Planning and Deploying Service Provider Foundation

System Center Service Provider Foundation 2012 R2 is part of the System Center suite, available in System Center 2012 R2 Orchestrator installation media. SPF add multi-tenancy capabilities to System Center products such as SCVMM, SMA and more. SPF exposes an extensible OData Web Service that interacts with Virtual Machine Manager.

Service providers and organization can design and develop their own cloud portals, and take advantage of SPF for utilizing IaaS capabilities of SCVMM. Windows Azure Pack uses SPF to integrate with SCVMM for provisioning and managing cloud IaaS resources such as virtual machines, virtual networks and so on.

SPF architecture and deployment options

SPF is a collection of four web services as follows:

• SPF Admin Web Service: Admin Web Service is responsible for creating and managing tenants, roles, stamps (SCVMM) and more. It can be accessed on https://SPFSERVER:8090/SC2012R2/Admin/Microsoft.Management.Odata.svc. User running SPF Admin Web Service application pool must be a member of local administrator and SPF_Admin local group on SPF server.
• SPF VMM Web Service: VMM Web Service is responsible for getting operations performed by Virtual Machine Manager such as creating virtual machines, networks, user roles and more. This service is also responsible to maintain and replicating change performed at components such as WAP and SCVMM. It can be accessed on
• https://SPFSERVER:8090/SC2012R2/VMM/Microsoft.Management.Odata.svc. The user running SPF Admin Web Service application pool must be a member of the local administrator, SPF_VMM local group and VMM administrators on SPF and VMM server respectively.
• SPF Usage Service: Usage Web Service integrates with System Center Operations Manager Data warehouse and is used by WAP or third party billing providers for gathering resources usage data. A user account running Usage Service must be a part of the local administrator and SPF_Usage group on the SPF server along with access on the SC Operations Manager data warehouse database.
• SPF Provider Service: Provider Web Service is used by resource providers for delivering IaaS services. Provider services provide Microsoft ASP.NET Web API and not OData as in the case of other web services. Provider Service also uses the VMM and admin service. Users running the SPF Provider Web Service application pool must be a member of local administrator and SPF_Provider, SPF_VMM, and SPF_Admin local groups on the SPF Server.

System Center Service Provider Foundation can be deployed in two ways:

• Standalone Single Server deployment: In case of standalone deployment, only one server will be deployed in a solution with no redundancy. This is not recommended for production and is used for test and evaluation purposes only. All web services are always installed on the same server.
• Highly available scaled deployment: SPF support highly available deployment with the use of load balancers. Hardware LBs or Microsoft NLB can be used for providing load balancing between multiple SPF servers. Multiple SPF servers can be deployed behind a load balancer pointing to a highly available database for providing HA capabilities to SPF deployment at each layer. This is the recommended deployment model for a production scenario.

Installing Service Provider Foundation 2012 R2

Like every other system center or Microsoft product, SPF also has a set of prerequisites which need to be met before starting installation. SPF installation binaries are included in System Center 2012 R2 Orchestrator media.

Installation prerequisites

The following are the installation prerequisites.

Create SPF service accounts as follows (Active Directory Accounts):

Separate service accounts can also be created for admin, provider, usage and VMM application pool if required.

Software prerequisites

The following software needs to be installed before starting Service Provider Foundation installation:

Windows features:

• Management OData Internet Information Services (IIS) extension
• NET Framework 4.5 features, WCF Services, and HTTP activation
• For Web Server (IIS) server install the following components of IIS:
  • Basic authentication
  • Windows authentication
  • Application deployment ASP.NET 4.5
  • Application development ISAPI extensions
  • Application deployment ISAPI filters
  • IIS Management scripts and Tools Role Service
• Web Services:
  • WCF data services 5.0 for OData V3
  • ASP.NET MVC 4
• Virtual Machine Manager 2012 R2 Console
• Certificates SPF creates self-signed certificate, CA provided SSL certificates should be created for production deployments

Note

The local account is used by Windows Azure Pack for registering SPF.

Installation procedure

The following is the installation procedure:

1. Login to SPF server and mount System Center Orchestrator media.
2. Run SetupOrchestrator.exe from the mounted media.
3. Click Service Provider Foundation under the Standalone installation section.
4. This will launch the SPF Installation wizard, click Install to proceed further.
5. Accept the agreement and proceed.
6. Setup will check for prerequisite check, proceed if all checks are completed successfully. Review errors in case of any failure.
7. Provide database Server IP and Port number along with Database name.
   
8. Provide the installation folder for SPF files and a port number. (By default C:\intepub and 8090). Select Generate self signed certificate or provide pre-created SSL for SPF.
9. SPF automatically creates local groups on the SPF server for administrative permissions, provide SPF Admin service account and admin account, SCVMM-Admins group and SPF local account.
10. Provide service account details for each service that is, admin web, VMM, usage and provider.
    
11. Review the installation configuration and summary and proceed further for installation.
12. Close the wizard on successful installation.

Post-installation tasks

The following are the post installation tasks:

1. Verify successful installation and application pools status in IIS.
   
2. Verify local groups created in the SPF server, add spflocal user in all groups.
   
3. Enable Basic Authentication for the SPF website, this is a requirement for WAP integration.