Chapter 2

The Microsoft Private Cloud

Chapter 1, “Understanding Cloud Computing,” explained the traits of a cloud, a private cloud, and Infrastructure as a Service (IaaS). This chapter introduces the Microsoft vision of a private cloud and describes each component of the greater solution.

Most of this book focuses on the roles of System Center Virtual Machine Manager 2012 and System Center App Controller 2012 in the delivery of a private cloud. As you progress through the chapters, we'll examine these products in greater depth.

Consultants and customers alike need to know the benefits of the Microsoft private-cloud strategy for their businesses.

This chapter explains the following:

• The Microsoft strategy for the private cloud
• How the Microsoft strategy benefits the customer and the business
• The functions of System Center in the Microsoft private cloud

The Microsoft Private-Cloud Strategy

Chapter 1 questioned the role and necessity of IT in business today. IT exists to provide a service to a business. That service enables business applications to drive business operations, enable partnerships, create profits, and so on. If you ask a roomful of CEOs which virtualization product is at the bottom layers of their IT infrastructure, only a few (and they probably work for Microsoft, VMware, or Citrix) will know or even care. What they care about is the delivery, flexibility, agility, and quality of the service.

Virtualization is an important piece of the puzzle. Virtualization is an ingredient of the Microsoft private cloud. Businesses care about services, not virtualization—but what exactly are services? Services (the things that a business really cares about) are line-of-business applications created and managed by developers and application administrators.

Let's take a trip down memory lane to find out how Microsoft has evolved its private-cloud strategy for delivering an IT service to a business.

The Development of the Microsoft Private Cloud

Microsoft recognized the importance of services to business in the early to mid-2000s and has been evolving an infrastructure-management and -enabling solution that delivers the services business demands. At one point, Microsoft called their solution Dynamic Systems Initiative (DSI). Featuring Systems Management Server (SMS) 2003 and Microsoft Operations Manager (MOM) 2005, DSI offered IT-infrastructure automation. By utilizing DSI, IT professionals could be more effective in response to demands for change by their businesses.

Microsoft developed these products further and branded them as System Center. System Center Configuration Manager (ConfigMgr or SCCM) 2007 (and later R2 and R3) replaced SMS 2003. System Center Operations Manager (OpsMgr or SCOM) 2007 (and later R2) replaced MOM 2005. Then System Center Data Protection Manager (DPM) 2007 (and later 2010) appeared on the scene. System Center Virtual Machine Manager (VMM) 2007, 2008, and 2008 R2 provided a virtualization-management solution. They were joined by Service Manager 2010, while Microsoft acquired a product called Opalis. Although these products span many years, they are sometimes referred to as System Center 2007.

While DSI aimed to provide just automation to the system administrator across Microsoft products, System Center 2007 expanded into providing automation and service management across Microsoft and non-Microsoft products in a strategy known as the Dynamic Data Center. Microsoft recognized the importance of compliance, of service-level agreements (SLAs) to the customer (external or internal), and of security. In other words, Microsoft, instead of focusing entirely on the virtualization layer, recognized that the service, and everything that comprises it, is important.

System Center 2012 and the Microsoft Private Cloud

Microsoft System Center has grown from a loose collection of automation tools into a tightly integrated service-management solution. In 2010, Microsoft released System Center Virtual Machine Manager Self Service Portal 2.0 (or SCVMMSSP 2.0 for short), which provides a private cloud layer that can abstract the virtualization infrastructure managed by System Center Virtual Machine Manager 2012. SCVMMSSP 2.0 was a nice first try, and it was not widely adopted. Not long after the release of SCVMMSSP 2.0, Microsoft announced that more was to come from the System Center product groups in 2012. This announcement is part of the reason SCVMMSSP 2.0 hasn't been widely accepted.

System Center 2012 features a new generation of products that build on the automation of DSI and the service management of the Dynamic Data Center, and drive Microsoft into the private cloud. A private cloud enables a business to be more responsive to threats and opportunities by enabling the business to deploy and change services without intervention by the IT department. The role of IT is to provide the shared resources, with automatically provisioned fault-tolerant networking. Services that are deployed should be measured and capable of elasticity to respond to spikes in demand. These are all the traits of a private cloud (see Chapter 1).

Server-based applications are nothing without the client devices to access them, the network to connect to them, and the processes that regulate the business. System Center is a complete solution, encompassing the entire service and infrastructure stack and enabling the IT department to deliver this service.

Talk of cloud computing usually strikes fear into the hearts of traditional server and desktop administrators. But the Microsoft private-cloud strategy doesn't make administrators redundant. It changes their role. They shift from a service-deployment role to an engineering function. Instead of deploying virtual machines or software, they engineer the systems that enable the business to deploy what they need, when they need it, in a manner that is compliant (with process standards and regulations), automated, secure, scalable, controlled, measurable, and dependable. The administrators manage the shared resources of the private cloud. They have more time for engineering. This is exactly what they want to do (because playing with this stuff is fun for computer geeks), and this is exactly what the business wants from IT (because they can deploy what they want for themselves).

Beneficiaries of the Microsoft Private Cloud

Can it really be possible that the Microsoft approach is a win-win-win strategy? Of course, skeptics will say that only Microsoft will win. They'll continue to struggle with service quality and speed while clinging to their failed strategy. Those who are open-minded enough to listen to reason, to consider an alternative, and to give the Microsoft private cloud an honest opportunity to prove itself will soon see how much it offers to all involved.

The Customer Business

Fortunately, the people paying the bills will benefit from the Microsoft private cloud! They care about accessing critical line-of-business applications, collaborating with partners, and reaching out to customers. They care about flexible and agile services that enable the business to react to threats and opportunities before it is too late. A private cloud provides all this.

The Microsoft private cloud not only pays attention to the application layer of the service, but it also manages the complete application stack, including clients (PC, virtual desktop, remote desktop, or mobile device), compliance and security, and the network that connects users to the service.

Importantly, the Microsoft private cloud does this by providing licensing for System Center 2012 without charging customers a prohibitive tax, something that cannot be said for alternative solutions. Strangely enough for Microsoft licensing, System Center 2012 licensing is pretty simple to understand. You typically license each virtualization host for the System Center suite—and that's it! Consult your large account reseller (LAR), distributor, or value added reseller (VAR) to learn more about how you can license the Microsoft private cloud based on System Center 2012 for your business.

The Customer Systems Administrators or Engineers

Neither IT techies nor their company management want the IT department to be putting out fires or doing boring and repetitive work. System Center 2012 allows the IT department to take control of the entire IT infrastructure, from the network all the way through to the application layer, and manage the security, delivery, and compliance of the entire stack. This leverages automation for the processes that are repetitive, enables management by exception for scaled-out infrastructures, and empowers users to help themselves in a controlled and measured manner. It might sound too good to be true, but System Center users know how it can enable administrators to improve the way they work.

Any system that enables the balance to shift from reactive to proactive, from firefighting to interesting engineering, and from heated discussions with the boss and users to a service where the business acknowledges the value that you can provide deserves serious consideration.

The System Integrator or Consultant

There was a time when service providers had reasonable profit margins when reselling hardware or software to their customers. With increased competition and tougher economies, those days are a distant memory. Profits are made by providing expertise to customers in the form of consulting.

Some prefer a curious approach. They drain their customers' budgets by reselling a software solution that deals only with the challenges of virtualization infrastructure. Software sales earn the company a lower margin. Customers have less budget remaining for consulting, and the service providers have less potential for those profit-earning service hours/days.

The Microsoft private-cloud solution takes a different approach. It leverages virtualization solutions that may already exist at the client site, thereby protecting existing investment. However, the focus is on the service-delivery side of the private cloud. With economical and simple licensing, the service provider can shift from a low-margin software-sale-first approach to a high-margin services-sale-first approach.

That's enough of the high-level strategy discussion. It is time to learn a little more about the components of System Center 2012 to prepare you for the rest of the book.

System Center 2012 in the Microsoft Private Cloud

We have spent a lot of time talking about clouds and the Microsoft strategy. It is time to learn a bit more about what makes up a Microsoft private cloud.

Virtualization

Virtualization (such as vSphere, XenServer, or Hyper-V) enables server consolidation and rapid deployment of virtual machines. Virtualization is the start of the journey to the private cloud, not the destination.

Actually, virtualization is a critical piece of the private cloud. Without it, you cannot realistically provide rapid, flexible, self-service delivery of services or a collection of consolidated shared resources.

By abstracting services and machines from hardware, virtualization makes it possible for an IT department to build a library of reusable resources that can be made available to the business. Self-service, quality control, automation, and flexibility are leveraged by System Center 2012 to build the Microsoft private cloud.

System Center 2012 Roles

System Center 2012 offers several products that enable the private cloud. Each of them plays a vital role in Microsoft's solution.

System Center 2012 Configuration Manager (SCCM or ConfigMgr)

SCCM 2012 is a lifecycle-management solution that provides tools to help administrators look after the IT infrastructure, from client to server. The 2012 release provides a solution to empower users to deploy software to their own PCs.

With ConfigMgr 2012 in place, administrators can centrally manage PCs, servers, virtual machines, and mobile devices such as Windows Phone, Android, and iPhone/iPad. Administrators can do the following:

• Perform zero-touch deployment of operating-system images to computers
• Deploy software and service packs according to policy
• Distribute security updates for Microsoft, partner, and custom products
• Audit hardware and software, storing knowledge of the infrastructure in a central database
• Determine configuration compliance and use policy to autocorrect noncompliant configurations
• Centrally manage Forefront Endpoint Protection 2012, Microsoft's antivirus product for desktop and server operating systems

The consumerization of IT has created a demand for self-service provisioning of services (cloud computing) and apps. With a new user-centric approach, ConfigMgr 2012 enables administrators to package software, making it available to users from a portal. Company-wide licensed or free software can be installed automatically and immediately when requested by a user; other software can require an approval workflow to be completed before the software can be installed on the user's PC.

ConfigMgr offers automated discovery of services deployed in the private cloud and complete control over licensing, configuration, standardization, and security. Without this functionality, the business would be subject to all sorts of threats, including licensing noncompliance, security issues, and nonstandardization. This solution makes end users happier too, because they can drive change when they need to and react to the daily challenges of doing their jobs.

System Center 2012 Operations Manager (SCOM or OpsMgr)

What good is delivering a service if you cannot ensure the quality of that service? SCOM is an enterprise monitoring solution for the complete IT service.

The Network

The link between a service and the consumer of that service is a critical IT resource. OpsMgr 2012 adds network-fabric discovery and monitoring to its arsenal, enabling complete service-delivery monitoring.

Hardware

Building on server and storage partnerships with Microsoft, OpsMgr can use the manufacturer's own knowledge and expertise to monitor the hardware that provides virtualization and storage fabrics.

Virtualization

Virtualization is an enabling layer of the private cloud, so it should be monitored. A black box that can negatively impact the performance of business services is not acceptable.

Operating System

This enables administrators to determine the health and performance of the operating system that is hosting business services, including Windows, Linux, and UNIX.

Applications

Expertise is provided by Microsoft and partners for the applications (such as IIS and SQL Server) that you install in your virtual-machine operating systems.

Many line-of-business applications are custom-developed and have no prepackaged monitoring expertise. There are ways to provide external monitoring, but issues sometimes fall between the cracks of the opposing forces of IT administrator and application developer. OpsMgr 2012 adds built-in monitoring for .NET and for Java 2 Platform, Enterprise Edition (J2EE) applications, offering visibility into the health and performance of those applications, even if the developers have not bothered with logging and monitoring.

Client Perspective

It is great when traditional monitoring of IT components reports that everything is healthy, but it is infuriating when the console is all green while users are complaining about an outage or performance issue. For example, a web application may appear to be running and performing OK, but if there's a bug in the web application that causes a failure, IT finds out only when users complain.

OpsMgr 2012 can monitor services from a client's perspective. This can vary from basic availability and responsiveness to replaying recorded transactions to ensure that the expected results occur. This enables IT to start reacting to issues as soon as the service degrades, even if everything appears to be OK from the server perspective.

Service-Level Agreement

A service comprises many infrastructure and application components. This relationship can be modeled, and the level of performance and availability to the business can be measured. The business can then use this to evaluate the success of service delivery by IT infrastructure and application developers/administrators, making OpsMgr 2012 an infrastructure (private cloud and Microsoft's public cloud, Windows Azure) and business solution.

With OpsMgr 2012, a business can monitor everything that makes up the private cloud and the services that are hosted by it. This shift from focusing just on the virtualization layer can greatly improve the performance and availability of business-critical services.

System Center 2012 Virtual Machine Manager (VMM)

VMM 2012 is the system that ties together the infrastructure components and the reusable resources that make the private cloud, and it deploys the services that are required by the business:

Fabric Management

A fabric is a collection of infrastructure resources that are components of the private cloud. VMM 2012 is able not only to manage, but also to deploy Hyper-V hosts and clusters to bare-metal machines. Remember that the business doesn't care which kind of virtualization is used. If you have XenServer or vSphere, VMM 2012 protects your investment by letting you include those products in your virtualization fabric. This means that services can be deployed across any of the big three virtualization platforms. Network (IP configuration and load balancers) and storage (for VM and data placement) fabrics can be provisioned for virtual machines so that they are automatically configured.

Resource Management

VMM has been capable of reacting to errors detected by OpsMgr using a feature called performance and resource optimization (PRO). PRO is not a dynamic feature; it waits for a warning or a fault. This feature continues in System Center 2012, but it is joined by much more.

Dynamic optimization enables VMM to dynamically load-balance virtual machines and their workloads across the virtualization infrastructure. A new power-management feature enables VMM to consolidate virtualized workloads down to fewer virtualization host servers during times of low utilization. Idle hosts can be powered down, further reducing the electricity bills of the IT infrastructure.

One of the best features of VMM is the library. This is a reusable collection of resources such as virtual-machine templates, virtual-machine profiles, ISO files, and scripts. The 2012 version adds more resources, such as Server App-V packages for SQL Server and IIS (which enable services to be packaged and easily deployed to virtual machines as virtualized programs that run in a server operating system), SQL database packages, application packages, and website packages. The contents of this library are the ingredients of a service.

PowerShell lives on and expands as a scripting and enhanced command-line solution in VMM. With PowerShell, administrators can automate operations and build more complex tasks than can be performed in the administration console.

A hotly requested feature for VMM arrives in the 2012 version. The VMM service can be clustered, making it highly available. This is critical if VMM is to be the beating heart of the private cloud, deploying and managing the infrastructure, as well as deploying services for the business.

Cloud Management

Private clouds can be built from the virtualization hosts that are managed by VMM. Permission to deploy services can be delegated to end users, and this can be quota- and policy-controlled by VMM administrators.

Service Management

The service template is a new feature that joins all of the pieces together and enables end users to deploy a complete IT-based service.

Administrators can define one or more templates that describe common application architectures. This can include networks, network load balancers, virtual machines (numbers and elasticity per role in the service), virtual-machine templates, Server App-V packages, and so on. End users can select one of these service templates and deploy it. After a few minutes, anything from a single virtual machine to a complex n-tier application can be deployed on their behalf—with IP configurations completed, network load balancers operating, and services such as IIS and SQL Server up and running.

Maintaining security is a big concern for businesses because of the self-service nature of the private cloud. Administrators can automate the deployment of security updates to the virtualization fabric (Hyper-V hosts) and to the components of the services.

Quite a bit of growth has occurred since the days of VMM 2008 R2. Most of this book focuses on how you can use these pillars to deploy and manage a private cloud. VMM 2012 won't be discussed much here, because the remainder of the book focuses on it and how it enables the Microsoft private cloud.

System Center 2012 App Controller

App Controller is a new product that provides a single, seamless self-service interface for deploying and managing services across VMM-managed private clouds and the Microsoft Azure public cloud. It simplifies service deployment and enables the owner to pick and choose the right cloud for each service. You will learn more about this cross-premises or hybrid cloud solution in Chapter 11, “App Controller and the Public Cloud.”

System Center 2012 Data Protection Manager (DPM)

One of the most important functions of the IT department is to protect the services and data of the business in case of disaster. DPM is Microsoft's backup and recovery solution. With it you can back up data from Hyper-V–based services in a few ways:

In-VM Backup

A DPM agent can be installed in each VM to back up the entire virtual machine or just the data. An in-VM backup is an inefficient way to back up an entire virtual machine, but it is an effective way to back up just the important business data, such as file shares and databases.

Storage-Level VM Backup

A DPM agent is installed on every Hyper-V host server to enable the backup of entire running virtual machines, as if they were just a collection of a few files with some metadata. This makes restoration of a lost or corrupted virtual machine quick and easy. This type of backup allows you to mount virtual machines and restore data from them, but it is not intended for restoring databases and other such applications that require consistency between files.

A Combined Approach

By combining frequent in-VM backups with infrequent storage-level VM backups, you can back up business data on a regular basis (for example, every hour), and you can back up virtual machines less regularly (for example, once a week, once a month, when computer account passwords change, or when security updates are applied). This approach optimizes data transfer over the network, greatly reduces the time it takes to restore a lost virtual machine, and offers the granularity of an in-VM backup.

DPM 2012 offers direct-to-disk backup of data on a block-level basis. This means that only the changes to files are backed up, unlike the traditional and inefficient full/incremental approach. Backup data can be streamed to tape, and it can be replicated to another DPM server's disk for off-site storage.

New features of DPM 2012 include

• Centralized management of many DPM servers from a central console
• Role-based management
• Certificate-based protection for machines that are not members of the Active Directory forest
• The ability to store many protection groups (policies) on a single tape
• Item-level recovery from SharePoint farms
• Improved and faster backup of Hyper-V virtual machines

System Center 2012 Orchestrator

Formerly known as Opalis, Orchestrator 2012 is known as a runbook automation solution. Orchestrator is intended to automate repetitive tasks by comprising many steps, which span one or more systems.

Every organization's IT department has many examples of such tasks. There will be a folder of processes, where some operation requires a skilled IT operator to spend the business's valuable time executing a sequence of steps, clicking and typing exactly what is documented. There is almost no variation in the implementation of the process.

Orchestrator makes it possible for organizations to automate repetitive processes that span many systems. The business wins because it gets predictable, timely results. IT operators can use the saved time to benefit the business. And let's face it: no one enjoys doing this kind of donkey work; they'd rather be doing something more interesting.

With System Center 2012 Orchestrator, you can automate processes across heterogeneous systems from Microsoft, HP, IBM, EMC, BMC, CA, and even VMware, using provided integration packs. Third-party integration packs can be purchased, and more can be developed in-house as required.

If you've worked with Opalis in the past, you will be happy to learn that the reliance on Java has been dropped. Orchestrator 2012 also features a much tighter integration with the rest of System Center 2012 to facilitate cross-platform automation in the Microsoft private cloud.

System Center 2012 Service Manager (SCSM)

The name of this product is pretty descriptive; SCSM is all about delivery of service to the business. SCSM accomplishes this in three ways:

Self-Service

A customizable service catalog presents a set of services that span both the infrastructure and application layers. End users, departmental IT staff, application administrators, developers, and so on can request operations to be completed on their behalf. Leveraging automation, such as the runbook or process automation provided by Orchestrator 2012 or the System Center Cloud Services Process Pack, SCSM 2012 enables those noncentral IT staff to request the system to do work on their behalf. The automation systems perform the work, and other systems monitor it for exceptions. The role of central IT shifts from doing that repetitive work to engineering the automation systems and monitoring them for performance and reliability.

Process Compliance and Automation

SCSM 2012 can reach into the databases of ConfigMgr 2012 and OpsMgr 2012 to learn about the infrastructure and services that IT provides to the business. SCSM 2012 can then be used to achieve business goals, such as IT-risk, governance, and compliance solutions.

Management

SCSM 2012 can be referred to as a help-desk solution, but that does it a disservice. It is also capable of being an automated management solution by building in workflows for problem management, SLA management, and service management (helpdesk). With all this talk of private clouds, computers, and automation, it's easy to forget that humans are part of the equation and they require assistance from time to time.

System Center 2012 is a complete solution spanning all components of the private cloud, from creating the cloud to monitoring service delivery. The central piece in the creation of a private cloud is System Center Virtual Machine Manager 2012. Part 2 of this book, “Fabric and Service Management,” will teach you how to build the infrastructure of your first Microsoft private cloud.

Summary

In this chapter you learned that the Microsoft private-cloud strategy is to emulate the goal of the private cloud. It uses the System Center 2012 suite of integrated products to focus on service delivery and management, which are directly relevant to the business, bringing you beyond virtualization.

Each of the System Center products plays a role in building the private cloud, deploying services, monitoring the fabrics and services, protecting the business, providing automation and self-service, and integrating with the Microsoft public cloud, Azure. System Center Virtual Machine Manager 2012 and System Center App Controller play central roles in the creation, management, and service deployment of a Microsoft private cloud.