Hello Everyone,

Description

First question, what is System Center 2012 SP1 Service Provider Foundation?
On TechNet (http://technet.microsoft.com/en-us/library/jj642895.aspx), I found the following description:

Service Provider Foundation is provided with System Center 2012 - Orchestrator, a component of System Center 2012 Service Pack 1 (SP1). Service Provider Foundation exposes an extensible OData web service that interacts with Virtual Machine Manager (VMM). This enables service providers and hosters to design and implement multi-tenant self-service portals that integrate IaaS capabilities available System Center 2012 SP1.

In other words:

• Service Provider Foundation is available on the same ISO file than System Center Orchestrator 2012 SP1.
• A hoster is any person that is providing a hosting services (Hyper-v hosts, networks, …) from his infrastructure to different customers/tenants who will deploy VM, Apps, websites on the hoster’s infrastructure.
• SPF will help these hosters to build a multi-tenants self-service portal that will present an extended web service for Virtual Machine Manager.
• Concerning the portal, you could build one on your own or you could use the Windows Azure Services for Windows Server. http://msdn.microsoft.com/en-us/library/jj874381.aspx (This topic will be cover in another blog post)

Prerequisites

• A new server on which we will install SPF (We will call it SRV-SPF01)
• Orchestrator Iso file
• The Virtual Machine Manager 2012 SP1 Administrator Console must be installed on SRV-SPF01
• A SQL server that could be used by SPF for installing its DB
• Download the Certificate Creation Tool here : http://gallery.technet.microsoft.com/Certificate-Creation-tool-5b7c054d
• Download and install MVC4: http://www.asp.net/mvc/mvc4
• Download and install WCF Data Services 5.0 for OData V3 : http://www.microsoft.com/en-us/download/details.aspx?id=29306
• A Active Directory Global Security group that we will called SPF-Admins
• A service account that is member of the VMM Administrator group, SPF-Admins group and local administrator group on SRV-SPF01
• Your AD account must be member of the SPF-Admins group also
• The following Roles and Features must be installed on SRV-SPF01

  

   

Create the SSL certificates

Service Provider Foundation requires that a Secure Sockets Layer (SSL) server certificate be configured for its website bindings. The Service Provider Foundation website is the endpoint for the Admin service and the Virtual Machine Manager (VMM) service that use Representational State Transfer (REST) and Open Data Protocol (OData) technology to communicate with clients and portal applications.

The certificate should conform to the following recommendations:

• A self-signed certificate should be used only for testing purposes.
• The fully qualified domain name (FQDN) should be specified for the certification path instead of “localhost”.
• A self-signed certificate should be placed in the personal store.

A complete explanation is available on TechNet: http://technet.microsoft.com/en-us/library/jj943808.aspx

We first need to create test Root Certificate, with the MAKECERT application that we download in the perquisites.

makecert -pe -n “CN=TestRootCA” -ss personal -sr LocalMachine -sky signature -r “TestRootCA.cer”

We now have to create a certificate for the machine itself

makecert -pe -n “CN=SRV-SPF01.CONTOSO.COM” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “TestRootCA” -is personal -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 SPFTestCert.cer

At the end, we have two new certificates, move these certificates to a folder that we will access later.

SPF installation

Start the setup.exe file on the Orchestrator cd and at the bottom, there is the Service Provide Foundation section, click on Install.

A new window, dedicated to SPF pops up, click on install.

Accepts the license terms and click on Next.

Check the box and click on Next.

Once the prerequisites check done, click on Next.

Specify your SQL Server and click on Next.

Click on Change Folder and browse to the folder where you stored the two certificates that you created earlier.
Review the information available in Certificate Store and Certificate Name, if everything is ok, click on Next.

Specify the AD group and service account that we created during the perquisites and click on Next.

Specify the AD group and service account that we created during the perquisites and click on Next.

Specify the AD group and service account that we created during the perquisites and click on Next.

Selection your own values and click on Next.

Review all the information and click on Install.

SPF installation in progress.

Installation completed.

This post is in fact the first one of a service dedicated to Windows Azure Services for Windows Server.
Stay tuned!!!

Christopher

Uncategorized

Hi Guys,

With my friends Kenny (SCCM MVP) and Alex (SCOMMVP), we will participate to an online meeting organized by Veeam: “Expert Round Table – Veeam Virtualization Experience”. This free online round table will take place on September 27th, don’t forget to register :

http://go.veeam.com/webinar-27092012-expert-round-table-en.html

Cheers
Christopher

Cheers · Expert · MVP · online · Uncategorized

Hi Guys,

I’m currently working on an integration between Orchestrator 2012 and BMC Remedy. For that, I’m using the free Integration Pack from Kelverion and I’ll provide more information about the Web Service Reference Cache that is used by this IP.

The Kelverion Integration Pack for BMC Remedy AR System uses web services to integrate with Remedy AR System. In order to support on-demand connections to any Remedy AR System web service the integration pack will automatically download the appropriate WSDL and generate the required web service proxies as required. This process can be time consuming, so in order to improve performance, the integration pack maintains a local cache of web service proxies on
each runbook service and Runbook Designer host system.

Although the cache provides a significant performance benefit, there is a chance that these files can become outdated whenever changes are made to a Remedy AR System web service. In order to synchronize changes to a Remedy AR System web service, you must clear the local web service cache so that the required files can be re-generated.

To remove the Remedy AR System web service cache on Windows Server R2:

• Close the Orchestrator Runbook Designer
• Delete the *.dll files from the folder C:\Users\%USERPROFILE%\AppData\Local\Kelverion Automation\Integration Pack for BMC Remedy\%WebServerURL%\arsys\%ARServer%

• Repeat for each user profile that is used by Orchestrator components.
• Delete the *.dll files from the folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Kelverion Automation\Integration Pack for BMC Remedy\%WebServerURL%\arsys\%ARServer%

Each time that you update your Remedy Web service, you’ll have to delete the Remedy Web Service Reference Cache on the Orchestrator server.

Regards
Christopher

BMC · performance benefit · process · Uncategorized · windows server

Hi All,

I’m currently working on a migration project from Opalis 6.3 to Orchestrator 2012. When you are working on that type of migration, the first step that you have to do, it’s to ensure that you have all the same Integration packs on both environments. Otherwise, you have to find equivalent integration packs, in all your runbooks, you have to replace the old activities by the ones from the new integration packs. That could really takes a lot of time and makes your migration really painful.

Here my customer built a lot of SCCM2007 Workflows with the SCCM Client Center Integration Pack for Opalis available on CodePlex. Now, when I tried to import directly this IP in Orchestrator 2012, I received the following error message : OIP version not compatible with System Center 2012 Orchestrator.

Microsoft published an article on MSDN that explains how to convert an Opalis Integration Pack created with the Opalis QIK to an Orchestrator 2012 Integration Pack : http://msdn.microsoft.com/en-us/library/hh855852.aspx 
Some helpful information are also available on CodePlex : http://orchestrator.codeplex.com/wikipage?title=QIK%20Integration%20Pack%20Migration

After these readings, You could see that for this conversion process, you’ll need to have the IP assembly (DLL files, …), which is often not the case when you are not the author of the Integration Pack.

I contacted Roger Zander, the author of the SCCM Client Center IP for Opalis, who followed the following guide  http://www.thecloudbuilderblog.com/blog/2011/11/22/porting-opalis-6x-integration-packs-to-orchestrator-2012-rc.html to convert his Opalis assembly to Orchestrator assembly.

Once he sent me the updated assembly, I’ve been able to fully follow the Microsoft guide and to convert the SCCM Client Center IP for Opalis to an all new integration pack : SCCM Client Center IP for Orchestrator 2012.

This new SCCM Client Center Integration Pack for Orchestrator 2012 is available on CodePlex for free :
http://sccmclictropalis.codeplex.com/

Feel free to download it, test it and come back to us if you have any question.

I really would like to thank Roger for his support on this !!!
Don’t forget that Roger is the author of this Integration Pack, I just converted it for Orchestrator 2012.

Christopher

Uncategorized

Dear All,

Yesterday, I moved some agentless monitored servers from a Windows Server 2003 R2 SP2 management server to a Windows Server 2008 R2 SP1 management server. Since I did that, I received the following alert for all my Windows server 2003 agentless servers :

There are no more endpoints available from the endpoint mapper

In the management server event log, the following event was recorded:

The Windows Event Log Provider is still unable to open the System event log on computer ‘xxx.xxx.com’. The Provider has been unable to open the System event log for 336240 seconds.

Most recent error details: There are no more endpoints available from the endpoint mapper.
One or more workflows were affected by this. 
Workflow name: many
Instance name: many
Instance ID: many
Management group: OM2007

I checked the firewall settings, DNS settings, …. everything was fine. Finally I moved back an agentless monitored server to a Windows Server 2003 R2 SP2 management server and the error disappeared.

The Microsoft Premier Support confirmed it me, a Windows Server 2003 agentless server must be monitored by a Windows Server 2003 server watcher node. Same idea for a Windows Server 2008 agentless server, it must be monitored by a Windows Server 2008 server.

Now, an agentless watcher node could be a management server, or any other agent monitored server of you infrastructure. If you choose an agent monitored server as watcher node, don’t forget to set change the run as account of the agent to an account which has the necessary access right to the agentless monitored server.

Regards
Christopher KEYAERT

Uncategorized