Manage Web Services and Connections in Service Provider Foundation
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Orchestrator, System Center 2012 R2 Orchestrator
The Service Provider Foundation setup wizard configures web services based on the provided credentials. This topic provides information about verifying and setting credentials in Computer Management, Internet Information Services (IIS), and other technologies if changes are required.
Note that the example URLs in this topic use port 8090, the default port, for Service Provider Foundation web services. This port may be different if another port was specified for the Service Provider Foundation installation.
Service Provider Foundation web services
As a hosting service provider you can use Service Provider Foundation web services to provide portal applications to your tenants. Administrators can use the Service Provider FoundationWindows PowerShell cmdlets to perform essential tasks. For information about how to program applications that access the Service Provider Foundation web services, see the Service Provider Foundation Developer's Guide.
Each web service has two locations to set credentials on the server that has Service Provider Foundation installed: the application domain pool in IIS and the respective group in Computer Management. These groups (SPF_Admin, SPF_VMM, SPF_Usage, and SPF_Provider) must contain a local credential (not a domain credential) that is also a member of the Administrators group. That credential can be the Administrator user itself, but we recommend creating another local user.
Admin web service
Hosting service providers use the Admin web service to create and manage tenants, user roles, servers, stamps, and other administrative objects. You can access the Admin web service by using the following URLs:
For Service Provider FoundationSystem Center 2012 SP1, use:
https://server:8090/SC2012/Admin/Microsoft.Management.Odata.svcFor Service Provider FoundationSystem Center 2012 R2, use:
https://server:8090/SC2012R2/Admin/Microsoft.Management.Odata.svc
| Credential setting | Requirement |
|---|---|
| Admin application pool identity in IIS | Must also be a member of the Administrators group and the SPF_Admin group |
| Administrators group in Computer Management | Must include the credential for the Admin application pool identity |
| SPF_Admin group in Computer Management | Must include a local user who is also a member of the Administrators group and the credential for the Admin application pool identity |
VMM web service
The VMM web service invokes System Center 2012 R2 Virtual Machine Manager to perform requested operations, such as creating virtual machines, virtual networks, user role definitions, and other fabric for the cloud. This service coordinates the changes among the participants and provides the following dynamic capabilities:
Portal applications and other clients detect changes that Service Provider Foundation and Virtual Machine Manager made.
Virtual Machine Manager shows changes that portal applications, other clients, and Service Provider Foundation made.
Service Provider Foundation reflects all changes that the participants made.
You can use the New-SCSPFServer PowerShell cmdlet to register an instance of Virtual Machine Manager.
You can access the VMM web service by using the following URLs:
For Service Provider FoundationSystem Center 2012 SP1, use:
https://server:8090/SC2012/VMM/Microsoft.Management.Odata.svcFor Service Provider FoundationSystem Center 2012 R2, use:
https://server:8090/SC2012R2/VMM/Microsoft.Management.Odata.svc
| Credential setting | Requirement |
|---|---|
| VMM application pool identity in IIS | Must also be a member of the Administrators group and the SPF_VMM group |
| Administrators group in Computer Management | Must include the credential for the VMM application pool identity |
| SPF_VMM group in Computer Management | Must include a local user who is also a member of the Administrators group and the credential for the VMM application pool identity |
| Administrator user role in Virtual Machine Manager | Must include the credential for the VMM application pool identity as a member of the Administrator user role |
Usage web service
Important
Service Provider Foundation provides the Usage web service to be used only by Windows Azure Pack for Windows Server or by third party billing providers. The Usage web service endpoint should not be accessed for other purposes to prevent data loss due to unnecessary or erroneous queries.
The Usage web service uses registrations of instances of System Center 2012 – Operations Manager data warehouses (that Virtual Machine Manager hosts) for collecting metrics on tenant virtual machine usage and other fabric usage. Usage data is collected for processes such as billing chargeback features.
You can use Windows PowerShell cmdlets to register Operations Manager data warehouse connection settings in the Service Provider Foundation database. This registration enables Service Provider Foundation to aggregate usage data from the data warehouses. For more information about configuring these registrations, see Configure Usage Metering in Service Provider Foundation.
The Usage web service returns utilization data that pertains to every subscription across services.
| Credential setting | Requirement |
|---|---|
| Usage application pool identity in IIS | Must also be a member of the Administrators group and the SPF_Usage group. |
| Administrators group in Computer Management | Must include the credential for the Usage application pool identity. |
| SPF_Usage group in Computer Management | Must include a local user who is also a member of the Administrators group and the credential for the Usage application pool identity. |
| Database user dbo in the OpertionsManagerDW Microsoft SQL Server database on the server that is running Operations Manager | The credentials of the user who installs Operations Manager are automatically used for the login credentials for the dbo SQL Server security object. These same credentials should be used for all Service Provider Foundation application pool identities. |
| Database properties for the OpertionsManagerDW SQL Server database (right-click) on the server that is running Operations Manager | The OpsMgrReader database role must be included on the Permissions page. |
Provider web service
Resource providers for delivering infrastructure as a service (IaaS) use the Provider web service. The Provider web service provides a Microsoft ASP.NET web API. It is not an Open Data (OData) service. The Provider web service also uses the VMM and Admin web services.
| Credential setting | Requirement |
|---|---|
| Provider application pool identity in IIS | Must also be a member of the Administrators group and the SPF_Provider, SPF_VMM, and SPF_Admin groups |
| Administrators group in Computer Management | Must include the credential for the Provider application pool identity |
| SPF_Provider group in Computer Management | Must include a local user who is also a member of the Administrators group and the credential for the Provider application pool identity |
Connecting to the Service Management Automation web service
You can configure events in Service Provider Foundation that the Service Management Automation web service will use. For you to complete this configuration, the Service Management Automation web service must have credentials to access the required Service Provider Foundation web services.
In addition, you can use Windows PowerShell cmdlets to automate runbooks. For more information, see How to Automate a Runbook from Service Provider Foundation.
| Credential setting | Requirement |
|---|---|
| One or all of the Service Provider Foundation application pool identities as required for automation | Must also be a member of the Administrators group for the server that has Service Management Automation installed |
Service Provider Foundation database credentials
The credentials of the user who installs Service Provider Foundation are used for the login credentials for the dbo SQL Server security object for the Service Provider Foundation database. Use the Get-SCSPFConnectionString and Set-SCSPFConnectionString cmdlets to manage the connections to the Service Provider Foundation database.
See Also