Hi, folks!
Finally, this is the third and last part of series of posts related with Windows Azure Pack (WAP) and VMM Clouds. Previously we’ve described installation of Windows Azure Pack and Service Provider Foundation. Now it’s time to implement the first cloud service. No doubt the most popular service is VM Cloud. Let’s describe what is it and how to deploy one with WAP.
Requirements
Component | Requirement | Description |
Service Provider Foundation | Install and configure Service Provider Foundation | The VM Clouds service in Windows Azure Pack uses Service Provider Foundation to communicate with VMM. So, before provisioning VM Clouds Guide HOW TO |
Windows Azure Pack | Install and configure Windows Azure Pack | Installation guide: Windows Azure Pack |
Cloud | In the underlying VMM server that is associated with the Service Provider Foundation endpoint, you must have created a cloud and it’s associated components such as VM Templates, Hardware Profiles, VM Networks, Gallery Items | For clouds to work with Windows Azure Pack, you must ensure that the clouds are created with the following considerations:
HOW-TO is described below |
Service Provider Foundation service account | The Service Provider Foundation service account must be added to the administrator user role in the VMM server | See below |
VMM RunAsAccount | To successfully complete all steps in this mini-guide | Create RunAsAccount in VMM and assign Administrator Role |
Register SPF in Windows Azure Pack
- Log in to WAP admin portal (in my case, https://wapportal.domain.com:30091)
2.Click on VM Clouds and then “Register System Center Service Provider Foundation ”
- Type URL for Service Provider and provide required credentials
- Verify status of SPF registration. It should be the same as shown on the pic below
Add SPF Service Account as VMM administrator
- Log in to SPF Server, open IIS and note user identity for SPF Pools
- Open VMM Console and connect to VMM
-
Go to Security –> User Roles –> Administrator and add SPF Service account to this role
or use PowerShell:
$UserRole = Get-SCUserRole -Name "Administrator" Set-SCUserRole -UserRole $UserRole -AddMember Domain\SPFServiceAccount
Create VMM cloud
In this section we create BASIC VMM cloud only for demo purposes.You have to carefully plan/design your cloud components.
- Add hosts to host group (VMs and Services –> right click on host group name –> add hyper-v hosts and clusters“) or PS:
#In my case, host group called as All Hosts and 1 member hv01 $runAsAccount = Get-SCRunAsAccount -Name "Administrator" $hostgroup = Get-SCVMHostGroup -Name "All Hosts" Add-SCVMHost -ComputerName "hv01.domain.com" -VMHostGroup $hostgroup -Credential $runAsAccount
- Add Logical Network (Fabric –Logical Networks – Add Logical Network).
#Create new logical network $LogicalNetwork=New-SCLogicalNetwork -Name VM -LogicalNetworkDefinitionIsolation $false -EnableNetworkVirtualization $true -UseGRE $true -IsPVLAN $false $HostGroup =@() #Get Host Group $HostGroup += Get-SCVMHostGroup -Name "All Hosts" #Add VLAN Subnet ID and IP with netmask $SubnetVLAN = @() $SubnetVLAN += New-SCSubnetVLAN -Subnet "10.10.25.0/24" -VLAN 0 #New Definition for logical network VM New-SCLogicalNetworkDefinition -Name VM -LogicalNetwork $LogicalNetwork -VMHostGroup $HostGroup -SubnetVLAN $SubnetVLAN
- Add Library server if it has not deployed yet (Library –> Library Servers –> Add Library Server)
#Get Library Servers Get-SCLibraryServer
Copy sysprepped vhds to Library (highlight library and click “Import Physical Resource” button) or through PS:
Import-SCLibraryPhysicalResource -SourcePath "path to VHDs" -SharePath "\\libraryFQDN\foldername"
In my demo, I use clean 2012 R2 Std with the latest updates.
- Create new cloud (VMs and Services –> Clouds –> New Cloud). Pictures are clickable (see cloud properties from left to right)
Do not forget: You must not select any of the available capability profiles (ESX Server, Hyper-V, XenServer) while creating the cloud.
If you do so, tenants will not be able to deploy virtual machine roles using the VM Clouds service.
That’s it . Our demo cloud is ready. But it’s not enough.
Now we need to create VM templates.
Create VM Templates
1. Add hardware profiles (Library –> Profiles –> right click –> Create Hardware Profiles). I have one pre-created profile with the following properties:
Create a few profiles for different VM configurations, if it is necessary.
- Go to Virtual Templates – right click and “Create VM Template” , use your sysprepped vhd as a source for VM template
Specify Template Name, Generation ID and choose Hardware Profile (it is not required but let’s do it ).
OS configuration page (my future VMs will be based on 2012 R2 Standard, so you have to verify that the right Operating System is specified):
The next step is VMM registration on WAP portal.
Register VMM in WAP
- Log in to admin management portal (https://wapportal.domain.com:30091)
-
Go to VM Clouds –> Clouds and click on “Use an existing virtual machine cloud…”
- Type VMM server name and Register
- OMG! Look at this…it is my cloud
Create WAP Hosting Plan
- Go to Plans and click on “Create a new hosting plan”
- Devise friendly name for you plan
- We want to provide VM Clouds
- Just click next
5.Our demo plan is created. Verify that status is green.
- Open newly created plan and go to “virtual machine clouds” service
7.Review and change properties (add virtual network, hardware profiles, vm templates) for service
Thanks to gallery items we have options to create workloads (Exchange, Lync,SQL and etc) from gallery (just like in Azure). I will describe it my next posts.
Create new user account for WAP
Finally, we have to create user and map him to our plan with VM clouds service
Go to User Accounts and click on “Create a new user”
Type mail for example, password and choose plan. Click on Create
Our demo user (tenant) is created. Now you can access client management portal using this email address and password.
Create demo VM under tenant account
Open in IE https://wapportalfqdn:30081 and sign-in as tenant, then click on Virtual Machines
Standalone –> Quick Create –> choose template, type Name of VM and admin’s password and click on “Create VM Instance”
Woohooo! As you can see out tenant successfully created testVM and VM is running.
From VMM side (vm creation progress):
User tenants (VMM side):
How to troubleshoot WAP,SPF,VMM
WAP Troubleshooting:
A ton of information you can find here:
https://technet.microsoft.com/en-us/library/dn554311.aspx
My favorite steps:
- SPF Web services are running under the right account (check IIS, link is below)
-
SPF Service account is in Administrator role in VMM (mentioned in this article)
-
VMM Console on SPF server is working without any issues. You can retrieve VMM clouds,profiles and etc.
-
Query https://spffqdn:8090/SC2012R2/VMM/Microsoft.Management.Odata.svc
-
Query https://spffqdn/SC2012R2/VMM/Microsoft.Management.Odata.svc/VirtualMachines
(Turn on feed reading view” should be unchecked in IE)
Additional links:
- The portal cannot load management data for this resource type and account subscription is out of sync
- Step-by-step installation of Service Provider Foundation 2012 R2
- Step-by-step installation of Windows Azure Pack
- Update Rollup 6 for System Center 2012 R2
- Poster: Networking in Virtual Machine Manager
год назад разворачивал это в продакшн. Не считая кривых рук кастомера – все работает до сих пор. Самый затык был с Windows Server Gateway – ему нужен диапазон свободных интернет IP адресов для натирования.
И недавно был затык с WAP-ADFS федерацией после смены сертификатов (год же прошел). Переподключил – заработало
привет. если демо и время позволят, то продвинусь дальше и до adfs и тд. но более интересно gallery items,которые ещё не смотрел.
Great article as usual, I have a question that I cant seem to wrap my head around it which it should be pretty simple. When you are registering your SPF within WAP under vmclouds and you use the following user “democorp\spfadmin” where else is the user being specified? Is it a member of the local administrator group to the SPF server or WAP maybe? Reason why I am asking is when I try to register the SPF it only works with my domain admin account, I cant seem to register with any of the service account that I created for SPF. The only thing that I can think of is during the SPF install for the “Admin web service, Provider web service, web service” configuration page I specified my domain account but I created three different service account for each of the Application pool credentials via service account, maybe I should of added the service account that I am trying to use “svc-spfreg” to each of the configuration page of SPF along with my domain admin account.
Thoughts?
Keep up the excellent articles.
Cheers
Hey, bolous! I’d like to recommend you to purchase my book ( https://www.packtpub.com/virtualization-and-cloud/system-center-2016-virtual-machine-manager-cookbook-third-edition ) where I described everything in details (e.g. chapter 9 includes guided steps for WAP integration). However, if you aren’t ready to purchase the book and support me for some reason, please contact me (via contact page) and I will help you with pleasure.
Direct pm sent.
Thank you
Hello rlevchenko,
So I ended up getting the service account to work with registering the SPF to WAP however I do find something weird and it will be great if you can clear this up for me. In this article you stated that you need to “ADD the SPF Service Account as a VMM administrator” the account you used for this is Domain\SPFService, I understand that part but what I don’t get is in your earlier Article 1: SPF installation, you mentioned “It is recommend to create to create new domain accounts for every SPF services instead of using Network Service Account”. So for Admin web service, Provider web service and Usage web service all have there own service account but than in this article I can see that within your IIS, application Pools the identity of Provide, Usage and VMM is using the same service account maybe this image was reused? Never the less I just want to confirm this new SPF Service Account is it a new account that has been created just to be added to the VMM administrator and if so what its purpose and does this account need to be the service account that the SPF Provider, Usage and VMM is using?
Oh and I will be purchasing your book for sure, keep up the good work.
Is it PM that you sent me?:)
1 account was used just for simplifying deployment in my demo. Best practice – diff.accounts for each SPF service/app.pool, and there are only some of them should be added to the VMM Administrators group. SPF accounts (pools’ identities) must also have local administrator rights on SPF server + belong to the relevant groups created during SPF installation (they are all comes with SPF_ prefix). PM me (https://rlevchenko.com/contact-me/) and I will send you a simple script that prepares SPF’s pool identities for integration with WAP.
Hey,
Thanks for the reply. I PM you at https://rlevchenko.com/contact-me/, I’m pretty sure its going to your junk folder.
Thanks