Assigning Owner and User Role to VMs in Windows Azure Pack

At Inovativ, the company I work for, we more or less use Windows Azure Pack in production now. We have begun to operate as a hoster and each consultant is a tenant in our Inovativ Cloud. They can go to the Windows Azure Pack tenant portal and consume the resources we have available in our cloud. If you don’t set any rules your tenants are likely to grab all the resources that are available. Currently we have not yet set any quotas, but I’m afraid we will have to very soon.

One problem that we encountered was that VMs which were created outside of the portal did not have the correct Owner and User Role. This would mean that those VMs were not visible as owned by a certain tenant in the Windows Azure Pack tenant portal. Also when you set quota on for instance the number of VMs that could be created or the amount of memory that could be consumed, only the VMs were counted that were actually owned by the tenant.

image

This would be a serious problem if you are a hoster an wanted to move existing VMs to a tenant’s subscription or service plan as it is called in Windows Azure Pack. Another problem that we think is linked to this is that Cloud Cruiser which collects usage information for billing or showback is not able to process the usage records.

This is what it looks like from the admin portal when you go to VM Clouds and find all VMs for a certain tenant and subscription to a tenant plan. As you can see there not all of my VMs are listed.

image

It was quite easy to give access to the manually added VMs via the VM properties in Virtual Machine Manager 2012 R2. The first requirement is assign the VM to the same VMM Cloud that is used in Windows Azure Pack. If the VM does not have an Self-Service owner, you can select one. The problem however is that the only accounts you can choose are Active Directory accounts. This is exactly what we don’t want.

image

After adding the VM to the proper cloud and setting the Self-Service owner to an Active Directory account, it was at least possible to assign one or more tenants to the “external VMs”

image

This results at least in seeing the VMs in your tenant portal but still with the disadvantage of not being fully managed Windows Azure Pack VMs as explained above.

image

A VM owned by a WAP tenant should show its Self-Service owner like this:

image

So we needed to find out how to set the User Role and Owner of the VMs using the Windows Azure Pack account and Self-Service owner.

The first thought was to simply set the properties of the VM using PowerShell, directly setting the UserRole and Owner with the Set-SCVirtualMachine cmdlet.

image

This clearly doesn’t work. I think I tried a dozen different ways of changing the VM properties. When I reached for my primary contact in the Windows Azure Pack product team in Redmond I received a message that he was on holiday. My other great source for help is the MVP distribution list for the System Center Cloud & Datacenter Management MVP’s. I literally instantaneously received several replies from my fellow MVPs. After some mail exchanges Stanislav Zhelyazkov from Bulgary offered to get on Lync to take a look what was going wrong. He had already pointed me to the fact that if we needed to change VM properties for Windows Azure Pack, we needed to go via the same route as WAP itself: via the Service Provider Foundation (SPF). The trick is to use the OnBehalfOfUser and OnBehalfOfUserRole method like SPF uses to talk to VMM.

So let’s assign VM HV-DC01 to my Windows Azure Pack account and service plan.

First we set a couple of variables and list the relevant properties of the VMs starting with “HV-“

image

You can clearly see the difference between the VMs created outside of WAP and inside of WAP. Four VMs have an Active Directory user as Owner and the VMM Administrator as UserRole.

Next we set the VMM Server that is referenced in Windows Azure Pack and connected via SPF.

image

In the following step we set the user role into a variable $Role using the variable $UserRole declared at the beginning of the script.

image

Before we can use the OnBehalfOf method we first need to set the UserRole

image

This immediately shows in VMM

image

The owner can now be set using OnBehalfOfUserRole and OnBehalfOfUser

image

All we need to do is check in the Windows Azure Pack tenant portal if the modified VMs show up under the correct user account.

image

Voilá, mission accomplished … with the great help of my friends.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>