-Model, WAS-Config-APIs

SQL Server and Database Storage

Although it’s not required to install Service Provider Foundation, SQL Server is required on at least one server to contain the Service Provider Foundation database. 5 GB is sufficient storage for even large databases. Only the name and port for a SQL Server installation are required.

Web Services

Install the following from the Microsoft Download Center:

• WCF Data Services 5.0 for OData V3
• ASP.NET MVC 4

Virtual Machine Manager

You must have System Center 2012 R2 Virtual Machine Manager in your environment, but you only need Virtual Machine Manager Console on the server where you install Service Provider Foundation .

Certificates

You must obtain an SSL server certificate, or you can choose to have a test certificate automatically generated during setup.

In my lab, I’m going to use a self-signed certificate. Open IIS Manager, select the server in the left console and select Server Certificates in main area.

With the Server Certificates open, in the Actions menu on the right, select Create Self-Signed Certificate.

On the Create Self-Signed Certificate dialog, provide the friendly name. The friendly name must match the URL that is used when connecting to the Service Provider Foundation.

In my lab example, my SPF friendly name is: SPF.SC.LAB.

Now we can move onto the actual Installation of the Service Provider Foundation (SPF).

Service Provider Foundation – Part 1: Introduction

Welcome to the first part in this series. In this series I am going to walk through the setup of the Service Provider Foundation. This is a key part to using the Windows Azure Pack (which will be posted in a different series).

So let’s begin with an introduction.

Introduction to Service Provider Foundation

Service Provider Foundation is provided with System Center 2012 – Orchestrator, a component of System Center 2012 R2 (and System Center 2012 SP1). Service Provider Foundation exposes an extensible OData web service that interacts with Virtual Machine Manager (VMM). This enables service providers and hosters to design and implement multi-tenant self-service portals that integrate IaaS capabilities available on System Center 2012 R2.

The following information is taken directly from the Architecture Overview TechNet article, found here: http://technet.microsoft.com/en-us/library/jj642897.aspx.

Service providers can use Service Provider Foundation technology to offer infrastructure as a service (IaaS) to their clients. If a service provider has a front-end portal for clients to interact with, Service Provider Foundation makes it possible for the clients to access the resources on their hosting provider’s system without making changes to the portal.

The following illustration provides a high-level view of how Service Provider Foundation operates.

The tenant represents a hoster’s customer, and the tenant has assets on the hoster’s system. Each tenant has their own administrators, applications, scripts, and other tools.

The hoster provides tenants with the environment, which can include virtual machines. The hoster has an existing front-end portal, which all tenants can use. On the back end, the hoster has a collection of resources, which is called the fabric. The hoster allocates those resources into discrete groups according to the hoster’s needs. Each of these groups is known as a stamp. The hoster can then assign the tenant’s resources to stamps in whatever manner is appropriate to the hoster. The resources may be divided across several stamps, according to the hoster’s business model scheme. Service Provider Foundation makes it possible for the hoster to present a seamless user experience to the tenant by aggregating the data from each stamp and allowing the tenant to use the Service Provider Foundation application programming interfaces (APIs) to access that data.

A stamp in Service Provider Foundation is a logical scale unit designed for scalability that provides an association between a server and its System Center 2012 Service Pack 1 (SP1) components. As tenant demand increases, the hoster provides additional stamps to meet the demand. Note that Service Provider Foundation System Center 2012 SP1 supported only one type of stamp; that is a single server that has Virtual Machine Manager (VMM) installed.

Service Provider Foundation does not configure clouds; instead, it manages their resources. Virtual machines are set to clouds, for example, when they are created for VMM or when they are created by the New-SCVirtualMachine cmdlet.

The hoster can have a portal client, which faces the tenant, that provides access to the infrastructure that the hoster has granted. The portal uses an extensible representational state transfer (REST) API to communicate with the web service by using the OData protocol. The claims-based authentication verifies the tenant’s identity and associates it with the user role that the hoster assigns.

Service Provider Foundation uses a database to aggregate the tenant resources, which are managed with Windows PowerShell scripts and Orchestrator runbooks. This makes it possible for the hoster to distribute tenant resources among management stamps in whatever way it decides, while to the tenant the resources are easy to access and appear contiguous.

That’s enough starter info, let’s get into preparing the environment and system requirements.