Ignite your MSP Offering with ServiceControl.
-
Upload
servicecontrol -
Category
Technology
-
view
202 -
download
2
Transcript of Ignite your MSP Offering with ServiceControl.
Aldo Zanoni, CEOServiceControl, Inc.
Hybrid Identity Made Simple
Why the Cloud represents the future
The Microsoft Cloud has reached a tipping point. Customers are moving to the cloud at a record pace, resulting in nearly 120,000 MS Azure subscriptions every month.
According to Gartner, 50% of enterprises will use Hybrid Cloud by 2017.
According to a new IDC study, partners with more than half their revenues in the cloud are growing twice as fast, realizing 1.5 times gross profits, and experiencing 1.8 times more recurring revenues than those with less than 50% of their revenues in the cloud.
We’re in the golden era of cloud application services.
- Satya NadellaMicrosoft CEO
Microsoft’s WPC 2016 message summary to partnersPartners must find ways to transition from a break/fix model to delivering scalable, long-term managed services for their cloud and legacy customers.
Agility is the key to survival. Transition or be left behind in the cloud dust and become tomorrow’s dinosaurs!
Secure your position in the digital transformation. Become your customer’s trusted Managed Service Partner by providing innovative solutions to your customer’s new challenges.
The biggest MSP challenge: COMPLEXITY
The tools and scripts we have don’t allow us to create and manage user accounts, application access, self-service and workflow across our customer’s new cloud services and existing systems.
We need to login to different admin apps on different systems with different credentials to manage identities for multiple Azure AD, AD on-premises, HR, CRM, ERP, email systems, and other applications.
Each of these admin apps is complex, require administrator permissions, and extensive training.
My systems administrators are not developers. They can’t create and manage PowerShell scripts.
Customers are looking for:
Lower costs and simplicity: Reduce the amount of training required for users to perform simple tasks across multiple systems.
Better security: Delegate role-based management tasks more securely.
Business Process automation: Improve business processes and efficiency with built-in integrated and advanced workflow.
Single point of management: Create, manage, and audit user accounts across multiple services from a single, easy-to-use portal.
MSPs value ServiceControl for its…
Simplicity
Security
Scalability
Speed of deployment
Savings and immediate return on investment
Cloud based systems
On-premises systems
Directories
Email systems
Line of Business applications
CRM & ERP systems
Service multiple customers, across multiple systems - from a single browser
TM
Why ServiceControl?Highly scalable private cloud or on-premises implementation.
Connects to your customer’s services and infrastructure with minimal changes.
Remote installation and configuration services ensure that your team is up and running quickly.
Securely designate highly technical tasks to non-technical team members.
Remove IT and high-tech applications from being a bottleneck. Allow your customer’s teams to focus on high-priority, revenue-generating projects.
Cloud based systems
On-premises systems
Directories
Email systems
Line of Business applications
CRM & ERP systems
ServiceControl helps us deliver secure, simple, and better delegated management across our customer’s multiple systems and applications.
ServiceControl’s integrated workflow and business workflow automation deliver immediate value to all stakeholders.
011001
011010
0011010101010Hybrid Cloud with ServiceControl
Modern Cloud Services Automation Platform
W O R K F L O W E N G I N E
ServiceControlfor Office 365
ServiceControlPortal
P R E - B U I LT C O N N E C T O R S F O R L E A D I N G C L O U D S E R V I C E S A N D O N - P R E M I S E S
A P P L I C A T I O N S
P O W E R S H E L L , W C F , S O A P , R E S T A N D P R O P R I E T A R Y A P I s
P A R T N E R A N D T H I R D - P A R T Y C L O U D S E R V I C E S , L O B , A N D
O N - P R E M I S E S A P P L I C A T I O N S
011001
011010
0011010101010Hybrid Cloud with ServiceControl
Skype-for-Business Lync 2013Azure AD
Exchange Online
GroupWise 2014 and 8
Exchange 2016, 2013 and 2010
Cloud Services and Applications Connectors: On-Premises Applications Connectors:
Office 365
ActiveDirectoryeDirectoryOpenLDAPOthers
SAP ERPOraclePeopleSoftOthersGoogle Apps
Microsoft Terminal ServicesHome Directory Servers
Virtual Desktop Infrastructure
Site-to-Site VPNand
Express Route
ON-PREMISESVIRTUAL NETWORK (VNET)
Exchange Server 2016/2013/2010
Lync Server 2013
GroupWise 2014/8
Active Directory, eDirectory, OpenLDAP
Office 365
Remote Agents (Connectors)
Exchange Online
Skype for Business
Azure AD
Example of ServiceControl deployment on Azure Cloud
ServiceControl + Workflow Engine
Site-to-Site VPNand
Express Route
ON-PREMISESVIRTUAL NETWORK (VNET)
Exchange Server 2016/2013/2010
Lync Server 2013
GroupWise 2014/8
Active Directory, eDirectory, OpenLDAP
Office 365
Remote Agents (Connectors)
Exchange Online
Skype for Business
Azure AD
Example of ServiceControl deployment on Azure Cloud
ServiceControl + Workflow Engine
Full support for Azure Service Bus for secure, transparent, behind the firewall communication between ServiceControl and on-premises applications.
Demonstration infrastructure
Remote Agent Server - IIS configuration (sample)
GetUserById()
CreateNewUser()
User Principal NameUser License Profile
User Location
SetUserLicense()
correct licenses?
user exist?
0
12). Create user (skip if will be created by DirSync)
3). Assign ‘Usage Location’
4). Set user attributes5). Check licensing profile
1). Try to get user
6). Assign licenses if necessary
CreateUser() method
2). n/a
3). Assign ‘Usage Location’
4). Set user attributes
5). Check licensing profile
1). Try to get user
6). Assign licenses if necessary
EnableUser() method
2). Remove user licenses
3). Delete user object
1). Try to get user
DeleteUser() method
2). Remove user licenses
1). Try to get user
DisableUser() method
wait for DirSync 1
ServiceControl: License-aware user account management
0
01
0
Create Provisioning
De-provisioning
With ServiceControl, you’re in control
Cloud SaaSOn-premises ServiceControl Platform
Manage SaaS and On-premises
Accounts
Licensing
Group Membership
Access Rights
Applications
Self-service Audit Audit Report
Lifecycle Report
Workflows
Azure ADOffice 365
Publiccloud
Partner SaaS Apps
Other Directories
Microsoft AzureLeverage Microsoft Single Sign-on and Azure’s 2400+ Pre-integrated SaaS apps.
Connect and Manage Azure AD and/or on-premises AD.
Manage web apps via Application Proxy and custom apps through a rich standards-based platform. Web Apps
SaaS apps
Leveraging Azure AD and Microsoft Cloud PlatformMultiple directories and SaaS apps in the Cloud
(Azure Active DirectoryApplication Proxy)
Integrated custom apps
Other Directories
Partner LoB Solutions and Services – on-premises, cloud or hybrid solutions.
Cloud Identities - identities that exist solely in the cloud.
Synchronized Identities - identities that exist on-premises and in the cloud.
Federated Identities - identities that exist on-premises and in the cloud.
Integrate your partner solution with Microsoft Azure Cloud hybrid identities
Use ServiceControl to Manage and Integrate
Comprehensive identity and access management console.
Centralized and delegated administration and management for on-premises and cloud-based applications and services.
Centrally manage multiple customers’ accounts and application access
Service Team and Non-Technical Staff
IT professional
Azure and Application Management Portals
Partner SaaS apps
ServiceControl platform modules
ServiceControl: CreateSimplify account creation across multiple systems
Azure Active Directory
Active Directory
eDirectory
Open LDAP
3rd party systems through connectors (SQL, REST, SOAP)
Office 365 Exchange Online, Exchange on premise, GroupWise
ServiceControl: Create
ServiceControl: ManageDelegate tasks across multiple systems
Active DirectoryAzure Active DirectoryOpen LDAP3rd party systems (SQL, REST, SOAP)Account status (enabling/disabling)Lock/unlock accountsSecurity and Distribution Group Membership Account update (demographic attributes)
Task Authority: Defines which service desk users can carry out which tasks.
Search Authority: Defines with which systems, OUs, groups, users, or applications tasks can be carried out.
ServiceControl: Manage
ServiceControl: Self-ServiceEmpower end-users
Forgot password (password reset)
Distribution group membership
Auto-enroll/subscription
Request vacation/time off
ServiceControl: Self-Service
ServiceControl: AuditImprove compliance
Audit reports
Lifecycle reports
Write audit data to SQL for enterprise reporting and billing
ServiceControl: Audit
ServiceControl: WorkflowProcess Automation
Approvals
Notifications
Custom Business Processes
Connectors to cloud services, on-premisesweb services, LOB applications and externalworkflows
ServiceControl: Workflow Designer
ServiceControl: Workflow Engine Administration UI
ServiceControl: Office 365 App Launcher
ServiceControl roadmap (partner- and customer-driven)
Document AccessRights Management
(RMS)
Device Management
Privileged Identity Management
More Connectors:Salesforce, Dynamics,
Marketo
Dynamic and Universal Groups
VDI and Remote Apps
Partner Solutions
In Summary: ServiceControl Differentiators
Workflow Integration across multiple systems
Workflow-enabled user provisioning and manager
Hybrid Cloud user account management
Unified account management interface
Delegated authorization
ServiceControl as a Hybrid Cloud Identity hub
Workflow and Remote Action Framework (Secret Sauce)
How to partner with ServiceControl:
Schedule a demonstration and technical deep dive
Complete a mutual non-disclosure agreement
Submit a partner applicationhttp://www.servicecontrol.com/partnerapplication/
Schedule a needs analysis
Schedule a systems requirements review
Schedule 2-hour initial installation and configuration
ServiceControl Pricing
Contact us for pricing, or visit our website at:http://www.servicecontrol.com/pricing/
Partner programs
Value Added Resellers (VARs)Strategic Alliance PartnersManaged Service Providers
Visit our website at:http://www.servicecontrol.com/partners/
Frequently asked technical questions
Q: What is the unique value of the ServiceControl Business Process Automation Platform in comparison with other workflow and SaaS integration platforms?
• BizTalk• Amazon Simple Workflows, • Nintex workflows• SharePoint workflows• Microsoft App Service Logic Apps• Microsoft Flows• Others: MuleSoft, SnapLogic, IFTTT, Zapier, etc.
A: Indeed, ServiceControl Business Process Automation Platform is, in fact, just another SaaS integration platform.
• Similar to SharePoint and Dynamics CRM workflows, ServiceControl is based on Microsoft Workflow Foundation. • Similar to Microsoft App Service Logic Apps, ServiceControl uses Swagger metadata to connect to REST services.• Similar to BizTalk, ServiceControl uses WSDL metadata to connect to SOAP/WCF services.• Similar to Amazon Simple Workflows and Nintex, ServiceControl can be hosted in the AWS cloud.• Similar to MuleSoft, SnapLogic, IFTTT, Zapier and others, ServiceControl uses pre-built and custom remote agents to connect to many
SaaS services.• Similar to Microsoft Flows, ServiceControl can be hosted on Azure Cloud and leverage Azure Service Bus.
What makes ServiceControl different and unique is that the ServiceControl Automation Platform is designed with a focus on identity and access management. This requires field-specific access and focus which is perhaps not the center of attention of other platforms.
For example:
• ServiceControl has to audit, profile and be able to report on every execution step . It needs to keep a secure record of every service request/response, exception, email or approval action.
• ServiceControl has to connect dissimilar services in a single orchestration. In our practice, we have to deal with PowerShell, SOAP web services, REST services, SQL and other proprietary APIs, sometimes all in the context of a single workflow. We have to work with 64-bit and 32-bit SDKs which cannot be installed on the same box. This is why we have chosen an indirect way to invoke API calls via connectors (remote agents) that run on independent VMs, not directly via coding workflow activities against the API.
• ServiceControl needs to use management APIs, not content APIs. Most connectors on the market today are concern with content • management or content integration. Our connectors are mostly concern with identity and access management. These are typically packaged
in separate API sets. • We have to compensate for the shortcomings of PowerShell APIs. Most management APIs are usually PowerShell-based. This means there
are extra dependencies on other components, multi-threading and scalability issues, incomplete metadata, and other issues.
Frequently asked technical questions
Q: Why not just use PowerShell, which is Microsoft’s de-facto standard for automation and management? After all, PowerShell is used by System Center runbooks and has many attractive features like:
• PowerShell remoting• PowerShell workflows• PowerShell Desirable State Configuration (DSC)• PowerShell Integrated Scripting Environment (ISE)• Ability to write custom modules
A: PowerShell, is a powerful tool for script and batch management of just about everything. But is it a good choice as the base technology for a business process automation platform? We do not think so because:
1. PowerShell is not a scalable server technology. WCF and REST are, but not PowerShell. • PowerShell was designed for desktop client that is run by a single sysadmin in interactive mode.• Typically, only 2-3 simultaneous remote sessions are allowed. • Remote sessions take long time to establish, they are easily become abandoned and blocking
entire channel.
2. PowerShell requires custom coding. • PowerShell assumes that sysadmin will become a programmer. They call it “scripting”, VB-like scripting with embedded
fragments of C# and descriptive language (in case of PS workflows and DSC). • Our goal is opposite, we want to avoid custom coding as much as possible, which minimize the mistake sysadmin can
make and significantly simplifies DevOps maintenance.
3. PowerShell does not provide complete metadata for proxy auto-generation.• In comparison with WSDL and Swagger, which are standard means of proxy auto-generation, PowerShell modules
are lacking this essential feature. Metadata can be partially retrieved for arguments, but not for return values or exceptions.
4. PowerShell development environment is too basic.• PowerShell Integrated Scripting Environment (ISE) is a standard tool on any Windows Server box. It is nice for a quick
and easy jobs, big improvement comparing with good old Command Prompt.• It is dwarf, however, in comparison with Visual Studio IDE, BizTalk orchestrator or SharePoint Designer.• Our approach to design tools is more close to the last two.
Frequently asked technical questions
Q: In some cases, like managing Lync 2013 or Skype for Business, PowerShell is the only management API available. How does ServiceControl help to avoid PowerShell programming in these scenarios?
Lync 2013 - Provides a Silverlight-based management portal with PowerShell support. No SDK or REST management APIs available for Lync.
A: ServiceControl’s connectors to Lync 2013, Skype for Business, Exchange Online, Azure AD and other systems that require PowerShell for management, do, of course, use PowerShell.
• Note that with ServiceControl, all technical complexity and the challenges of programming with PowerShell are hidden from you, encapsulated inside our own code that was created by experienced programmers.
• Each connector is a pluggable component that can be used in your business process orchestration. All complexity related to one or more PowerShell modules and cmdlets is encapsulated inside our connector.
• Connectors encapsulate, aggregate and expose PowerShell functionality in a new way via standard, ready-for-automation WCF and REST interfaces.
• To be used in workflows, these interfaces are turned into proxies that are used as workflows activities, the elementary building blocks of any workflow.
• So, instead of programming complexity with PowerShell, we implement the simple composition of activities into a workflow orchestration.
• At runtime, each workflow step will trigger an activity. The activity calls a proxy. The proxy calls a connector and the connector will invoke the PowerShell cmdlet(s).
Frequently asked technical questions
Q: Why not just use Azure AD, Exchange Online, Skype for Business and the standard web-based management portals provided by Microsoft?
A: There are a number of reasons:
• Not all management operations are available in management portals. Some requirePowerShell programming.
• Typically, IT processes/tasks involve operations on multiple cloud services, each managed from its own management portal. It is not very convenient for a sysadmin to jump from one portal to another just to accomplish one single task. For example, the CreateUser task may involve creating that user account in Azure AD, then in Exchange Online, and then in Skype for Business.This means that the system administration needs to be trained on and use three 3 different portals.
• Microsoft management portals only support operations on a one-at-a-time basis, e.g. single user account, single group, etc. Operations on multiple users, groups, accounts are usually not possible. Bulk importing and management operations are limited and not consistent across portals.
• Working with portals assumes manual interactive processes - no automation possible.
Frequently asked technical questions
Q: How can I manage my LOB applications that run behind a firewallin an on-premises data center?
A: ServiceControl’s Automation Platform has the ability to connect to servicesand LOB applications that are running behind a firewall.
Depending on the environment, various techniques can be used:
• Azure Virtual Network (VNET) and Site-to-Site connection• Azure Virtual Network (VNET) and Point-to-Site connection• Azure Virtual Network (VNET) and Express Route• Azure AD Application Proxy• Azure Service Bus (Relay Messaging)
Or, simply install the Azure custom connector behind your firewall. ServiceControl connectors have built-in support for Azure Service Bus Queues and Relay Messaging.
Frequently asked technical questions
Q: What is required to expose my custom cloud service or an on-premises LOB application to ServiceControl workflows?
A: Similar to SOA (service-oriented-architecture) requirements for web services, ServiceControl requires your service or LOB app to expose its functionality via a SOAP/WCF/REST web service.
To simplify the proxy auto-generation, the service should make its metadata accessible via WSDL or Swagger interfaces. Where this is not possible, the ServiceControl engineering team will help you to build/code the specific proxy.
Other questions?
[email protected]://kb.servicecontrol.com
Don’t get left behind in the Cloud dust!Build your MSP future with ServiceControl.
Aldo Zanoni, CEO408.675.5020 ext. [email protected]