Azure Pack at Oblakotek: why and how we did it
In February 2015, we launched the new IaaS platform AzuRus, designed to host IT infrastructures with a “Microsoft Azure” management interface.
In this article, we want to share the experience of implementing and operating the Azurus platform with the Azure Pack management interface.
Traditionally, the foundation of the IaaS platform of the Cloud Library is the Microsoft product stack: Hyper-V virtualization and all the necessary kit on the Microsoft System Center. As a provisioning system, we used some of our own development, the development of which took a lot of energy. We have been following the development of the Azure Pack since its inception and its dynamic development was impressive. The second reason for the introduction of the Azure Pack is that many professionals and developers have experience with the Microsoft Azure management portal interface, which, of course, makes it much easier for them to use the Cloud Library services. The emergence of the COSN Russia program and the postponement of the 242-FZ entry into force date to September 1, 2015, which intensified migration to the Russian Federation from foreign hosts, hastened the decision to implement the Azure Pack.
Functionally, the Azure Pack very well solves the main tasks of the Cloud Library - the deployment and maintenance of (elements of) IT infrastructures of enterprises, that is, a modern IaaS platform with maximum self-service. Azure Pack provides a really good balance between the ease of IT infrastructure deployment, convenient Azure management web interface accessible from any browser, the ability to create virtual networks and building Site-to-Site VPN connections, and the ability to delegate technical management functions by adding administrators to manage virtual resources. Special functionality allows partners to manage all cloud resources from a single management interface.
In addition, this platform is characterized by reliability, speed and Azure Pack allows you to hold events to meet the requirements of the law for the protection of personal data.
')
Immediately I must say that even at the planning stage there were a lot of questions - how to integrate, how to use it more correctly, what to consider and how to solve the possible difficulties of integrating the product with its infrastructure. We asked for help from Microsoft - and at all stages of implementation considerable assistance was provided by Microsoft Consulting specialists. Together with them, both the main architectural aspects and important technical details were worked out.
How exactly together with the Microsoft Consulting team we managed to turn all this into a single solution, the discussion will go on.
All deployment was first performed in the sandbox, where we studied all the features, pros and cons of the Azure Pack and did the integration. Fundamentally special difficulties with the deployment of the solution did not arise. The entire set of necessary services is deployed quickly and without problems. The main task was to solve the issue with regard to resources and billing.
It should be said that for billing and accounting of resources and finances we have a proprietary control panel, and it was necessary to link two different management tools.
Here we had to take into account some features:
First, the Azure Pack itself does not create any clouds (subscriptions) and cannot delete either the clouds themselves or the resources within them. Everything is bound to already created resources in VMM.
Therefore, this moment had to be taken into account when integrating with the control panel - clouds are created exactly from our panel, and then “tied up” to the Azure Pack interface.
Secondly, there is no complete and sufficient documentation on the solution, especially regarding automation. As a result, for integration with billing and the control panel, we decided not to use the API, and use powershell scripts that allow you to create and manage resources.
Thirdly, there is no regular functionality to work with the library in the Azure Pack.
Therefore, we have implemented the ability to use our own library as follows: as part of the tariff plans, you create FTP access to your own isolated library, which is then used by the Azure Pack user account. This way you can upload your images or templates and then use them.
To integrate with the Azure Pack management interface, we developed our own Web service linking three elements — our dashboard, Azure Pack, and VMM.
So, at the output of our control panel, a cloud (subscription) is obtained, and further resource management within the subscription is transferred to the Azure Pack interface. By the way, in the end we came to the concept of "one cloud = one plan = one subscription". This allows us to keep records and limit the range of resources provided to end-user use.
From technical features it is necessary to note the following:
Cloudflow is primarily a platform for partners: integrators and outsourcers that serve dozens of IT infrastructures of end customers. It is always very important for us to add elements of queuing, so that a partner could ideally serve “all customers with one click”. Azure Pack is perfect for this. By assigning the same administrator or co-administrator to a client cloud (subscription), the Azure Pack management portal allows the partner-administrator to see all services of all clients in a single list and, accordingly, to carry out manipulations without permanent reauthorization.
Azure Pack has a small set of limitations that we had to face and look for ways to get around them. I would like to mention them:
In this article, we want to share the experience of implementing and operating the Azurus platform with the Azure Pack management interface.
Why Azure Pack
Traditionally, the foundation of the IaaS platform of the Cloud Library is the Microsoft product stack: Hyper-V virtualization and all the necessary kit on the Microsoft System Center. As a provisioning system, we used some of our own development, the development of which took a lot of energy. We have been following the development of the Azure Pack since its inception and its dynamic development was impressive. The second reason for the introduction of the Azure Pack is that many professionals and developers have experience with the Microsoft Azure management portal interface, which, of course, makes it much easier for them to use the Cloud Library services. The emergence of the COSN Russia program and the postponement of the 242-FZ entry into force date to September 1, 2015, which intensified migration to the Russian Federation from foreign hosts, hastened the decision to implement the Azure Pack.
Azure Pack Functionality
Functionally, the Azure Pack very well solves the main tasks of the Cloud Library - the deployment and maintenance of (elements of) IT infrastructures of enterprises, that is, a modern IaaS platform with maximum self-service. Azure Pack provides a really good balance between the ease of IT infrastructure deployment, convenient Azure management web interface accessible from any browser, the ability to create virtual networks and building Site-to-Site VPN connections, and the ability to delegate technical management functions by adding administrators to manage virtual resources. Special functionality allows partners to manage all cloud resources from a single management interface.
In addition, this platform is characterized by reliability, speed and Azure Pack allows you to hold events to meet the requirements of the law for the protection of personal data.
')
Immediately I must say that even at the planning stage there were a lot of questions - how to integrate, how to use it more correctly, what to consider and how to solve the possible difficulties of integrating the product with its infrastructure. We asked for help from Microsoft - and at all stages of implementation considerable assistance was provided by Microsoft Consulting specialists. Together with them, both the main architectural aspects and important technical details were worked out.
How exactly together with the Microsoft Consulting team we managed to turn all this into a single solution, the discussion will go on.
Deployment and Integration
All deployment was first performed in the sandbox, where we studied all the features, pros and cons of the Azure Pack and did the integration. Fundamentally special difficulties with the deployment of the solution did not arise. The entire set of necessary services is deployed quickly and without problems. The main task was to solve the issue with regard to resources and billing.
It should be said that for billing and accounting of resources and finances we have a proprietary control panel, and it was necessary to link two different management tools.
Here we had to take into account some features:
First, the Azure Pack itself does not create any clouds (subscriptions) and cannot delete either the clouds themselves or the resources within them. Everything is bound to already created resources in VMM.
Therefore, this moment had to be taken into account when integrating with the control panel - clouds are created exactly from our panel, and then “tied up” to the Azure Pack interface.
Secondly, there is no complete and sufficient documentation on the solution, especially regarding automation. As a result, for integration with billing and the control panel, we decided not to use the API, and use powershell scripts that allow you to create and manage resources.
Thirdly, there is no regular functionality to work with the library in the Azure Pack.
Therefore, we have implemented the ability to use our own library as follows: as part of the tariff plans, you create FTP access to your own isolated library, which is then used by the Azure Pack user account. This way you can upload your images or templates and then use them.
To integrate with the Azure Pack management interface, we developed our own Web service linking three elements — our dashboard, Azure Pack, and VMM.
So, at the output of our control panel, a cloud (subscription) is obtained, and further resource management within the subscription is transferred to the Azure Pack interface. By the way, in the end we came to the concept of "one cloud = one plan = one subscription". This allows us to keep records and limit the range of resources provided to end-user use.
Technical details
From technical features it is necessary to note the following:
- Azure Pack does not know how to create virtual networks based on VLANs and normally works only with HVGRE virtual networks, so for deployment we had to configure network virtualization (with logical networks and gateways) and reconfigure VMM to work with them.
- Azure Packs can be quickly deployed on a single server, but we chose to spread roles across different servers for further scalability. It turned out like this:
- And one more feature: already during the full operation it turned out that there is a limit on the number of displayed objects in the interface of the Azure Pack. SPF limits the number of displayed objects to 500, and since the Azure Pack works with clouds through SPF, some of the objects simply did not appear.
We encountered this in the administrative management interface, there is no information in the documentation, but as a result, the problem is corrected by changing the parameter in the two configuration files Web.config in the line <EntitySet name = "*" maxResults = "500" />
Partner Functionality
Cloudflow is primarily a platform for partners: integrators and outsourcers that serve dozens of IT infrastructures of end customers. It is always very important for us to add elements of queuing, so that a partner could ideally serve “all customers with one click”. Azure Pack is perfect for this. By assigning the same administrator or co-administrator to a client cloud (subscription), the Azure Pack management portal allows the partner-administrator to see all services of all clients in a single list and, accordingly, to carry out manipulations without permanent reauthorization.
What else have we encountered
Azure Pack has a small set of limitations that we had to face and look for ways to get around them. I would like to mention them:
- Fixed virtual machine configurations — since virtual machines are deployed only from templates, flexibility is determined only by the set of configurations that are defined as hardware profiles for virtual machines. Unfortunately, there is no functional “assemble your virtual machine”. In this regard, the number of templates issued to the list is equal to the Cartesian product of parameter sets: vCPU, RAM, storage type, OS, that is, if done relatively flexibly, then several hundred. Of course, we cut off many branches, but still had to prepare and maintain a large set of more or less typical configurations in order to meet the most common customer needs. And we keep this set open, that is, we expand at the request of the end customers.
- Snapshots do not work (they are called checkpoint in Azure Pack) - We are planning to introduce this, of course, very important and necessary function in the near future (since this possibility has already appeared in UR6).
- It is not possible to connect and manage resources in the clouds in different locations - unfortunately, the functionality of connecting in a single interface to private clouds and clouds hosted by other providers is absent. Accordingly, there is no way to quickly move virtual machines, for example, from the main site to the backup. We expect this functionality to appear in the future.
Nevertheless, summing up, we can say that, of course, Azure Pack as a tool for managing clouds is a very nice and pleasant thing, allowing you to perform a large set of typical operations and save considerable time on deploying and configuring infrastructures. This is not a very hard, yet quite functional, and already familiar to many specialists, solution. Easy installation and integration allows you to quickly and at no additional cost to get a ready-made management interface.
Taking into account the constant development of the necessary functionality and development plans, the solution is a very promising product and of course deserves the attention of providers providing IaaS infrastructure deployment services or for private cloud administrators.
Source: https://habr.com/ru/post/259629/
All Articles