クラウドリソースの管理には、ハードウェア・ソフトウェアコンポーネントの展開、構成、監視、継続的な保守が含まれています。これらのコンポーネントはクラウドのインフラストラクチャーを支えているインフラ管理プラットフォーム、仮想化ホストや仮想インスタンス、そしてこれらに付随するストレージ、ネットワーク、ファシリティを構成しています。これらのコンポーネントを管理するためのツールはハードウェア製造元やクラウドコンピューティングプラットフォームのプロバイダーから提供されています。

Microsoftプライベートクラウド プラットフォームはMicrosoft Windows Server 2012とMicrosoft System Center 2012で構成されています。これらの製品は、クラウドのファブリック管理インフラおよびインフラ上で稼働しているサービスを構成しているクラウドリソースを構築、監視、保守するために必要なツールを提供しています。これらのツールはクラウドインフラの管理にとって理想的なものであるが、サービスプロバイダーや大規模IT組織においては、インフラ管理を既存のセルフサービスポータルと統合したり、マルチテナントをサポートしたり、地理的に離れた複数データセンターにに展開されたインスタンス群にワークロードを分配したりなど、追加の能力が求められている。

System Center Service Provider FoundationはSystem Center 2012―Orchestratorと一緒に提供されており、組織は上記の追加の管理能力を得たりや自組織のクラウドプラットフォームで提供されているサービスの拡張をすることが可能になります。

イントロダクション

ITアーキテクトやIT実装者はエンタープライズのビジネス要件を満たすようにプライベートクラウドインフラを設計、構築しますが、その機能要件の幾つかはサービスプロバイダーのビジネス要件と共通です。その一つの機能領域が、ユーザーへのセルフサービスIT機能の提供です。セルフサービスはベンダーやクラウド展開モデルに依らず任意のクラウドコンピューティングプラットフォームの重要な特徴です。ITプロフェッショナルからビジネスエンドユーザーまで、ITリソースのユーザーは、ある一定レベルのセルフサービスを使うことで自身のITリソース要求を満たすと期待する、もしくは期待するようになる。

このレベルのセルフサービスは、組織が仮想化、高度な仮想化環境から、高度な自動化と成熟したサービスデリバリをサポートするプライベートクラウド、ハイブリッドクラウドのインフラへ発展するに従ってより高度化、複雑化してきた。セルフサービスのユーザーは、展開されるソリューションをサポートする Infrastructure as a Service (IaaS) やPlatform as a Service (PaaS)レイヤーを含む完全なソリューションを立ち上げる能力を求めている。

各々のセルフサービスソリューションは完全であること、すなわちリソースのプロビジョニング以上のことを期待されている。ユーザーはサービスの健全性やサービスに関連したリソース消費、コストを監視できなければならない。サービスはセルフサービスユーザーもしくはテナントのアカウントで決められた制限内で利用要求に動的に反応しなければならない。 プライベートクラウド リファレンス アーキテクチャ(英語)は任意のデバイスでどこからでも管理できるセルフサービスを含むエンド・ツー・エンドのソリューションを実現するリファレンスアーキテクチャをデザインする土台となるリファレンスモデル(英語) を含んでいる。

プライベートクラウドのデプロイメント内でセルフサービスユーザーは自身が払う意志のある物の制限だけを受けてリソースを自由に配置、プロビジョニングできることを期待している。無限のキャパシティという認識(英語)の原理がユーザーにまさにそれを確信させる。In reality private cloud resources are limited by the available infrastructure that has been planned using the organizations Capacity Management and Demand Management processes. Additionally for business reasons the IT organization may determine that certain workloads or even complete services are suitable to provision using resources obtained outside the organization. To meet the self-service users窶? perception of infinite capacity and accommodate business requirements that allow the use of resources outside of the organization the IT professional must plan to augment their own infrastructure capability with resources obtained from a cloud service provider.

IT organizations and Service Provider Organizations generally provide self-service through an online web based management portal or command line console interface. These management consoles often must interact with proprietary management interfaces potentially from multiple platform vendors to provide the level of self-service expected by end users.

Service Provider Foundation enables IT organizations and service providers to manage cloud resources on the Microsoft Cloud Platform using industry standard management interfaces from supported devices anywhere. Initially System Center Service Provider Foundation supports Infrastructure as Service on Microsoft Windows Server 2012 and Microsoft System Center 2012 SP1.

Service Provider Foundationとは何か?

Service Provider FoundationはMicrosoft System Center 2012 - Orchestrator (Microsoft System Center 2012 Service Pack 1 (SP1)の製品の一つ)と共に提供されています。Service Provider FoundationはSystem Center製品群と連携するRepresentational State Transfer (REST) Webサービスの上に拡張性のあるOpen Data Protocol (OData) APIを公開します。This enables service providers and large enterprise organizations to design and implement multi-tenant self-service portals that integrate IaaS capabilities available through Microsoft System Center 2012 SP1.

This release of Service Provider Foundation provides a programmatic web based management interface to a rich set of Microsoft System Center Virtual Machine Manager (VMM) scenarios that are presented later in this article. This interface allows self-service portals to perform many VMM management operations in a RESTful manner commonly used by implementers of web services.

Service Provider Foundation introduces several new capabilities that include multi-tenancy, security and identity independent of Active Directory, and the concept of a 窶徭tamp窶? More information about these is provided later in the article and through links to other resources.

The Service Provider Foundation is installed as part of Microsoft System Center Orchestrator 2012. Information on the installation and deployment of System Center Service Provider Foundation can be found using this link and also through the link found in the resources section of this article.

The following graphic shows Service Provider Foundation in the context of Microsoft System Center 2012.


図1: Microsoft System Center 2012の中でのSystem Center Service Provider Foundationの位置づけ

プライベートクラウドリファレンスアーキテクチャとの関連

The Private Cloud Reference Architecture defines many key principles, concepts and patterns that must be considered when designing a private cloud infrastructure for an organization. Many of these key considerations are aided by including the Service Provider Foundation in the design of a private cloud. Service Provider Foundation, as the name implies, is primarily intended for cloud service provider organizations to enable them to build self-service portals and expose management interfaces that may be used by their customers. However large enterprise organizations share many of the same needs and concerns as cloud service providers.

Consider that a large enterprise is comprised of several business entities or groups, that is they are actually tenants that require services of the IT organization. The internal IT organization is the provider of those services to the business groups. In the enterprise we have the consumer / service provider relationship that's similar to engaging with external service providers for IT resources.

That introduces the private cloud principle of Take a Service Providers Approach to providing IT in large enterprise organizations. A cloud service is a shared service offering select well defined capabilities to self-service consumers. These services include the actual capability, the capacity to grow and ability to collapse as appropriate, perform as expected, and provide continuous availability. These key expected principles require the service provider to enable self-service to respond to demands of consumers and programmatic management interfaces to enable fabric management automation to respond to changes in the demand or health of services running on the infrastructure.

Microsoft Windows Server 2012 and Microsoft System Center 2012 SP1 provide the platform to enable cloud infrastructures. Service Provider Foundation enables common management semantics across private and public cloud computing platforms.

概念

管理Stamp (Stamp)

Management Stamps, or stamp, is a new concept introduced with Service Provider Foundation. A stamp represents a unit of virtualized platform infrastructure that includes System Center Virtual Machine Manager, one or more virtual machine hosts and the virtual machines that are managed in the context of the System Center Virtual Machine Manager instance within the stamp. Each stamp also includes the configuration unique to each stamp such as service accounts and user roles.

Stamps must be capable of being monitored; therefore a stamp also includes an instance of System Center Operations Manager. However an instance of System Center Operations Manager may provide monitoring for multiple stamps so there is not necessarily a 1:1 relationship between the number of stamps and instances of System Center Operations Manager.

Put another way a stamp is an instance of System Center that supports a virtualized platform infrastructure up to the maximum number of virtual machine hosts and virtual machines supported by System Center.

Stamps are an important concept since they allow service providers to distribute tenants and their services across multiple instances of System Center components (such as Operations Manager and Virtual Machine Manager), datacenters and geographic locations. Similarly they allow service designers to define how their service is deployed. For example assume a tenant of the service provider wishes to deploy two services. This service provider is a global organization with datacenters throughout the world. The tenant defines their first service requiring multiple instances that are geographically separated. The second service is similarly defined but carries an additional constraint that it only runs in European datacenters. Stamps allow the service provider to design this flexibility into their self-service portal and platform orchestration. Once requests are accepted and validated the service provider fabric management would issue the appropriate requests through the Service Provider Foundation API to deploy the services across stamps.

テナント

A tenant is an organization or user of the platform usually through creation of an account or subscription. The on-boarding of tenants will likely be defined by policy implemented and enforced by the Service Delivery Layer of the Reference Model. A tenant will have a tenant administrator role assigned to the tenant management artifact maintained by the platform. One or more users may be assigned the administrator role.

Tenants are responsible for all resources that have been provisioned by the platform on behalf of the tenant and generally a metering or chargeback model exists to expose a cost structure assigned to each resource offered by the platform and chargeable to the tenant based upon usage.

利用可能なシナリオ

This section provides an overview of scenarios enabled by System Center Service Provider Foundation. In most cases these scenarios become enabled through the use of Service Provider Framework features used in conjunction with base platform capability provided by Microsoft System Center Virtual Machine Manager and System Center Orchestrator. Again this is an overview; for more specific information on each of the System Center Service Provider Foundation features that enable a scenario refer to the product guidance available here and through links available from the scenario description or the Resources section of this article.

• Web Based Management Interfaces to System Center ? Service Providers have invested over time as they have grown from virtualized infrastructures to a public or private cloud services provider offering self-service management portal capability. Web based management interfaces to System Center allow service providers to perform complex management operations using industry standard web service interfaces on cloud resources exposed by Microsoft System Center while retaining their investment in existing self-service portal capabilities.
• Retain Existing Portal User Interface ? This scenario is related to the previous web based management scenario in that service providers have built unique and differentiating capabilities into their self-service management portals. Traditionally System Center has required Microsoft provided management interfaces to perform operations on cloud resources exposed by System Center. By exposing System Center capability through web based management protocols service providers can easily integrate System Center Infrastructure as a Service capability into their existing user interfaces.
• Multi-tenancy ? Service providers have a broad customer base, these are tenants of the cloud service platform. Management portals that expose Infrastructure as a Service capability to tenants must do so in a manner that uniquely identifies them and isolates tenants from each other on the platform.
• Management Across Instances of System Center Components ? Users demand the ability to host their workloads across geographically separated boundaries for protection against a significant failure or other incident that may have broad reaching impact on a datacenter or facility. Service providers desire to distribute workloads across resources that are most efficient and/or manageable at any given moment of the life-cycle of each service. Both of these requirements require the platform to seamlessly support service management across multiple instances of System Center components. The instances of System Center components and associated infrastructure is referred to as a "stamp". The concept of stamps is covered in the Architecture section of this article.

 

図2: サービスプロバイダーがIaaSを提供できるようになる

アーキテクチャ

The Service Provider Framework high-level architecture is presented in this section. The core of System Center Service Provider Foundation exposes a web service hosted on Microsoft Internet Information Services (IIS). The web service responds to management requests using a REST (OData) API that exposes cloud infrastructure resources managed by Microsoft System Center. More information about the Uniform Request Structure (URI) for each request is provided later in this section.

Microsoft System Center components such as Virtual Machine Manager provide rich feature manageability through PowerShell cmdlets. Management requests through Service Provider Foundation are aggregated to compose a fully qualified request to the appropriate management instance (or stamp) for resources accessed in the context of the tenant user identification and role. Requests are then processed on each stamp by invoking PowerShell cmdlets through the Aggregation layer.

The graphic below depicts this high level view, the components of Service provider Foundation and the relative layers between external components. The layers of System Center Service Provider Foundation are shown in blue. Each stamp is shown in purple and scale-out of cloud service provider resources is achieved through multiple instances of stamps.


Figure 3: System Center Service Provider Foundation Architecture

Service Provider Foundation exposes System Center components as an Open Data Protocol (OData) service. The OData service is accessed through a specific Uniform Resource Identifier (URI). The service then exposes resources which represent facets of the components they serve. For example, in the case of VMM, the OData service exposes Virtual Machine Manager and provides a collection named VirtualMachines. You can use this collection to access a list of virtual machines, query for a specific virtual machine, create a virtual machine, or delete a virtual machine.

The general format of the Service Provider Foundation Web service URI is 窶徂ttp://server:port/SC2012/component/Microsoft.Management.Odata.svc/窶?/strong>.

下記の表にURIのパーツについて記載しています。

URI要素	説明
server	Service Provider Foundationをホストしているサーバのホスト名
port	Service Provider Foundationが公開されているポート番号
component	アクセスしようとしているSystem Centerのコンポーネント System Center 2012 SP1―Virtual Machine Managerの場合は「VMM」

マルチテナント

Enabling self-service for a broad range of users that span enterprise IT through to end users requires the self-service portal and underlying infrastructure to be multi-tenant aware. In the context of Service Provider Foundation the range is somewhat narrow spanning from Tenant Administrator to Tenant End Users. Still the requirement exists for tenant subscribers to manage and monitor the resources associated with the services or subscription.

Service Provider Foundation serves as the broker between the tenant and the Microsoft Cloud management platform and more specifically Virtual Machine Manager. Multi-tenancy is facilitated by mapping a self-service end-user token or Windows Authorization credential to a Virtual Machine Manager Self-Service User Role. Requests issued through Service Provider Foundation are executed on the management platform in the security context of the user role. Multi-tenancy is further aided by new feature capability available on Windows Server 2012 such as Network Isolation.

Management operations are logged appropriately to reflect the tenant performing the request to Service Provider Foundation.

アグリゲーション

Service Providers organize their infrastructure resources into a hierarchy or grouping that makes sense for their organization. This may take shape across physical boundaries such as geographically separated facilities, datacenters and scale units. Within a facility resources may be further classified by logical capability such as the class of resource being offered (Silver Tier/Gold Tier/Platinum Tier). Service Provider Foundation accommodates this division of resources by offering a single unified service endpoint and aggregating management operations across fabric infrastructure groups, or Stamps. This capability is provided by the Aggregation Layer illustrated in the architecture graphic (Figure 3).

As service providers deploy physical resources managed by the Microsoft Cloud platform, these resources are either added to the scope of an existing System Center management stamp or a new stamp, minimally new stamps consist of System Center Virtual Machine Manager. Once Service Provider Foundation has been deployed, each stamp must be defined with the associated Virtual Machine Manager Server name. When completed this forms the collection of management stamps that tenant services can be deployed across.

Tenants of the service provider subscribe to capabilities that are offered and added to their subscription. A tenant administrator is assigned to each tenant and is responsible for the management of the subscription within their organization or group. The scope of their subscription is defined to Service Provider Foundation in the form of User Roles. Each user role contains rights to the appropriate Virtual Machine Manager Clouds, Virtual Machine and Service Templates, and Networks associated with the class of services included in the tenants subscription.

When presented with a management request from a tenant client, each request occurs over a secure authenticated channel that allows the aggregation layer to fully expand the request. Requests may be loosely or firmly scoped within the context of the subscription. That is a tenant may issue a request that could be fulfilled on any management stamp the tenant has access to, or the request may specify an operation to occur on a specific stamp. Consider a request to show all my virtual machines. This request when expanded results in management operations to each stamp the tenant has access to that enumerates their virtual machines running in each stamp. The aggregation layer combines the results from each stamp into a single view of virtual machines owned by the tenant across the infrastructure.

Aggregation then is responsible for expanding Service Provider Foundation management requests into unique fully qualified operations that are issued across stamps with results unified into a single view of the infrastructure across the organization.

Reviewing Service Provider Foundation in your Environment

Staging Service Provider Foundation to review its capabilities and management interfaces or integrate into your development environment requires administrative access to one or more System Center Virtual Machine Manager instances that are actively managing at least one virtual machine host in a test or sandbox environment. You then need the physical or virtual machine resources to deploy System Center Orchestrator and Service Provider Foundation and configure with information about your Virtual Machine Manager stamps.

System Center 2012 構成要素およびその他の要件

• System Center 2012 SP1 ?Virtual Machine Manager
• System Center 2012 SP1 ?Orchestrator
  • Includes Service Provider Foundation
• System Center 2012 SP1 ?Operations Manager

概要

Using System Center 2012 components together as outlined in this section you should come away with an understanding of how Service Provider Foundation with Virtual Machine Manager enables Infrastructure as a Service capabilities useful to service provider and large IT organizations. More specifically you will:

• Gain and overview of Service Provider Foundation and how it fits in the overall scope of System Center 2012
• Deployment of Service Provider Foundation
• Association with Virtual Machine Manager
• Programmatic access to Virtual Machine Manager Capabilities
• Service Provider Foundation Command Line Usage

準備

In order to prepare your environment for this scenario, you should review guidance in the System Center 2012 Integration Guide hosted on the Microsoft TechNet Library.
There you can review community information of each System Center component in its role as a programmable platform to be used for the Microsoft Private Cloud. It is intended to provide an abstraction layer that guides partners and customers on their decision process for methods to build automated solutions across System Center components and between System Center and other systems.

Once you have the System Center 2012 components and other requirements met, you窶决e ready to explore Service Provider Foundation in your environment.

実践

This section outlines the steps you should complete to accomplish reviewing Service Provider Foundation.

1. Determine or Create a sample Virtual Machine Manager fabric ? If you have an existing System Center test environment already established you can skip to the next step. Otherwise you'll need to have Virtual Machine Manager fabric created including items such as clouds containing CPUs, memory, storage, and VMs. You can read more about configuring fabric resources in Virtual Machine Manager here in the TechNet Library.
2. Accessing Service Provider Foundation ? You should decide how you will access Service Provider Foundation to explore its capabilities. Initially you may wish to use a browser to access Service Provider Foundation to perform some simple operations by constructing the appropriate URI and examining the results. Developers may wish to jump right in with a simple project and begin coding actions against Service Provider Foundation and acting programmatically on results. Developers should already have a development environment and references to an OData platform library appropriate for their environment.
3. Deploy and Configure Service Provider Foundation ? This step involves the actual deployment of Service Provider Foundation into your test environment and configuring Service Provider Foundation with knowledge about the Virtual Machine Manager instances (or Stamps) you plan to test against. Guidance on the deployment and configuration of Service Provider Foundation can be found here in the TechNet Library.
4. Test connection to Service Provider Foundation ? Test that you can connect to the Service Provider Foundation server instance and can perform simple operations. This will determine if you have physical network connectivity to the server and administrative access to perform management operations. You窶冤l need to construct a URI that includes the server, service endpoint and operation to perform.
5. Test Infrastructure as a Service scenarios ? Test some advanced Infrastructure as a Service scenarios such as the creation and collapse of resources across management stamps. Through this step you窶冤l gain confidence in your understanding of Service Provider Foundation concepts, management interfaces and capabilities as they apply to the needs of your organization. You'll find detailed guidance on the Service Provider Foundation API here in the TechNet Library.

---

Have a question about Service Provider Foundation? Have you integrated Service Provider Foundation into your self-service platform and have feedback? Discuss here on the TechNet Forum.

---

リソース

アーキテクチャリソース

• プライベート クラウド ソリューション ハブ
• Reference Architecture for Private Cloud
• Open Data Protocol (OData)

コミュニティ リソース

• Server and Tools Blog
• System Center Team Blog
• System Center Virtual Machine Manager Engineering Blog
• System Center Orchestrator Engineering Blog
• System Center 2012 Integration Guide
• Private Cloud Blog

コミュニティのBlog投稿

• IaaS in Windows Azure Services for Windows Server by Marc van Eijk (dutch Hyper-V community www.hyper-v.nu)

技術資料リソース

• Orchestrator
• Service Provider Foundation
• Service Provider Foundation SDK
• Service Provider Foundation Cmdlets
• Virtual Machine Manager
• Operations Manager

更なる技術シナリオについては、 System Center TechCenter内のTechnical Scenariosページ (英語)をご覧ください。

ほかの言語

• Cloud Resource Management with System Center 2012 Service Pack 1 (SP1) – Orchestrator and Service Provider Foundation (en-US)