In this post I’m going to have a quick look at Azure tooling for orchestration and hybrid environments. The Azure Portal and its automation options works great for developers and operations staff to manage resources but sometimes you need more. The two scenarios I come across very often are hybrid cloud and service catalogs with an accompanying self service portal.
With hybrid cloud you have to consider the integration with on-premise resources and APIs or even other cloud providers. On the service catalog side you have to consider the services you will provide, the orchestration for provisioning, integration with a service management tool and implementing business rules for approval and access.
At the moment the Microsoft tooling landscape is a bit of a minefield with the transition from ASM to ARM for Azure and the changes in System Center to cater for hybrid cloud environments. In this post I’ll be looking at tooling around System Center 2012 R2 and Azure Pack. May be later on I will take a look at System Center 2016 and Azure Stack.
Azure Pack Private Cloud
It supports an ASM style API that is different from the public Azure ASM API. The recommended automation solution for Azure Pack is Service Management Automation. It is stand alone component you install from the System Center Orchestrator installation media. It executes PowerShell workflows based on events or a schedule. It is aimed at administrating the fabric of your cloud and is not suited for tenants launching workflows to provision resources.
If you don’t need complicated workflows you can create Virtual Machine Roles, they enables users to select different options during deployment, install extensions and deploy multiple VMs together that form a logical grouping.
Azure Pack In A Hybrid Environment
In a hybrid environment you can use the Windows Azure Pack Connector to provision VMs on premise and in public Azure using the Azure Pack portal and API. There are also 3rd party solutions that provide similar functionality for other resource types. You will be writing ASM style PowerShell scripts that can execute against public Azure ARM via the connector or on premise Azure Pack VMs using the same Azure Pack API.
System Center Orchestrator
If you want to have even more control over the provisioning process or have integration requirements with non Microsoft hybrid environments you can use System Center Orchestrator to create complex workflows. There a few options when it comes to Orchestrator, this article describes it in more detail. Orchestrator offers a graphical authoring experience for on premise resources using integration packs. You can connect it to public Azure using the Azure Integration Pack for Orchestrator but this is only for ASM not ARM. You can also use it to execute PowerShell to cater for any tasks not provided by integration packs like calling Azure ARM PowerShell, deploying ARM templates or executing automation runbooks.
Self Service Portal
To create your own front end or self service portal for users you can use System Center Service Manager Portal, it integrates with Orchestrator to run workflows. You can modify the front end to present users with prompts and you can control access and require change approval for actions.
Azure Automation
Azure Automation give you the ability to run PowerShell workflows and scripts in the public cloud, the scripts are stored in Azure along with other assets like connection strings, certificates etc. By default it can’t access on premise resources that are not publicly accessible. You have the option to install hybrid runbook workers on premise to receive jobs from Azure Automation, these will obviously have access to any local resources visible to them.
App Controller
This is not really automation but it can gives you more control over the users ability to access resources in the cloud and on premise. It also hides details from users, for instance they don’t have to know the Azure subscription details or even have a subscription to provision Azure resources. You define connections in App Controller and grant users access to it. It can connect to various resources like Hyper-V, Azure and vCenter.
Application Roadmap
Keep in mind all the information in this blog relates to Azure Pack and System Center 2012, a lot changed in System Center 2016 and Azure Stack. Before you invest in any of the tools take a look at the road map for the products for example App Controller has been deprecated in System Center 2016 and Orchestrator seems to be dead in water, no new features were added in System Center 2016.
