Let me introduce you to a new guest blogger, Tom Klaver, who is also a colleague at INOVATIV. Tom joined me as a member of an IaaS deployment team using Windows Azure Pack in an enterprise VMware environment. During the project we found out many interesting details about Windows Azure Pack, SMA, SPF and vCenter/VMM integration, so expect a couple of blogs from his hand dealing with these subjects. Please enjoy Tom’s blog!
During the last few weeks I have been working on a large IaaS project, involving Microsoft Windows Azure Pack (#WAPack) and the complete System Center 2012 R2 suite for a large bank and insurance company in the Netherlands. During this project I was able to learn a lot from the master and my colleague Hans Vredevoort about the Microsoft Windows Azure Pack. If you want to know more about the Windows Azure Pack check out this great TechNet Wiki Page.
At the start of the project our team had decided to use the PowerShell Deployment Toolkit (PDT) developed by Rob Willis to automatically install the complete System Center 2012 R2 suite including Service Provider Foundation (SPF), Service Management Automation (SMA) and the Windows Azure Pack (WAPack). We also implemented Active Directory Federation Services (ADFS) for Single Sign On of the Windows Azure Pack Tenant and Admin Portals. The PDT installation took about 2½ hours to finish and proved to be a great timesaver. At the end we had a complete IaaS environment including all the integrations between the solutions. Even though we had to do some post-configuration for several of the components, we saved ourselves a lot of time!
Last week I had the opportunity to take a look at Service Management Automation (SMA). Our scenario was that we needed to start an Orchestrator Runbook when a Tenant user decommissioned (deleted) a Virtual Machine in the Windows Azure Pack Tenant Portal.
The goal was that the Orchestrator Runbook should handle all administrative processes for decommissioning the Virtual Machine (i.e. updating the CMDB). I was already aware of the fact that we could link an SMA Runbook to an Action in the WAP portal. In this case VMM Virtual Machine object with the “Delete” Action in the WAP tenant portal was required. An important gotcha is to forget tagging the SMA runbook because it will be unavailable during the mapping process.
I also knew that it was possible to invoke an Orchestrator Runbook from a SMA Runbook thanks to the two blogs of Tiander Turpijn. But when I deleted a Virtual Machine from the WAP Tenant Portal the SMA Runbook was not executed.
With some help of Tiander, I was able to solve the issue. At the end I had to fix two things:
Because we used PDT with the basis settings for SPF and SMA in the variable.xml, both were installed with a Self-Signed Certificate (you can adjust PDT to use your own certificates). Because of this I had to establish a trust between SMA and SPF using the SMA Self-Signed Certificate. If I had used our own Certificate Authority to assign a Web Server certificate to SMA and SPF this step wouldn’t be necessary. I manually exported the Self-Signed Certificate of SMA including the Private Key and imported it on the SPF server in the folder “Trusted Root Certification Authorities” using the Certificate MMC Snap-in. I also found this KB article to fix this issue.
Secondly I needed to add the SPF Account that is used with the IIS Application Pool to the local group “smaAdminGroup” on the SMA server. Unfortunately this crucial piece of information is not documented by Microsoft and is not executed by the PDT installation either. In the next release of PDT this will be fixed confirmed by Rob Willis (see comments)
After I fixed both things I was able to invoke an Orchestrator Runbook using an SMA Runbook when a Virtual Machine was deleted from the Windows Azure Pack Tenant portal.