Migration and Deployment: System Center 2012 SP1 Explained – App Controller as a Single Pane of Glass for Delegating Cloud Management, A Primer (Part 13 of 19) by Yung Chou

I know there are quite a few IT Pros who do like the command line / PowerShell interface for management. At the same time, I know there are probably more IT Pros who prefer to use a GUI if one is available. When managing On Premises and Windows Azure infrastructure, you now have a choice. In Part 13 of the Migration and Deployment Blog Series, Yung Chou gives a very good review of how System Center 2012 SP1 App Controller can be the GUI for management of these two environments.

Sign up now for a 90 Day Trial Windows Azure account.

I am including a brief snippet directly from Yung’s blog post. To read the full article, you will want to go directly to his post.

As IT architectures, methodologies, solutions, and cloud computing are rapidly converging, system management plays an increasingly critical role and has become a focal point of any cloud initiative. A system management solution now must identify and manage not only physical and virtualized resources, but those deployed as services to private cloud, public cloud, and in hybrid deployment scenarios. An integrated operating environment with secure access, self-servicing mechanism, and a consistent user experience is essential to be efficient in daily IT routines.

App Controller as a Single Pane of Glass

App Controller is a component and part of the self-service portal solution in System Center 2012 SP1. By connecting to System Center Virtual Machine Manager (SCVMM) servers, Windows Azure subscriptions, and 3rd-party host services, App Controller offers a vehicle that enables an authorized user to administer resources deployed to private cloud, public cloud, and those in between without the need to understand the underlined fabric and physical complexities. It is a single pane of glass to manage multiple clouds and deployments in a modern datacenter where a private cloud may securely extend it boundary into Windows Azure, or a trusted hosting environment. The user experience and operations are consistent with those in Windows desktop and Internet Explorer. The following is a snapshot showing App Controller securely connected to both on-premise SCVMM-based private cloud and cloud services deployed to Windows Azure.


Delegation of Cloud Management

A key delivery of App Controller is the ability to delegate authority by allowing a user to connect to multiple resources based on user’s authorities, while hiding the underlying technical complexities.

The security of App Controller is a role-based model by creating a user role in the Settings workspace using SCVMM admin console. The wizard in essence create a policy, or profile, of a created user role by defining the membership, scope, resource availability, tasks can be operated on authorized objects, etc. In other words, the security model not only restrict how much one can use, but also what one can operate on it. SCVMM-based cloud deployments employs this role-based security model to delegate cloud management to authorized users.

An user can then manage those authorized resources by logging in App Controller and authorized by an associated user role, i.e. profile. In App Controller, a user neither sees, nor needs to know the existence of cloud fabric, i.e. under the hood how infrastructure, storage virtualization, network virtualization, and various servers and server virtualization hosts are placed, configured, and glued together.

When first logging into App Controller, a user needs to connect with authorized datacenter resources including SCVMM servers, Windows Azure Subscriptions, and 3rd party host services.

Harold Wong