Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide

Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide Contents Introduction... 2 Environment Topology... 2 Virtual Machines / System Requirements... 3 Environment Requirements... 5 Public DNS Mappings... 5 File Share preparation (Optional)... 6 Role Account preparation... 7 SQL and MySQL... 7 Install Instructions... 13 Install and Configure the Service Management Portal and Service Management API... 13 Express Install... 13 Distributed Install... 20 Install and Configure the Web Sites service... 34 Launch the Web Site Cloud Setup... 34 Configure the Web Site Cloud Service Management Portal... 38 Provision services... 45 Web Site Cloud... 45 Post-Provisioning Configuration... 50 Application Databases... 51 VM Clouds... 55 Plans... 58 End-User Experience... 63

Introduction This document accompanies the Beta for Web Sites, Virtual Machines, Service Management Portal and Service Management API, and provides the step by step installation instructions for the Service Management Portal & API and the Web Sites components. Environment Topology Service Management Portal and API The Service Management Portal and API consist of the following components: Service Management Admin Site: where administrators can create Web Sites clouds, Virtual Machine clouds, author plans and manage user subscriptions. Service Management Tenant Site: where users can sign up and create web sites, virtual machines and databases. Service Management API: the API layer that serves as the interface between the Admin and Tenant Sites and all the offered services such as web sites, virtual machines and application databases. Note The three components may be installed on the same machine (using the Express install package) or on different machines via their individual install packages. Web Sites Roles Web Sites Controller : enhanced version of Web Farm Framework (WFF) that provisions and manages Web Sites Roles. Web Sites REST API: Web Sites Management API exposed via REST endpoint. Web Workers: Web Sites-specific version of IIS web server which process client web requests. Web workers may be Shared or Reserved. Front End: Web Sites-specific version of Application Request Routing (ARR) which accepts web requests from clients, routes requests to Web Workers and returns web worker responses to clients. Publisher: Web Sites-specific version of WebDeploy and FTP which provides transparent content publishing for WebMatrix, Visual Studio and FTP clients. File Server: Provides files services for hosting web site content. Databases SQL Server: database creation functionality stand-alone as well as for web sites that require a SQL database. MySQL Server: database creation functionality stand-alone as well as for web sites that require a MySQL database. Virtual Machines Virtual Machine Manager (VMM): provides the capability to create virtual machines, virtual networks, templates and disks. Service Provider Foundation (SPF): exposes the Virtual Machine Manager capability via REST API. Note

This install guide does not cover deployment of Virtual Machine Manger and SPF. Please refer to the System Center 2012 SP1 install guides for deploying the Virtual Machine capability. Virtual Machines / System Requirements The Service Management Portal and API and the Web Sites components in this Beta release are intended to run on a minimum of 7 machines (these machines may be virtual). In addition to these

machines, it is expected that there will be one or more servers in the datacenter running Microsoft SQL Server and MySQL Server. The SQL Server, MySQL Server, and File Server can coexist with each other, and the Hyper-V host machine, but should not be installed in the same VMs as other Web Sites roles. Use separate SQL Server computers, or separate SQL instances, on the same SQL Server computer to isolate the Web Sites configuration databases from user/web sites databases. Naming convention We recommend using descriptive computer names for each machine such as: SvcMgmtPortal (for Express installation) SvcMgmtAdmin, SvcMgmtTenant, SvcMgmtAPI (for distributed installation) SitesController Web Sites Cloud Controller SitesRESTAPI Web Sites Cloud REST API layer SitesFE Web Sites Cloud Front End SitesPublisher Web Sites Cloud Publisher SitesWWS Web Sites Cloud Shared Web Worker SitesWWR Web Sites Cloud Reserved Web Worker FileServer Web Sites Cloud File Server Memory For Service Management Portal & API, plan to reserve at least 8GB RAM if all three components are installed using the Express install on the same machine. 4GB RAM for each of the three machines if using the distributed install. For the Web Sites roles machines, allocate at least 4GB RAM for each role. Do not use dynamic memory. Disk space Allocate at least the minimum amount of disk space as required by the Windows Server 2012 operating system for each machine. For the File Server role, allocate enough disk space for user generated web site content. Software requirements Windows Server 2012 operating system Download the Web Platform Installer (WebPI) Install the following items sequentially using WebPI o IIS recommended configuration o.net Framework 3.5 SP1 o.net Framework 4.0 Disable IE ESC for Administrators via Server Manager. All available Windows and.net updates

Important Ensure that you follow this installation order to ensure proper registration of the.net framework assemblies. Network Environment Configure intranet and internet access for machines running Web Sites roles as described below. Inbound access from the Internet The following roles should be accessible from the Internet: o Front End to accept client requests for websites. o Publisher to accept requests from publishing tools like WebMatrix and FTP clients. Other Web sites roles do not require inbound internet access, as they do not directly service customer requests. Outbound access to the Internet It is important that all Web Sites VMs, including Web Workers, have outbound HTTP web access to download software dependencies when installing the roles. Web Sites requires that the servers have transparent outbound Internet access. Web proxy only access is not sufficient. Web Sites UAC On each Web Sites role, UAC must be disabled as described below: On each machine, run the following command from an elevated command prompt: %windir%\system32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f Reboot the machine Note If you are logged on as a user that has Administrator privileges on a remote Web Sites Cloud role machine you can disable UAC on the remote machine by running the following command from an elevated command prompt: %windir%\system32\cmd.exe /k %windir%\system32\reg.exe ADD \\<machine_name>\hklm\software\microsoft\windows\currentversion\p olicies\system /v EnableLUA /t REG_DWORD /d 1 /f Substitute the name of the remote Web Server Cloud role machine for <machine_name> to disable UAC on the remote machine. Environment Requirements Public DNS Mappings

By default, Web Sites are created under a default domain. Once a website is created, users can add custom domain names to each web site. While tenant web sites can be configured to support custom domains, Web Sites does not update custom DNS records. For a given domain such as MyCloud.com you would create the following DNS A records: Host name IP for * Front End Server(s) ftp Publishing Server(s) publish Publishing Server(s) www Service Management Portal / Web Sites Controller Server @ (or empty) Service Management Portal / Web Sites Controller Server This mapping scheme would allow users to login into both http://www.mycloud.com and http://mycloud.com to manage their sites. These two hostnames map to the portal websites that users and administrators use to manage the software. The portals are described later in this document. In this configuration, user-created web sites are initially created using child domains such as site1.mycloud.com, site2.mycloud.com, etc... Content publishing via Web Deploy and FTP uses publish.mycloud.com and ftp.mycloud.com, respectively. Content publishing via git uses *.scm.mycloud.com. Note There is no requirement for a special domain for this deployment. You can use a subdomain like my.yourdomain.com under an existing domain. File Share preparation (Optional) If using a standalone Windows File Server, file server preparation is not required and is automated during the installation process. If, however, you are using a file server cluster or NAS device, you must create the following shares Content Share holds tenant website content Certificate Share holds tenant custom certificates In addition, you will need to create users with the following permissions: User Content Share Permissions Certificate Share Permissions FileShareOwner Read/Write Read/Write FileShareUser CertificateShareUser Read/Write Read/Write

Note The Web Sites Beta uses a new security technology which does not depend on per web site file share permissions. This enables Web Sites to work with heterogeneous file storage implementations such as NAS devices. To use disk quotas, install the File Services role and File Server Resource Manager role service on the File Server using the following commands: PowerShell.exe Enable-PSRemoting Force %windir%\system32\dism.exe /online /enable-feature /featurename:fsrm-management /featurename:fsrm-infrastructure Role Account preparation Create the following accounts on the roles below to allow inter-role communication: Username File Server Publisher REST API Front End FileShareUser X X FileShareOwner X X CertificateShareUser X X Note When you create these user accounts ensure that the following options are applied: User must change password at next logon is unchecked. User cannot change password is checked. Password never expires is checked. If using local (non-active Directory) accounts, passwords must match across the various roles. SQL and MySQL If you don t have instances of SQL or MySQL Servers, you may install SQL Server Express and MySQL 5.1 on (one of) the Service Management Portal & API machines. Install SQL Server Express using WebPI 1. Launch the Web Platform Installer. 2. Click Products and select Database. Click the Add button next to SQL Server Express 2008 R2, SQL Server 2008 R2 Management Objects and SQL Server 2008 R2 Management Studio Express with SP1, then click Install.

3. Enter a password for the sa account, re-type the password and click Continue.

4. Accept the licensing agreements. The Web Platform Installer will install SQL Server Express. Install MySQL Server 1. Launch the Web Platform Installer. 2. Click Products, select Database, click Add next to MySQL Windows 5.1 and then click Install.

3. Enter a password for the root account and click Continue.

MySQL for Windows 5.1 will finish installing. SQL Server/ SQL Server Express preparation Ensure that the SQL server(s) that will be used for storing the Web Sites configuration database as well as any per-user/per-website databases are accessible remotely. 1. Test IP connectivity and name resolution between all VMs. 2. Ensure that the SQL Server(s) have remote access enabled. 3. Ensure that the SQL Server(s) have mixed mode authentication enabled. 4. Enable the TCP protocol on the SQL Server computers. a. For SQL Server, follow the steps described at http://technet.microsoft.com/enus/library/ms191294.aspx. b. For SQL Server Express, use SQL Server Configuration Manager to update TCP ports. Click Start, All Programs, Microsoft SQL Server 2008 R2, Configuration Tools, SQL Server Configuration Manager to open the SQL Server Configuration Manager. Then navigate to Protocols for MSSQLSERVER and click on the TCP/IP protocol. Ensure that the TCP/IP protocol is enabled. c. Navigate to the IP Addresses tab and scroll down to IPAll. Update the TCP port to 1433 and ensure that the TCP dynamic port is disabled.

d. Restart the SQL Server (SQLEXPRESS) service. 5. Configure Windows Firewall for Database engine access: a. Add TCP port 1433 to the Inbound rules as described at http://technet.microsoft.com/en-us/library/ms175043.aspx. b. Add SqlBrowser.exe (c:\program Files (x86)\microsoft SQL Server\90\Shared\sqlbrowser.exe) to the Inbound rules. 6. Enable the SQL Server Browser service if any of your SQL Server instances are running in an instance other than the "default" SQL Server instance. i.e. If Sql connection strings specify a SQL Server instance in addition to the machine name (e.g. YouSqlServerMachine\SqlExpress), then the SQL Server Browser service must be running. MySQL Server preparation Ensure that the MySQL server(s) is/are accessible. 1. Test IP connectivity and name resolution.

2. Open TCP 3306 Inbound on Windows Firewall for each computer running MySQL. 3. Enable remote access to MySQL: Note Update password to the root password used at the time of installation. The following commands assume that the root password is Pass@word1$ a. Enter the following commands from an elevated command prompt: C:\Program Files\MySQL\MySQL Server 5.1\bin>mysql -u root -p Enter password: ********** GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'Pass@word1$' WITH GRANT OPTION; FLUSH PRIVILEGES; use mysql; update user set grant_priv='y' where user='root'; b. Verify that the command executed and then type the following command: exit; c. Restart the MySQL service using Server manager or by typing the following from an elevated command prompt: net stop mysql net start mysql Install Instructions Install and Configure the Service Management Portal and Service Management API Express Install 1. Logon to the Service Management Portal machine (for example, SvcMgmtPortal ) and launch the Web Platform Installer. 2. Click the Products tab and then click Windows Azure. Click Add next to Service Management Portal and Service Management API Beta (Express), and click Install.

3. Click I Accept on the Prerequisites screen and the installation will begin. The machine may reboot during the installation.

4. When installation is complete click Continue and Finish.

5. Configuration will open the Service Management Configuration Site (https://localhost:30101/) in Internet Explorer. If the Internet Explorer security certificate warning page is displayed click Continue to this website (not recommended).

6. If prompted enter Administrator credentials to connect to the Configuration site which will display the Database Server Setup page. On the Database Server Setup page enter sa credentials to connect to the SQL Server or SQL Server Express instance you installed, enter a passphrase for the Config store and then click the next arrow in the bottom right corner of the web page to continue.

7. The features being installed are listed on the Features Setup page. After the features are successfully configured click the checkmark in the bottom right corner of the Features Setup page to launch the Service Management Admin Portal (https://localhost:30091/#workspaces/websystemadminextension/quickstart).

8. When prompted enter Administrator credentials and if presented with a security certificate warning page click Continue to this website (not recommended) to display the Service Management Portal Tour Welcome page. 9. As you review the Portal Tour pages click the next arrow to proceed. On the last page click the checkmark to close the tour and display the Service Management Admin Portal.

Distributed Install Per the Environment Topology section, you may deploy the Service Management Admin Site, Service Management Tenant Site and the Service Management API on separate machines. These components may be deployed on individual machines or in different combinations (for example, the Tenant Site and Service Management API on a machine that has internet access and Admin Site on a machine that has protected access). Service Management Admin Site 1. Logon to the Admin Site machine (for example, SvcMgmtAdmin) and launch the Web Platform Installer.

2. Click the Products tab and then click Windows Azure to see the list of available install options. Click Add next to Service Management Admin Site, and click Install. 3. Click I Accept on the Prerequisites screen and the installation will begin. The machine may reboot during the installation.

4. When installation is complete click Continue. And then click Finish on the Finish screen.

5. The Service Management Configuration Site (https://localhost:30101/) will launch with Internet Explorer. If the Internet Explorer security certificate warning page is displayed click Continue to this website (not recommended).

6. If prompted enter Administrator credentials to connect to the Configuration site. 7. The Configuration Site wizard will display the Database Server Setup page. On the Database Server Setup page enter sa credentials to connect to the SQL Server or SQL Server Express instance, enter a passphrase for the Config store (make sure to use a strong passphrase) and then click the next arrow to continue.

8. The list of features on the machine will show on the Features Setup page. After the features are successfully configured click the checkmark in the bottom right corner.

9. The Admin Site will launch. If the Service Management API has not yet been configured in the environment, you will see a notification on the Admin site asking you to configure the Service Management API.

10. Once the Service Management API has been configured you may click Try Again to continue. Service Management Tenant Site 1. Logon to the Tenant Site machine (for example, SvcMgmtTenant ) and launch the Web Platform Installer. 2. Click the Products tab and then click Windows Azure to see the list of available install options. Click Add next to Service Management Tenant Site, and click Install. 3. Follow steps 3 to 9 in the Service Management Admin Site section above. Service Management API 1. Logon to the Service Management API machine (for example, SvcMgmtAPI) and launch the Web Platform Installer. 2. Click the Products tab and then click Windows Azure to see the list of available install options. Click Add next to Service Management API, and click Install.

3. Click I Accept on the Prerequisites screen and the installation will begin. The machine may reboot during the installation.

4. When installation is complete click Continue on the Configure screen and Finish on the Finish screen.

5. Configuration will open the Service Management Configuration Site (https://localhost:30101/) in Internet Explorer. If the Internet Explorer security certificate warning page is displayed click Continue to this website (not recommended).

6. If prompted enter Administrator credentials to connect to the Configuration site which will display the Database Server Setup page. On the Database Server Setup page enter sa credentials to connect to the SQL Server or SQL Server Express instance you installed, enter a passphrase for the Config store and then click the next arrow in the bottom right corner of the web page to continue.

7. After the features are successfully configured click the checkmark in the bottom right corner of the Features Setup page. This will prompt you to close your browser window. Complete Service Management Admin Site setup 1. Go back to the Service Management Admin Site machine, and refresh the page the page that you left off at in the Service Management Admin Site section. Or browse to https://localhost:30091/#workspaces/websystemadminextension/quickstart in Internet Explorer. 2. If presented with a security certificate warning page click Continue to this website (not recommended) and enter Administrator credentials to display the Service Management Portal Tour Welcome page.

3. Click through the Portal Tour pages by clicking the next arrow and click the checkmark to close the tour and display the Service Management Admin Portal.

Install and Configure the Web Sites service The Web Sites Cloud controller provides the logic to monitor the state of and maintain the health of all the roles in a Web Sites Cloud. The Web Sites Cloud controller must be installed before installing any other Web Site Cloud roles. Launch the Web Site Cloud Setup 1. Logon to the Web Sites Controller VM (for example, SitesController) and launch the Web Platform Installer. 2. Click the Products tab and then click Windows Azure. Click Add next to Web Sites service and third party dependencies, and click Install. 3. Click I Accept to accept license terms and launch setup.

4. Setup will display the progress of the installation.

5. After installation is complete, click Continue to open the Service Management Configuration site.

6. Your browser may display a certificate security warning. Click Continue to the website (not recommended) and provide necessary Administrator credentials when prompted to continue to the Web Site Cloud Controller configuration page.

Configure the Web Site Cloud Service Management Portal 1. On the Database Server Setup page provide the following information and click the next arrow in the bottom right of the page: Name Server Name Database Server Admin Username Database Server Admin Password DNS Suffix Value Name of the SQL Server instance used by the controller to store web site hosting and resource usage information. sa Password for sa account As determined by Public DNS Mappings

2. Provide the requested information for the Management Server / Web Site cloud REST API server: Server Name Name of machine that will run the management server role, e.g. SitesRESTAPI Machine Credentials to install Management roles Admin Username Provide one of either: Domain account that is member of local Administrators group on all web site cloud role machines, excluding the web worker(s) Local account that is a member of local Administrators group on all web site cloud role machines, excluding the web worker(s). If using a local account, the account name and password must be identical on all machines, excluding the web Admin Password Machine Credentials to install Worker roles Admin Username worker(s). Password for the domain or local account that is a member of the local administrators account on all web site cloud management role machines, excluding the web worker(s). Provide one of either: Domain account that is member of

Admin Password local Administrators group on all web worker(s) Local account that is a member of local Administrators group on all web worker(s). If using a local account the account name and password must be identical on all machines. Password for the domain or local account that is a member of the local administrators account on all web worker(s). 3. Scroll down to provide Service End Point credentials and then click the next arrow on the bottom right corner of the page. Make a note of these credentials as they will be required when registering your Web Sites REST endpoint in the Service Management Portal Admin site. Service Endpoint Credentials Username Password Provide a username for connecting to the web site rest endpoint. Provide a password for the service endpoint credentials.

4. If using a standalone file server: Select the option to Create a New Standalone Windows File Share. File Server Name Enter the name of the file server machine, for example FileServer. Content Share Network Path \\<Server name>\websites, for example, \\FileServer\WebSites Content Share Physical Path <Drive letter>:\websites, for example, C:\WebSites File Share Owner Username Specify the FileShareOwner account you created. File Share Owner Password Specify the password of the FileShareOwner account.

Scroll down and specify the following information to finish filling out the File Server Setup page and then click the next arrow at the bottom right of the page. File Share User Username Specify the FileShareUser account you created. File Share User Password Specify the password of the FileShareUser account. Certificate Share Network Path \\<Server name>\certificates, for example, \\FileServer\WebSites Certificate Share Physical Path <Drive letter>:\certificates, for example, C:\Certificates Certificate Store Account Username Specify the CertificateShareUser account you created. Certificate Store Account Password Specify the password of the CertificateShareUser account. Click the checkmark on the bottom right of the Ready to configure page for the Web Sites service feature. 5. If using a pre-configured file server, file server cluster, or NAS device: Select the option to Use a Pre-configured File Server. Content Share Network Path - \\<Server name>\websites, for example, \\FileServer\WebSites File Share Owner Username Specify the FileShareOwner account you created.

File Share Owner Password Specify the password of the FileShareOwner account. Scroll down and specify the following information to finish filling out the File Server Setup page and then click the next arrow at the bottom right of the page. File Share User Username Specify the FileShareUser account you created. File Share User Password Specify the password of the FileShareUser account. Certificate Share Network Path \\<Server name>\certificates, for example, \\FileServer\WebSites Certificate Store Account Username Specify the CertificateShareUser account you created. Certificate Store Account Password Specify the password of the CertificateShareUser account. Click the checkmark on the bottom right of the Ready to configure page for the Web Sites service feature.

After you accept the specified configuration settings Web Site Setup will complete installation, adding the servers and getting the hosting controller ready. Click the checkmark again on the bottom right of the Ready to configure page to finalize configuration of the Web Sites service feature. Note To follow the progress of the configuration open Internet Information Services (IIS) manager Expand Server Farms Management Servers click Servers and monitor the trace messages section. Upon successful completion of configuration the last Trace Message should read Server successfully started. Provision services Web Site Cloud 1. Logon to the machine where the Service Management Admin Site was deployed (for example, SvcMgmtPortal for Express install or SvcMgmtAdmin for Distributed install). Launch the Admin Portal (https://localhost:30091) if it is not already open. 2. Click on Web Site Cloud and then click on Connect the portal to your web site installation, under Register your Web Site Cloud REST Endpoint.

3. Enter the following information for the resource provider: a. End Point URL: https://< SitesRESTAPI> b. Username: Enter the username that you specified when creating the Service Endpoint Credentials. c. Password: Enter the password that you specified when creating the Service Endpoint Credentials. 4. Click the checkmark in the bottom right of the Register Service Provider page to continue.

5. When you receive a message indicating that registration was successful click the X at the bottom right of the screen to close the message. On the Quick Start page the Register your Web Site Cloud REST Endpoint option is now greyed out. 6. Click Setup Frontend to setup the Frontend (Load Balancer) role for the web site cloud.

7. Enter the machine name for the Frontend (for example, SitesFE). Click on the next checkmark to continue. To create additional frontends, repeat this step. 8. While the Frontend role is installing, click the Web Site Cloud and click the Roles tab. Now, click the Add Role button in the bottom drawer. The Add Cloud Server dialog box is displayed, click Add New Web Worker.

The Setup a new Web Worker dialog is displayed. Enter the name of the machine that you created for your shared Web Worker role (for example, SitesWWS), specify the Shared option and click the checkmark to continue.

To create additional shared (multitenant) or reserved (single tenant) workers, repeat this process. 9. Repeat step 6 or 8 to add the Publisher role. Enter the machine name for the Publisher role (for example, SitesPublisher) and click the checkmark to continue. Repeat this step to add additional publishers. Post-Provisioning Configuration Configure SSL Certificate Store On the controller, configure the SSL Certificate Polling Interval by running the following PowerShell Commands: Add-pssnapin WebHostingSnapin Set-HostingConfiguration -CentralCertPollingInterval 300 - CentralCertificateSChannelCleanupInterval 300 Configure IP Filtering Web sites supports IP blacklisting to prevent worker processes from connecting to machines inside of the Antares farm. To configure IP filtering, run the following commands: Add-pssnapin WebHostingSnapin Set-Hostingconfiguration -WorkerRegKeyRejectPrivateAddresses 1 Set-Hostingconfiguration WorkerRegKeyPrivateAddressRange <startof-ip-blacklist-range>, <end-of-ip-blacklist-range> Restart the DWAS Service on worker roles Provision additional REST API servers (optional) In addition to scaling out Workers, Front Ends, and Publishers, the Antares REST API can also be scaled to provide additional throughput and availability. To create another REST API server, first perform the steps outlined in System Requirements and Role Account Preparation on the new machine. On the controller, run the following PowerShell commands: Add-pssnapin WebHostingSnapin New-ManagementServer ManagementServerName <NewManagementServer> Additional machine configuration and hardening While the Web Sites controller deploys the runtimes required to host web applications with scale and multi-tenancy, Microsoft recommends that users employ security best practices to harden their deployments. This includes, but is not limited to: Firewall configuration to minimize network surface area System ACLs to secure the file system and registry Principle of least privilege when creating user accounts.

Application Databases You may add one or more SQL or MySQL Server hosting servers for end-users to deploy and use. 1. Create and configure a new MYSQL Database by clicking on NEW on the Command Bar at the bottom of the screen. Choose MYSQL SERVERS and click Connect To. Specify the server name, size of the hosting server and the admin username (root) and password. You may use Default for MySQL server group. Then click Create.

2. A message will be displayed at the bottom of the screen indicating whether or not the operation succeeded. Click the X button to dismiss the message. 3. Click the newly created MYSQL Server to confirm the configuration.

4. Create and configure a new SQL Database by clicking NEW on the Command Bar at the bottom of the screen. Choose SQL SERVERS and click Connect To. Specify the server name, the size of hosting server and the admin username (sa) and password. You may use Default for SQL server group. Then click Create.

5. A message will be displayed at the bottom of the screen indicating whether or not the operation succeeded. Click the X button to dismiss the message. 6. Click the newly created SQL Server to confirm the configuration.

VM Clouds 1. Follow the instructions in the Service Provider Foundation (SPF) install and configuration guide to obtain an SPF endpoint. You will need this endpoint to add Virtual Machine clouds. 2. In the Admin Portal, click VM Clouds and then click Register SPF Endpoint. 3. Enter the Endpoint URL (in the format https://spf-server:8090 ) Specify the admin username and password and click the checkmark.

4. After you register the SPF Endpoint you must register a System Center Provider to provision virtual machines against. 5. Enter a friendly name for your VM Cloud Provider, enter the VMM server name and click the Register checkbox.

Note If SPF endpoint registration does not work, verify that you can connect to the SPF url from a browser. 6. You may click the Clouds tab to view the VM clouds that were registered in VMM. 7. Click any of the VM cloud to view the VM Cloud Dashboard

8. Go back to VM Cloud list by clicking the back arrow. 9. You may also click Providers to see the list of existing VM Cloud providers Plans Create a plan in order for users to be able to sign up for the offered services.

1. Click New to open the drawer at the bottom of the screen. Click Plans and then click Create. 2. A wizard will open. Enter a name for your plan. This is the name that users will see when they sign up for the service. Click Next. 3. Select the services you want included in this plan and then click the checkmark.

4. From Plans dashboard, click the plan name. Then, click Set Quotas for each service to specify quotas. 5. If Virtual Machines are part of your plan, you will have to specify corresponding quotas to make the plan available to your users. Click Set Quotas under Virtual Machine Clouds.

6. Select the Cloud Provider and a VM Cloud that you created in Virtual Machine Manager. 7. Before saving, make sure to scroll down and select the templates you want to offer in the plan. 8. Select the hardware profile and virtual network created in Virtual Machine Manager, and the actions you want to offer your users. Then click Save at the bottom of the screen.

9. After setting quotas, click Make Public at the bottom of the screen to make the plan accessible to users. 10. If you would like to display information about the Plan details to end users click Advertise. Add to the plan description and click Save. This information will be visible to end users when they sign up for the plan.

End-User Experience A user can sign up for a plan from the tenant portal to access available services. The tenant portal is located on the server where the Service Management-Tenant Site was deployed, by default on port 30081. 1. The user will click Sign Up to subscribe to a new plan and provide an email address and password.

2. The user may create web sites using the Quick Create, Create with Database or From Gallery options.

3. The user may also create virtual machines using the Quick Create or Custom Create options.