Wednesday, December 7, 2011

System Center 2012 Private Cloud Community Evaluation Program contest winner!!

Nice to see the email last night arrive into my inbox telling me that I had won the November competition for the Microsoft System Center 2012 Private Cloud Community Evaluation Program (CEP) as a result of my blog posts on 'Cloud Management with System Center'.

There were two aspects of the prize - a brand new Microsoft Touch Mouse and entry into a draw in February for a free MMS 2012 ticket!


If you want to learn more about Cloud Management with System Center, click on the links below for my posts:

Cloud Management with System Center - Building a Private Cloud with System Center Virtual Machine Manager 2012

Cloud Management with System Center - Creating a Virtual Machine Template with System Center Virtual Machine Manager 2012

Cloud Management with System Center - Creating a Service Template with System Center Virtual Machine Manager 2012

Cloud Management with System Center - Connecting your private cloud to System Center App Controller 2012

Cloud Management with System Center - Customizing System Center App Controller 2012

Cloud Management with System Center - Connecting App Controller to Azure Part 1

Cloud Management with System Center - Connecting App Controller to Azure Part 2

Cloud Management with System Center - Integrating App Controller with SCOM


The System Center 2012 Private Cloud CEP is running up until February and is open to anyone who wants to sign up. Click on the link below to start learning about how System Center is changing the way we manage our cloud infrastructures:

http://connect.microsoft.com/site799/program7383


Enjoy!

Thursday, November 24, 2011

Cloud Management with System Center - Integrating App Controller with SCOM

As part of my Year Zero session presentation, I wanted to show the integration between a number of System Center products while highlighting Cloud Management and the IT as a Service model.

As System Center App Controller 2012 is still in BETA and the integration between all the System Center 2012 products is still not fully finished, I decided to do my own type of basic integration to allow an administrator to manage their clouds from the same server / screen that they are using for their SCOM console. I decided to create a custom SCOM task that can launch the App Controller Console from within a SCOM Distributed Application
This is more a customisation than integration but none the less – it works for me until we get a Management Pack for App Controller into SCOM 2012!

This post also coincides with the new Microsoft Private Cloud Community Evaluation Program starting up and you can sign up at any time to the CEP by clicking on the link below (you will need a Microsoft Live ID to sign in):


To begin, you need to have already installed System Center App Controller 2012 and configured it with your public and or private clouds. See the links below for more information on App Controller as part of this blog series:

Installing System Center App Controller 2012

Cloud Management with System Center - Connecting your private cloud to App Controller

Cloud Management with System Center - Connecting App Controller to Azure

Deploying the SCOM Agent

When you have App Controller installed, you need to deploy the SCOM agent to the App Controller server.

I’ll be carrying these steps out on a SCOM 2007 R2 server as opposed to SCOM 2012 as SCOM 2007 R2 is more prevalent at the moment and will be the main production monitoring application people are using for the coming months. These steps will work exactly the same however with SCOM 2012.

Follow the screens below to complete the 'Discovery Wizard' and to install the SCOM Windows agent onto your App Controller server.








Once the above steps have been completed, you should then have your SCOM agent deployed to your System Center App Controller 2012 server.

Creating the Custom Task

At this point, you should have your SCOM agent deployed to your App Controller server and a custom group created that includes the new App Controller agent.

To enable us to launch the App Controller console from the SCOM console, we need to create a custom task within SCOM that evokes a URL shortcut to the App Controller console.

First, logon to your App Controller server and double click on the App Controller icon on the desktop


When the console logon window opens, just copy or make a note of the full URL address in the address bar


Now, log back onto the server with your SCOM console installed. Open up Internet Explorer and browse to the App Controller URL shortcut.

Once it opens, click on ‘File’, ‘Send’ and select ‘Shortcut to Desktop’. This will create a shortcut on the desktop of your SCOM console server that links back to the App Controller console on your App Controller server. Move this shortcut now to a folder on the ‘C’ drive called ‘SCOMCustomTasks’


Now, open up the SCOM console, go to the ‘Authoring’ tab in the Wunderbar, expand ‘Management Pack Objects’, right mouse click on ‘Tasks’ and then select ‘Create a New Task’ as below


In the 'Create Task Wizard' window, select 'Console Tasks' and then 'Command Line', ensure you are saving the new task to a custom unsealed Management Pack (that IS NOT the 'Default Management Pack!) then click 'Next'


Enter a description for the custom task and then select the 'Windows Server' class as the target as below


Now in the 'Application' field, type the text below (the path below presumes you have followed all of the above steps and have created the folder and shortcut names identically):

"C:\SCOMCustomTasks\App Controller.url"

Untick the 'Display output when task is run' box and then click 'Create' to complete the custom task creation.


Once you have your custom task created, anytime you click on your System Center App Controller server within SCOM, you will see the 'App Controller Console Launch' action present in the 'Actions' window on the right hand side of the screen.

The screenshot below is the Distributed Application Service that I built for the Year Zero event and I have highlighted in RED the App Controller server in the diagram and its associated custom task on the right.


Notice also, that this process is not by any means specific to just App Controller. If you look at the diagram above you will see I have created a similar custom task to enable me to launch my System Center Orchestrator 2012 console too (see the 'Orchestrator Console Launch' action on the right).

Now thats what I call central management with SCOM!!!!

Friday, November 18, 2011

Cloud Management with System Center - Connecting App Controller to Azure Part 2

This is Part 2 of my post on 'Connecting App Controller to Azure'.These posts are part of a bigger series titled 'Cloud Management with System Center' and if you haven't read any of the other posts in the series, you can start from the links below:

Installing System Center App Controller 2012

Cloud Management with System Center - Building a Private Cloud with SCVMM 2012


In Part 1 of 'Connecting App Controller to Azure', I walked through the steps required to create a self-signed certificate on your App Controller server and how to export that into both .PFX and .CER formats.

With the certificates exported you are now ready to start working in Azure to get the connection created.

Adding your management certificate to Azure

The following procedure presumes that you already have a subscription setup within Windows Azure and are ready to add a management certificate to that subscription. If you haven't yet got a subscription or an Azure account, you can get more information here on whats needed to get you started.

First up, you need to login to the Windows Azure Platform Management Portal with the relevant credentials that allow you permissions on the subscription to add management certificates.

In the navigation pane, click 'Hosted Services, Storage Accounts & CDN' and then at the top of the navigation pane, click Management Certificates.


On the ribbon at the top left hand side of the screen, in the Certificates group, click Add Certificate

The Add New Management Certificate dialog box opens.

In Choose a subscription, select the Windows Azure subscription to add the management certificate to.

In Certificate file, use the Browse button to select the .CER file for the exported certificate


When you have all of the information added in, click 'OK'

Once created, you should see it listed under your subscription as below



Now that we have added the .cer certificate file to our Azure subscription, we need to create the connection between App Controller and Azure while adding the .pfx file with the encryption key to the App Controller connection.

Connecting App Controller to your Windows Azure Subscription

Open up the System Center App Controller 2012 console and click on the 'Clouds' link on the left hand side of the screen

Now click the 'Connect' button and then select 'Windows Azure Subscription' from the drop-down menu


In the 'Connect' dialog box, enter a name for this subscription. This name is displayed in the Name column of the Clouds page.

Add an optional description in the Description text box.

In the Subscription ID field, enter the subscription ID for this connection. The Windows Azure subscription ID is a GUID and can be found in the Windows Azure Management Portal.

To import the required management certificate, select the Personal Information Exchange (.pfx) file for the public key you uploaded to Windows Azure and enter the password for the certificate


Click 'OK' to create the connection

Once the connection is verified and complete, you will see your Azure Public Cloud available in App Controller for management under a single console


This completes the steps required to create the connection between your public Azure subscription and System Center App Controller 2012.

This series of posts also coincide with the new Microsoft Private Cloud Community Evaluation Program starting up and you can sign up at any time to the CEP by clicking on the link below (you will need a Microsoft Live ID to sign in):

Cloud Management with System Center - Connecting App Controller to Azure Part 1

Welcome to the sixth instalment in my series on 'Cloud Management with System Center' and in this post I will be explaining how to connect System Center App Controller 2012 (SCAC 2012) to the Microsoft public cloud offering - Azure.

If you want to know how to install System Center App Controller 2012 or haven't read the other posts in this series, then check out the links below for more information:

Installing System Center App Controller 2012

Cloud Management with System Center - Building a Private Cloud with SCVMM 2012


So, to begin with, here is a high level overview of what is required to connect your App Controller installation to a Windows Azure subscription:
  • Obtain / Create either a public or self-signed certificate for authentication
  • Add the certificate to Azure as a Management Certificate
  • Add the certificate to App Controller with Private Key attached
  • Create the connection within App Controller to connect to the Azure subscription
Sound easy so far? That's because it is! If you have a good handle on certificates and how they work, a basic knowledge of Azure subscriptions and a server or two to use, then you will be connected to the public cloud in no time!

For the purpose of this series, I will be using a self-signed certificate for authentication purposes but would always recommend using a trusted 3rd party CA in a production environment for additional security.

There are a number of ways that you can create a self-signed certificate and none of them are the right or wrong way but in this example, I will be using the IIS Manager on the App Controller server to create the certificate.

Using IIS to Create your Self-Signed Certificate

Open the Internet Information Services (IIS) Manager by typing inetmgr in the Start menu textbox

In the IIS section of the center pane, double-click Server Certificates


Click Create Self-Signed Certificate, and then finish the wizard




Once you have completed the certificate creation wizard, you will see your new certificate listed in the central window 'Server Certificates' window as below



Double clicking on the certificate will confirm to you that you have a new certificate issued today with a private key that corresponds to it



Now that we have our certificate created within IIS, we need to export this certificate as a .PFX file which essentially is your certificate with the private key attached and will be the file needed when creating the App Controller side of the connection

Exporting a .PFX file using IIS Manager

Open the Internet Information Services (IIS) Manager by typing inetmgr in the Start menu textbox and then in the IIS section of the center pane, double-click Server Certificates, right-click the certificate in the center pane, and then click Export.


Select the location for the file, enter the name for the file, and enter the password for the private key


Click 'OK' to complete the .PFX export.

Exporting the .CER certificate file with Certificate Manager

At this point we have our new self-signed certificate added to the Certificate ‘Local Computer\Personal Store’ of our App Controller server (the IIS certificate creation automatially does this) and we have also exported the certificate as a .pfx file which contains the private key of the certificate.

We must now export the certificate again from the personal store but this time we wont be exporting the private key and as such we want to end up with a certificate that ends in a .cer extension.

To do this, open up your Certificate ‘Local Computer\Personal Store’ by clicking on ‘Start’, ‘Run’ then typing ‘mmc’ and clicking ‘Enter’

Now click on ‘File’, select ‘Add/Remove Snapin’ and then double click on ‘Certificates’ from the ensuing list

This now opens up the ‘Certificates’ snapin and it is imperative that you select ‘Computer Account’ from the menu that comes up as below


Once you have selected ‘Computer Account’, click on ‘Next’ and then click ‘Finish’ from the next screen leaving the default selection of ‘Local Computer’ enabled

Now you need to expand down to the ‘Certificates\Personal\Certificates’ folder as below and you should see any certificates that have been created and self-signed to this server


To export the certificate as a .cer file with no private key, follow the screenshots below



Make sure you select 'No, do not export the private key' here





You should now have two files on the C drive of your App Controller server, one is a .cer and the other is a .pfx



In the Part 2 of this post I will explain how to import these certificates into Azure and App Controller and also how to then configure the link between the two.

This series of posts also coincide with the new Microsoft Private Cloud Community Evaluation Program starting up and you can sign up at any time to the CEP by clicking on the link below (you will need a Microsoft Live ID to sign in):

Thursday, November 17, 2011

Cloud Management with System Center - Customizing System Center App Controller 2012

This is a quick and simple post to demonstrate how to customize the System Center App Controller 2012 login screen and administration console and to also walk through the steps required to configure Single Sign On (SSO) to use the users Windows credentials to automatically logon.

Customizing the Organization Logo

To customize the organization logo of App Controller all you need to do is to have a company logo file in PNG format that meets the following requirements:


LocationImage NameSize
Top left SC2012_WebHeaderLeft_AC.png 287x44
Top right SC2012_WebHeaderRight_AC.png 108x16



Once you have your company logo in PNG format, navigate to the website root of the System Center App Controller installation directory. By default, this is:

 %PROGRAMFILES%\Microsoft System Center 2012\App Controller\wwwroot



Make a backup copy of the default organization logos by renaming the files as follows:

Rename SC2012_WebHeaderLeft_AC.png to old.SC2012_WebHeaderLeft_AC.png

Rename SC2012_WebHeaderRight_AC.png to old.SC2012_WebHeaderRight_AC.png


 Copy your company logo file(s) into the wwwroot folder


Rename your logo file(s) to the following depending on which of the orginal logos you wish to replace:
  • SC2012_WebHeaderLeft_AC.png
  • SC2012_WebHeaderRight_AC.png
  
To complete the changes, close any App Controller console windows you have open, delete the Temporary Internet files folder from your web browser and then open up the App Controller console again and you should see your new logo added in as below



Enabling Single Sign On (SSO) for App Controller
By default, App Controller is enabled to prompt users to sign in by entering their Active Directory user name and password. The following procedure describes how to configure App Controller to use the user’s current Windows credentials to automatically sign on.

Firstly, open IIS manager on the App Controller server, select the App Controller website and then expand the website and select the /api node.


Now, double click the 'Authentication' icon in the center screen and then enable 'Windows Integrated Authentication' and disable 'Basic Authentication'.



That's all you have to do to enable SSO in App Controller!


This post is part of a series that coincides with the new Microsoft Private Cloud Community Evaluation Program starting up and you can sign up at any time to the CEP by clicking on the link below (you will need a Microsoft Live ID to sign in):

https://connect.microsoft.com/site799/program7383

If you want to learn more about Cloud Management with System Center, click the link below to start the series:
 
 

Cloud Management with System Center - Connecting your private cloud to System Center App Controller 2012

In this part of my 'Cloud Management with System Center' series I will explain how to connect your newly created private cloud within System Center Virtual Machine Manager 2012 (SCVMM 2012) to the newest member of Microsoft's System Center Suite - System Center App Controller 2012 (SCAC 2012).

If you want to know how to install System Center App Controller 2012, see my previous post:  Installing System Center App Controller 2012

See below for the links to the other posts in this series:

Cloud Management with System Center - Building a Private Cloud with System Center Virtual Machine Manager 2012

Cloud Management with System Center - Creating a Virtual Machine Template with System Center Virtual Machine Manager 2012

Cloud Management with System Center - Creating a Service Template with System Center Virtual Machine Manager 2012

This series coincides with the new Microsoft Private Cloud Community Evaluation Program starting up and you can sign up at any time to the CEP by clicking on the link below (you will need a Microsoft Live ID to sign in):

https://connect.microsoft.com/site799/program7383


Once you have SCAC 2012 and SCVMM 2012 installed, you should also have your private cloud configured, your virtual machine templates built and your new service template deployed to the private cloud. All that you need to do now is to connect your private cloud to App Controller to allow for central management of all private clouds in your environment with inegration and visibility between any public clouds you have deployed within Azure.

To begin, double click on the App Controller shortcut on your desktop to open up the logon page seen below


Enter your Active Directory credentials and then click 'Sign In'. This should then open up the App Controller overview screen



Now click on the 'Clouds' link from the left hand side of the screen and then click on the 'Connect' button to access a drop down menu that you then need to select 'VMM Server' from


In the 'Add a new VMM connection' box, enter a name for this connection. This name is displayed in the Name column of Clouds page.

Add an optional description in the Description text box.

In the Server name text box, enter the fully qualified domain name (FQDN) of the VMM management server.

In the Port field, enter a port number that matches the port used by the VMM management server (default: 8100).


Select 'Automatically import SSL certificates' if you plan to copy files and templates to and from VMM cloud libraries.

Note: SSL certificates must be imported to the App Controller server in order to copy files or templates to and from VMM cloud libraries. In order for the import to succeed, users need to be part of all of the following roles: the local administrator of the App Controller server, local administrator of the VMM server, and VMM administrator

Once you have entered all of you information,click 'OK' to create the connection between SCAC 2012 and your SCVMM 2012 servers.

You may then be asked to select which SCVMM user role to use from the new SCVMM server connection for the current session.

Once the link between the two applications has been configured, you should then see your private cloud from SCVMM 2012 available to manage within the 'Clouds' window of System Center App Controller as below


If you click on the 'Services' link on the left hand side, App Controller will show you all of the available services from your private clouds


Clicking on the 'Virtual Machines' link on the left hand side will reveal all of the virtual machines on your private cloud


The 'Library' link on the left hand side will show you a central library location that consolidates all of the templates across your cloud estate in one screen


And finally, to get a feel for the 'WOW' factor of App Controller, go back to the 'Services' link on the left hand side to view your deployed service applications again.
Now click on the 'Open Diagram' button above the list of deployed services

This opens up a nice quick Silverlight view of your deployed service application and allows for easy customization and zoom views at the click of a mouse

If you want to learn more about Cloud Management with System Center, click the link below for my next post: