Modern Application Modeling and Configuration for Infrastructure CloudsA Building Clouds Blog eBook | Enterprise Cloud Group CAT Team

Abstract

For more than two decades, the way to manage applications on enterprise distributed systems has followed consistent patterns, and has proven to be very effective. But new paradigms have emerged and are changing how IT is delivering business value, and how IT interacts with business units and end users: Among these new paradigms are: cloud computing (including multi-tenancy and self-service), DevOps, outsourcing, hosting, and more. These paradigms come with different layers and assignments of responsibilities, that underlying technologies must implement for the end-to-end process to remain efficient, scalable, and flexible. The document goes through these changes, explains how Microsoft solutions are adapting to them, and summarizes our vision for modern application management in Infrastructure as a Service (whether on premises, in the public cloud, or both). Finally, it also provide general transition guidance, as well as some frequent questions and answers.

This paper applies to Windows Server, Microsoft System Center, Microsoft Windows Azure Pack for Windows Server, and Microsoft Azure.

Publication date and document version: February 2015, Version 1.0.

2

© 2015 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples are for illustration only and are fictitious. No real association is intended or inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.

Some information relates to pre-released product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

3

Table of ContentsIntroduction.................................................................................................................................................4

The application lifecycle in traditional IT.....................................................................................................4

What is changing and what are the limits of the current model?................................................................5

Virtualization...........................................................................................................................................5

Do more with less....................................................................................................................................5

The rise and value of a DevOps culture...................................................................................................5

Public clouds, outsourcing, and hosted service providers.......................................................................6

The rise of Cloud Computing, also known as “IT as a Service”.................................................................6

Modern application modeling and configuration for infrastructure clouds, with the Microsoft stack........7

Understanding the benefits of these technologies for application delivery in the cloud........................9

How to prepare today...............................................................................................................................12

If you haven’t done so it yet, learn PowerShell!....................................................................................12

Explore Service Management Automation (SMA).................................................................................12

Embrace Desired State Configuration (DSC)..........................................................................................12

Until ARM arrives for IaaS on premises, use DSC with VM roles (with SMA for automation)................13

Review your existing ITSM process........................................................................................................13

Consider a Platform as a Service (PaaS) approach.................................................................................13

Frequently Asked Questions (FAQ)............................................................................................................14

Is this a one size fits all approach?.........................................................................................................14

Who are the personas and tools involved? What is the required System Center infrastructure?.........15

Compared to the “Compliance Settings” feature, how can I manage DSC at scale?..............................16

Can I integrate DSC with other configuration solutions?.......................................................................16

What is my migration path from VM roles and DSC, to ARM?..............................................................16

Can I use a non-Microsoft automation solution?...................................................................................16

Can I use VMware at the infrastructure layer?......................................................................................16

Can I integrate this stack with my existing ITSM solution?....................................................................17

References.................................................................................................................................................17

4

IntroductionFor more than two decades, the way to manage applications on enterprise distributed systems has followed consistent patterns, and has proven to be very effective. But new paradigms have emerged and are changing how IT is delivering business value, and how IT interacts with business units and end users: Among these new paradigms are: cloud computing (including multi-tenancy and self-service), DevOps, outsourcing, hosting, and more. These new paradigms come with new layers and assignments of responsibilities, which underlying technologies must implement for the end-to-end process to remain efficient, scalable, and flexible. This document will go through these changes, explain how Microsoft solutions are adapting to them, and then summarize our vision for modern application management in Infrastructure as a Service, whether on premises, in the public cloud, or both.

While we’ll introduce the Platform as a Service (PaaS) approach as part of the forces driving changes in the application landscape (and one of the key items we encourage to investigate as an alternative way to manage applications moving forward), most of this document will focus on how applications can be deployed and configured on Infrastructure as a Service (IaaS), both on premises and in the public cloud—understanding that PaaS may be a longer term goal but may not be a possibly yet for your organization.

The application lifecycle in traditional ITIf we look back in time for the last 20 years or so, there has been a very consistent way to manage applications on enterprise distributed systems:

Separate teams would often manage operating systems and applications, servers and desktops. Some or all of these teams would be involved in application packaging, deployment, and maintenance, depending on the architecture of the application (rich client, web based, etc.). So, here, an “application” could be a standalone rich client installed on a desktop, a laptop, or a tablet, or it could be the thin interface connecting with a set of distributed servers, encompassing the OS and applications constructs required for that.

The development team—whether internal or contracted—would be involved in specific milestones like major releases, but would get minimal feedback during the life of the application in production. Feedback would be based on users calling in the helpdesk, or—depending on the depth and maturity of implementation—through monitoring.

The whole process might be more or less structured depending on factors like the size of the organization, regulatory compliance requirements, and ITIL adoption by the organization.

Any change might result in a new deployment, starting the cycle again.

Using solutions such as Microsoft System Center Operations Manager, Microsoft System Center Configuration Manager, and more recently Microsoft System Center 2012 and beyond, many enterprises have been very successful in managing their environments this way.

5

What is changing and what are the limits of the current model?A few industry and global trends have surfaced in the last couple of years, and they are highlighting a need to update the traditional IT application lifecycle for the next stage of IT computing:

VirtualizationFor quite some time, the advent of virtualization did not seem to have much impact on the way applications were managed. This was mainly because the first phase of virtualization focused more on development and test (at the very beginning) and server consolidation/agility (some time ago), and only moved in the last few years into self-service and a fabric for cloud computing (we’ll get back to cloud computing itself later). By focusing initially more on server deployment speed and ease, virtualization did not change much application management, but had the benefit of speeding up the whole delivery and deployment process.

On the downside, virtualization enabled faster sprawl of services, and the increased pace could quickly surface bottlenecks in the traditional IT approach mentioned earlier. Methodologies and features like application discovery, DevOps, and infrastructure as code started to appear, to help smooth the process. Aligned with those trends , Microsoft management tools then started to include deployment options that were more modular (Configuration Manager task sequences), more compliance-driven and less ”fire and forget” (Configuration Manager compliance settings). They also provided more automation options (Orchestrator), and started surfacing the application owner persona (Virtual Machine Manager service templates). However, those incremental enhancements may not represent enough the layered approach required by cloud computing, with separation of duties. In a cloud-based environment where different people may be responsible for a different layer in the application stack, it is critical to decouple the tasks that occur when deploying the base servers and their applications.

Do more with lessThe economy collapsed twice in the last 15 years, in 2000 and 2008. While spending may be recovering in some cases, it is certain that the spending diet that enterprises and service providers have started will not revert easily, if ever. Smaller teams are now handling greater responsibilities, and the number of servers and/or applications managed by operations staff has usually increased. This makes it critical to use tools that can scale (System Center is already recognized for that today), and also to leverage any potential to minimize the effort needed to maintain the infrastructure. “Fire and forget” deployments are often not truly fire-and-forget, as the remaining percentage of failures requires detailed extra work to remedy. This is where a declarative and automated approach can help, to enforce a desired configuration and remediate as needed and where possible.

The rise and value of a DevOps cultureDepending on the application and the organization we are talking about, a disconnect between developers (“Dev”) and operations (“Ops”) may not always be harmful, but there is no denying that having a stronger relationship between Dev and Ops can only help to streamline application management. For example, “fire-and-forget” deployments make it more difficult to track compliance with developers’ requirements, and update those deployments as requirements evolve. In that context, the ability to deploy what is supposed to be deployed, and make sure the deployment is successful and can be updated to newer versions or newer requirements, would be a strong goal for application

6

owners. This leads us to a need for comprehensive, documented, and consistent models for deployment, configuration, and monitoring.

The DevOps approach is not new per se, and has surfaced in Microsoft’s monitoring solutions in the past (Operations Manager’s Application Performance Management feature, and Visual Studio interoperation). This time it’s about expanding DevOps concepts further in the application lifecycle. Thanks to its agility and reliability promises, DevOps is being seen as a competitive differentiator by some enterprises and service providers, and DevOps is also a culture new hires are looking for. Customers are beginning to expect DevOps in application management, just like most customers are now expecting REST APIs and JSON structures as the standard way to interact with cloud-based services.

Public clouds, outsourcing, and hosted service providersThere has been different reasons for organization to leverage a public cloud, an IaaS service provider, or to outsource an IT organization – including cost benefits, burst scenarios, circumventing traditional IT through “Credit Card IT”, etc. Determining if any of these models—and which one—is appropriate for your organization is outside the scope of this document.

Ultimately, however, the end result is that some of the organization’s critical resources may be hosted off premises, but still need to be accessible and manageable (depending on who needs to manage them per the agreed contract). This goes back to a need for models that are not just shared by developers and operations within a single organization, but can also be understood by different cloud providers (private, public, hosted).

The rise of Cloud Computing, also known as “IT as a Service”Cloud computing is likely the most important force driving change in IT since the move to distributed systems. We could even argue that virtualization was just a first step towards cloud computing.

This document will not discuss the motivations, benefits and components of cloud computing. An actual and well-accepted definition – along with essential characteristics, service models, deployment models – can be found on the National Institute of Standards and Technology (NIST) website 1 .

In the context of application management, here are a few key aspects that will impact tools, processes, and people when implementing cloud computing:

Self-ServiceThe visible part of a cloud computing implementation is often the self-service portal, where users are able to provision resources on the shared fabric. Self-provisioning leverages a gallery or catalog of available templates that users have been provided access to. What needs to be deployed by a user/tenant depends on the type of cloud you are offering (IaaS, PaaS, etc.), and each “layer” and section of the lifecycle may need to be handled by different teams or individuals, such as: self-service user, image owner, application owner, patching team, compliance team, monitoring/operations administrators, and so on. Thus, provisioning, configuration and monitoring models need to accommodate this separation of duty. For example, each team and/or tool may be accountable for defining a part of a server’s configuration: operating system, patching level, IT owner, application owner, access rights, maintenance windows, application name and versions, etc. The end result can be seen as a single source of truth for the specified server and application.

1 http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

7

MultitenancySome of the benefits of cloud computing come from the shared compute fabric, with its cost predictability for a chargeback model, and the Service Level Agreement (SLA) that can be guaranteed over a large shared virtualization or database fabric. This means, however, that tenants are likely to host their resources on the same shared infrastructure, and the “provider” may not have credentials and/or network access to those resources, especially if network virtualization is being used. As a result, deployment and configuration processes driven by the service provider cannot assume they have access to tenant resources from the fabric.

Note: Security is also key here and there are many features today and in the next release of Windows Server and System Center in this area, but this is outside of the scope of this document.

Modern application modeling and configuration for infrastructure clouds, with the Microsoft stackTaking into consideration the discussion so far, the technology-agnostic view of an application modeling and configuration stack might consist of the following layers:

Figure 1: The technology-agnostic view

Applying this to the Microsoft stack for Infrastructure as a Service (IaaS), here are the different technologies and solutions in use, both on premises and in the public cloud:

8

Figure 2: The vision with the Microsoft IaaS stack

From the bottom up, this schema includes:

Consistent compute platform with Hyper-V used on premises, with hosters, and in Microsoft Azure. This includes consistency with virtual hard disk (VHD) images. For your on premises installation, Hyper-V is managed by Virtual Machine Manager (VMM). We are not getting into the containerization approach in this paper, but it certainly adds some options to the way compute is being used and delivered.

Consistent declarative models for deployment, configuration, and monitoring:o Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) resource deployment and

provisioning can be defined by the Azure Resource Manager (ARM). As of this writing, ARM is available in preview for some workloads in Microsoft Azure, and will soon be available on premises.

o Initial configuration and updates can be managed through Windows PowerShell Desired State Configuration (DSC), especially for in-guest virtual machines configurations in the context of IaaS scenarios. For example, Microsoft Azure has a DSC extension for virtual machines, and a similar approach is possible on premises.

o Ongoing monitoring and performance/availability assessment through consistent models for monitoring. For example, Visual Studio WebTest queries can be recorded in Visual Studio and monitored by System Center Operations Manager.

Consistent automation through Service Management Automation (SMA), presently available on premises as part of Windows Azure Pack (WAP) and Azure Automation.

Consistent portal and API for cloud computing, with WAP on premises and Microsoft Azure in the public cloud.

System Center and cloud-enabled services providing all-up management, security, and business continuity capabilities. Here are a few examples:

o Azure Operational Insights 2 , providing capacity planning, logs collection and analysis, and intrusion detection.

2 https://preview.opinsights.azure.com/

9

o Azure Site Recovery 3 , providing cloud-orchestrated disaster recovery and failover for on premise replicated resources.

For overview and deeper dive links on these technologies, you can refer to the References section at the end of this document

There are some common denominators for the different items in this stack:

Windows PowerShell is a key foundation for controlling and running these components. For example, DSC builds upon PowerShell 4.0 and higher, and SMA and Azure Automation are built upon PowerShell Workflows. And WAP/Azure provide a comprehensive set of PowerShell cmdlets for administrative purposes, as most of the Microsoft ecosystem does today.

Consistency across clouds is also key, as we want to ensure that we provide a single pane of glass for activities across the three types of datacenters: private, hosted, public. With this vision, this is especially true for the portal, APIs, automation, models, and the foundation, via the different solutions mentioned earlier (including WAP, DSC, SMA/Azure Automation, and Hyper-V). System Center also provides a single pane of glass for management, this time leveraging the cloud where it makes the most sense, in areas such as business intelligence, geographic coverage, and off-premises business continuity orchestration.

Multitenancy capabilities as the different layers need to account for multiple tenants on a shared infrastructure, and also a potential different separation of duty depending on the model (IaaS, PaaS, etc.). For example, an automation Runbook cannot assume that it can access all tenant VMs, because security and network virtualization constraints can prevent access to some or all of the VMs.

Industry-aligned and interoperable. JSON format and REST APIs are at the core of the different layers, as is interoperability through automation and open interfaces (like managing DSC via Chef) are possible. As often, it is a fine line with tradeoffs: We’re trying to ensure our customers get the most options for interoperability when needed, yet there are indeed benefits for the out of the box integration provided by all these components working together.

Note : On a more general basis, the ability to cherry pick some of these items and mix them with existing tools and processes is covered in the FAQ later in this document (“Is this a one size fits all approach?”), but first we wanted to highlight what the fully realized vision would look like.

Understanding the benefits of these technologies for application delivery in the cloudProvisioning modelsTemplates are providing ways to model virtual machine deployments in a reusable and parameterized manner. Service Templates and Virtual Machine Templates are part of System Center 2012 onward. VM Roles were introduced as part of Windows Azure Pack (WAP), and Azure Resource Manager (ARM) is the new model progressively coming to Azure and on premises clouds. (Again, note that ARM is not fully available yet—some of it is already available in preview and surfaced in the Azure preview portal).

The following diagram shows some of the benefits added by VM Roles and ARM over Service Templates:

3 http://blogs.technet.com/b/systemcenter/archive/2014/07/01/microsoft-azure-site-recovery-your-dr-site-in-microsoft-azure.aspx

10

Configuration modelsCompliance Settings in System Center was a first entry in the configuration management space with System Center, and provides centralized reporting integrated in a scalable enterprise solution. While DSC was recently released, it provides a strong foundation for a conformance platform, and provides more extensibility than Compliance Settings because it builds upon PowerShell. The number of DSC providers is growing fast, and it is also possible to create your own provider for any of the PowerShell modules and cmdlets available in the Microsoft ecosystem.

Some of the benefits of DSC include:

Built into the Windows platform since Windows Server 2012 (and as part of Windows Management Framework 4.0 and higher for Windows Server 2008 R2 and higher)

Leverages widespread existing skills (PowerShell) Idempotent, declarative approach aligned with the industry trends (for example, Chef4 and

Puppet5), with inherent dependency mapping and control Full enforcement and self-healing capability – not just reporting or selective remediation Also available for non-Windows platforms (Linux provider)

Ultimately, DSC helps you make sure applications get deployed and remain deployed, and remain updateable, thanks to a potential ongoing configuration with a pull server (or other means to copy configurations). Its open and industry-aligned approach also enables easier interoperation with other tools, for DevOps scenarios for example, like the capabilities 6 introduced in Release Management for Visual Studio 2013 with Update 3 7 .

For those of you who are familiar with the Compliance Settings feature in the Configuration Manager component of System Center, there is a topic in the FAQ section below, about how Compliance Settings and DSC compare when it comes to management.

4 Chef Software, Inc.5 Puppet Labs6 http://blogs.msdn.com/b/visualstudioalm/archive/2014/05/22/release-management-for-microsoft-visual-studio-2013-with-update-3-ctp1-is-live.aspx7 http://www.microsoft.com/en-us/download/details.aspx?id=43732

11

AutomationService Management Automation (SMA) was first introduced as part of System Center 2012 R2, on the Orchestrator media. Here are some of the technical benefits of SMA vs Orchestrator:

Built on top of PowerShell Workflows (leverages widespread existing skills on PowerShell) Alignment with Azure Automation 64-bit and PowerShell 3+ support Easier runbooks authoring through Checkpoint/Restart inside Runbooks, or the ability to set

variables Runbook Servers architecture PowerShell web service and cmdlets for SMA itself—SMA has the ability to automate itself And more specific items, for those of you who have used Orchestrator: Spell checker in description

fields, ability to export selected variables using the SMART tool, and draft and publish capabilities

The value of Orchestrator has often been its ease of use, and we are investing in bringing the best capabilities of Orchestrator (for example, Visual Authoring) and that of SMA (for example, the PS Workflow engine) into a unified capability that meets the needs of fabric and service administrators alike.

Portals and APIOur portals approach had to evolve as the industry and our customer needs evolved, and Microsoft’s investments are now in Windows Azure Pack as the consistent portal and API experience for private cloud.

Here is a comparison of the features in App Controller and Windows Azure Pack:

App Controller Windows Azure PackPortal to manage private cloud resources

Yes, for IaaS only. User experience different than Azure

Yes, same portal. For IaaS, Web Sites, SQL Server, Service Bus, Automation

API to manage private cloud resources

No Yes, shared APIs with Azure are the direction

Hybrid cloud - Simultaneous management of both on premise and Azure resources

Yes, for PaaS only Not in current release of WAP. 3rd party plugins do exist in the meantime.

Integration with ITSM solutions No Yes – Via a 3rd party plugin for Service Manager (e.g., GridPro 8 ); Via WAP APIs for other ITSM solutions9.

Table 1: App Controller and WAP comparison

How to prepare todayUnderstanding the evolution of the solutions outlined in the previous sections, we will now focus on explaining what steps could be taken today, to ease the transition into those technologies, skills and sometimes processes as well.

8 http://www.gridprosoftware.com/en/products/requestmanagement9 Also see “Review your existing ITSM process” in the “How to prepare today” section.

12

If you haven’t done so it yet, learn PowerShell!PowerShell is the foundation for many of these technologies. Learn it and it will help with the ramp up with technologies like DSC and SMA.

Explore Service Management Automation (SMA)SMA will be key for many automation scenarios, especially in a first phase where the current provisioning model may still use VM roles and need to be orchestrated for more complex multi-machines and multi-layered approaches (see below). Ramping up on Azure Automation is an effective alternative, since both SMA and Azure Automation are designed to be consistent. It is actually even possible to use Azure Automation to orchestrate on premises workflows, making use of Azure virtual private networking and ExpressRoute capabilities to bridge public and hybrid networks.

If you have already invested in System Center Orchestrator, this solution remains supported, but we would encourage you to leverage as many PowerShell activities as possible inside Orchestrator runbooks, to ease migration to SMA when applicable, and to benefit from the consistency with Azure Automation when needed.

Embrace Desired State Configuration (DSC)In a multitenant environment were automation may not be able to reach all tenant resources, DSC is the preferred in-guest application configuration mechanism in the Microsoft stack. DSC provides a consistent way to self-contain configurations in models that are consistent across on premises and public clouds.

Until ARM arrives for IaaS on premises, use DSC with VM roles (with SMA for automation)With Azure Resource Model (ARM) being delivered first in the public cloud, you can get to know the model through Microsoft Azure, and interim on premises production deployments can leverage the existing deployment and provisioning models (VM roles) with DSC as the in-guest application configuration mechanism. A side benefit of this approach is that the DSC work should easily be portable to a new model. SMA can then also be used for automation outside of the VM role, when needed.

To help you get started with VM roles and DSC, we published a set of sample templates10 for Microsoft workloads. These fully working samples leverage SMA for automation outside of VMRole, and DSC for configuration and/or deployment within the VMRole. These are provided in the context of the Cloud Platform System (CPS), but can be used outside of CPS.

As an alternative, you could also continue using VMM templates and service templates until ARM arrives or if

10 http://blogs.technet.com/b/privatecloud/archive/2015/02/05/self-service-deployment-of-microsoft-workloads-on-cloud-platform-system-and-other-systems-with-windows-azure-pack-part-1.aspx

13

VM and Process Automation: SMA

VM Delivery: VMRoles

VM Application Delivery & Configurati

on: PowerShell

DSC

you haven’t adopted WAP yet. However, by doing so you postpone some of the work possible today (DSC) and miss getting an early start on the declarative model approach (VM roles are already JSON based today). Also understand that this is not a “one size fits all” approach, as discussed in the corresponding topic in the FAQ section.

Review your existing ITSM processIT Service Management (ITSM) and cloud computing can work well together, but they initially start with a different premise: Information Technology Infrastructure Library (ITIL) looks at implementing tight controls and approvals (for best practices, regulations, etc.), while cloud computing tries to promote self-service, agility, environment sandboxes, etc. In large enterprises with mature ITIL processes, a compromise may have to be found between ITIL’s and cloud computing’s processes and functionalities. The goal being to ensure that approval/control processes required by ITIL do not offset the agility and economics of a cloud-based approach, and that a cloud implementation matches any required regulatory compliance. For actual technical integration, you can also look at the question named “Can I integrate this stack with my existing ITSM solution?” in the FAQ section of this document.

Consider a Platform as a Service (PaaS) approachCloud computing also saw the emergence of PaaS, where application owners and developers do not have to worry about deploying and managing the underlying operating system. A great example of this are Microsoft Azure PaaS services, and WAP offers several of these consistent services on premises, such as Web Sites, Databases, and Service Bus.

PaaS may require more changes in your processes and the way operations work with developers, and it may not yet be a good fit today based on your requirements. Nonetheless, it is important to have a look at it, as many of the concepts of this document are simplified in a PaaS approach, where artifacts are deployed and configured without having to orchestrate them in the context of a new operating system deployment.

Frequently Asked Questions (FAQ)This section presents some common questions and answers about the application modeling process, and the Microsoft hybrid cloud stack.

Is this a one size fits all approach?Definitely not! The stack illustrated earlier mentions the potential layers, but where each of them start and stop, and whether you would need all them, depends on many factors relative to your organization and requirements. Here are a few examples, in no particular order:

ARM is capable of executing custom script extensions for in-guest configurations, meaning that you could rely solely on ARM for both provisioning and configuration, without leveraging DSC. Using DSC opens the door for separation of duties, ongoing maintenance, cloud consistent scripting, etc. But maybe you will not require these or they may not always apply to your multi-tenancy requirements. The line between provisioning and configuration is different for many organizations and many personas.

Your existing tools and processes may prevail: Instead of using DSC for in-guest configuration, you might want to call Chef or Puppet scripts, or call System Center Configuration Manager packages.

14

Some tradeoffs may be implemented for consistency: Some customers have been using PXE boot even in virtual machines, to deploy both VMs and physical machines in the same way. This is a way to provide consistency. That said, a similar consistency can be achieved by sending a VHD image instead of a Windows Imaging Format (WIM) image through PXE. In this document, the “consistency” we’re trying to achieve is one with public and hosted clouds, to streamline future migrations and operations.

The same goes for portals. In the stack presented earlier in this document, WAP is presented as the self-service portal for on premises workloads, but this mainly applies for business and IT professionals provisioning and working with tenant resources.

As a developer, you might want to leverage Microsoft Visual Studio release management capabilities to directly provision into the private cloud or public cloud stack, leveraging the same DSC extensions you would have been using through the WAP portal. You might also actually get automatic work item creation in Team Foundation Server (TFS) from Operations Manager, without having to launch WAP or the Operations Manager console.

Likewise, as an operator, you might be looking at the Operations Manager or Advisor console to review the monitoring status of the application.

Actually, when it comes to the administrator and tenant portals, some customers—especially in the service provider space—also like to create their own portal, built upon the Service Management APIs from WAP.

In general, each layer should consider its underlying layer(s) as its “platform”, letting each handle what it is best designed for. For example:

Yes, VMM can patch host servers, but Hyper-V Cluster Aware Updating does it for its clusters too. It is often easier and more self-contained to automate the deployment of an ARM model creating

an entire three VM service, rather than having a Runbook deploy each of the three VMs, followed by application deployment, post-deployment steps, etc. Similarly, when automating application deployment in a traditional datacenter, it was easier to “drop” the server in a Configuration Manager collection, vs. copying the application files and then installing them via Orchestrator.

Overall, there are many “ifs” in this section, but that is often also the reality of complex IT environments. A key takeaway is that the layered approach presented in this document can accommodate different integration points, often leveraging tools and processes you may already have in place.

Who are the personas and tools involved? What is the required System Center infrastructure?In a cloud world (the forward-looking case depicted in this document), the personas and their roles will be like this:

IT Infrastructure administrators will likely manage all aspects of the fabric (provisioning/deployment, configuration, monitoring/tracking, patching), and the automation across the full stack, using tools such as System Center (Virtual Machine Manager, Operations Manager, Service Management Automation). Additional components such as Data Protection Manager can also provide added value services in an “IT as a Service” approach, in addition to “base services” like providing a gallery of guest OS images.

15

Application developers will not only build the application using Visual Studio, but will also include the declarative models to provision, maintain, and monitor application deployments (as well as prerequisites). This can take the form of DSC constructs and Operations Manager management packs.

Tenants (application owners, business users, etc.) will then use the artifacts provided by the IT infrastructure and developer teams to compose applications servers on top of the available capacity (infrastructure).

From a System Center infrastructure perspective:

At the minimum, System Center will be used to inventory, deploy, monitor, backup and update the fabric layers of the private cloud (virtualization hosts, SQL Server hosts, Web Sites hosts, Automation and WAP infrastructure).

And then, depending on how you implement IaaS, PaaS, etc., you may also use System Center for tenant workloads, just like you may be doing it today. But this is not just a technical answer: Maybe you will not have access to tenant resources, or a tenant might want to use their own solution. We cannot assume we will have full access (network and security) to tenant VMs, like we might have had in a single enterprise.

Compared to the “Compliance Settings” feature, how can I manage DSC at scale?While Compliance Settings offer a native integration within the Configuration Manager reporting framework, the platform benefits mentioned for DSC in the section “Understanding the benefits of thesetechnologies for application delivery in the cloud” still apply, with the ability to integrate into a larger management framework such as Chef or GuardRail11.

We also provide samples and artifacts on how to surface the health of DSC nodes in a distributed and managed environment, leveraging the DSC conformance endpoint feature, and System Center Operations Manager.

Can I integrate DSC with other configuration solutions?Yes, if you use a configuration management solution such as Chef or Puppet, you may also want to integrate DSC with it, as an operating system platform feature rolling up into your existing management framework. For example, here are some details on Chef and DSC integration.

Aditi and GuardRail also layer on top of PowerShell DSC. For example, here are details on GuardRail and DSC integration 12 .

Also, DSC comes with a “conformance endpoint” to retrieve some first information on the health of DSC nodes. Integration opportunities are largely defined by your requirements.

11 ScriptRock, Inc.12 http://www.scriptrock.com/blog/powershell-dsc-with-guardrail

16

What is my migration path from VM roles and DSC, to ARM?The model structure from VM roles to ARM changes, and so the VM roles will need to be updated. That being said, in a layered approach, once you have a first ARM template working, adapting it to another “workload” should be quite easy since the DSC calls would remain the same. They would just be called from an ARM template instead of a VM role template.

Can I use a non-Microsoft automation solution?Yes, but you would miss some native hooks, into Windows Azure Pack for example. Also, remember these technologies share a common DNA through the generalized use of PowerShell, so any automation solution using another engine would need to implement different calls to the PowerShell-based interfaces. Finally, the use of SMA enables consistency with Azure Automation, should you want to move some of these concepts and runbooks to the public cloud later on.

Can I use VMware at the infrastructure layer?The benefits of a converged stack rely greatly on the tight integration of the components together. Leveraging a stack based on products all coming from Microsoft (Hyper-V + System Center + Windows Azure Pack) is an example of this, and also aligns with the technologies used in Microsoft Azure. Consistency between clouds is a key part of this approach, as explained earlier. For this reason, Windows Azure Pack currently supports Hyper-V as the virtualization platform for IaaS services.

Note that this does not prevent you from calling non-Microsoft PowerShell cmdlets in SMA, for example PowerCLI13 cmdlets against a VMware infrastructure. Also, WAP comes with an extensible and customizable platform that 3rd party partners can extend. For example, ServiceMesh 14 provides an extension into multiple non-Microsoft clouds, and Cloud Assert 15 provides a “custom resource provider” dedicated to VMware support.

Can I integrate this stack with my existing ITSM solution?This is something we get asked a lot, especially in the enterprise space where there is often an IT Service Management (ITSM) “service catalog” already used to manage requests and approvals.

First, it is important to review how deep the integration should be, and if processes should be fine-tuned for a better together approach between cloud computing and ITIL. Some of this was covered in the “Review your existing ITSM process” paragraph of the “How to prepare today” section.

To further help frame this discussion, the last part of this blog post 16 , looks at a fictitious example, where approvals would happen at the plan level, leveraging the WAP APIs. A similar approach could be used for other usages of WAP, not just “Database as a Service” (the scope of the blog post).

13 VMware, Inc.14 http://www.servicemesh.com/15 https://www.cloudassert.com/Solutions/V-Connect16 http://blogs.technet.com/b/privatecloud/archive/2014/03/21/automation-the-new-world-of-tenant-provisioning-with-windows-azure-pack-part-5-working-with-the-sql-server-resource-provider-and-the-itil-dilemma.aspx

17

ReferencesThis section provides links for additional information about topics discussed in this paper.

Windows Azure Pack (WAP)

WAP main page (http://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack/default.aspx)

Collection of blog posts (http://blogs.technet.com/b/privatecloud/archive/2013/12/20/building-

clouds-windows-azure-pack-blog-post-overview.aspx) on WAP Collection of resources gathered by the community

(http://social.technet.microsoft.com/wiki/contents/articles/20689.windows-azure-pack-wapack-and-related-blogs-videos-and-technet-articles.aspx)

Service Management Automation (SMA) and Azure Automation

Introduction to SMA: Introduction series (http://aka.ms/IntroToSMA) on the Building Clouds

blog Introduction to SMA: This blog post

(http://blogs.technet.com/b/in_the_cloud/archive/2013/08/01/what-s-new-in-2012-r2-service-provider-amp-tenant-iaas-experience.aspx) also covers an overview of SMA.

Introduction to Azure Automation (http://azure.microsoft.com/en-us/services/automation/)

System Center

System Center 2012 R2 main page (http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2/default.aspx)

The five key capabilities (http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2/default.aspx):

o Infrastructure provisioning (http://download.microsoft.com/download/0/A/F/0AF49C78-A6E5-432E-9F01-520D3705E281/System_Center_2012_R2_Infrastructure_Provisioning_Datasheet.pdf)

o Infrastructure monitoring (http://download.microsoft.com/download/F/A/A/FAAFCDF7-E556-48B0-9415-F10DAD835F21/System_Center_2012_R2_Infrastructure_Monitoring_Datasheet.pdf)

o Automation and self-service (http://download.microsoft.com/download/5/A/4/5A45C60B-BB71-49F3-BA29-0987685BB20C/System_Center_2012_R2_Automation_and_Self-Service_Datasheet.pdf)

o Application performance monitoring (http://download.microsoft.com/download/5/8/1/581DE780-2B8D-4136-A9E3-4B6686FFA405/System_Center_2012_R2_Application_Performance_Monitoring_Datasheet.pdf)

o IT service management (http://download.microsoft.com/download/5/8/1/581DE780-2B8D-4136-A9E3-4B6686FFA405/System_Center_2012_R2_Application_Performance_Monitoring_Datasheet.pdf)

Desired State Configuration (DSC)

18

Collection or resources (http://blogs.technet.com/b/privatecloud/archive/2014/04/25/desired-

state-configuration-blog-series-part-1-learning-about-dsc.aspx) on DSC, and blog post series Another blog post series from the community (http://jacobbenson.com/?p=263). There are also some interesting posts on Powershell.org (http://powershell.org/wp/dsc-hub/),

including this “DSC eBook” (http://powershell.org/wp/ebooks/).

Azure Resource Manager (ARM)

Azure Resource Manager overview (http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DEV-B224#fbid=)

Using Resource groups to manage your Azure resources (http://azure.microsoft.com/en-us/documentation/articles/azure-preview-portal-using-resource-groups/)

Using Windows PowerShell with Resource Manager (http://azure.microsoft.com/en-us/documentation/articles/powershell-azure-resource-manager/)

Document Revision HistoryDate Published Version CommentsFebruary 2015 1.0 First published version.

19