How to Connect to a Hosting Provider in System Center 2012 SP1
Updated: June 1, 2015
Applies To: System Center 2012 SP1 - App Controller, System Center 2012 R2 App Controller
Connecting a Hosting Provider to App Controller
The information in this topic applies only to System Center 2012 SP1.
Certificates are used to set up trust between the Service Provider Foundation and App Controller. This authentication allows App Controller to call on the Service Provider Foundation when you perform tasks such as deploying services or changing configuration properties. The tenant certificate, or Personal Information Exchange certificate (.pfx file), contains a private key. App Controller stores this certificate in the App Controller database. Since the certificate contains the private key, you need to provide the password so that App Controller can use the private key. The tenant certificate (.cer file) in the Service Provider Foundation that corresponds to the tenant certificate in App Controller contains only the public key, which is kept in the Service Provider Foundation for access. The Service Provider Foundation allows customers to create their own management certificates, either self-signed certificates or using their preferred certification authority (CA). By giving the Service Provider Foundation the public key and keeping the private key local, the authentication can be completed.
If you are creating a certificate, you will need to export the certificate twice—once as a .cer file, and then a second time as a .pfx file, for use in App Controller. You may need to configure proxy configuration settings before adding subscriptions. For information on proxy configuration, see Managing Connection Settings.
The tenant certificate in the Service Provider Foundation must be validated by the App Controller server. Ensure that the certificate is:
Issued by a trusted certification authority (CA). However, if you are testing with a self-issued certificate created by IIS, you must add the certificate to the Trusted Root Certification Authorities store of the local machine account.
The common name (CN) that is used in the Subject attribute of the certificate must match the tenant ID. However, if you are testing this feature, you can disable validation by adding the following code snippet to install_folder\api\bin\Microsoft.SystemCenter.CloudManager.Providers.SpfVmm.exe.config:
<system.net> <settings> <httpListener unescapeRequestUrl="false"/> <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" /> </settings> </system.net>
To connect App Controller to a hosting provider
On the Settings page, expand Connections in the navigation pane, click Connect and then click SPF.
In the Add an external service provider connection dialog box, enter a name that you can use to identify this hosting provider connection. This name will be displayed in the Connection Name column of the Clouds page.
Add an optional description in the Description text box.
In the Service location box, enter the Service Provider Foundation OData protocol URI for the VMM service, as shown the following example. The URI ends with the tenant ID:
To import the required management certificate, select the Personal Information Exchange (.pfx) file that you provided to the hosting service provider and enter the password for the certificate.
Click OK to create the connection.