Windows Azure Pack Architecture

Some days ago I wrote about Windows Azure Pack which basically brings Windows Azure Services to your datacenter on top of Windows Server and System Center. I also showed a little overview how the overall architecture looks like, including the different resource providers such as VM Cloud or SQL Server.

Overall Architecture

Components

If you a look on the Windows Azure Pack you have 7 different components, which need to be installed.

Service Management APIs

• Windows Azure Pack Admin API – The Windows Azure Pack Admin API exposes functionality to complete administrative tasks from the management portal for administrators or through the use of Windows PowerShell cmdlets.
• Windows Azure Pack Tenant API – Windows Azure Pack Tenant API enables users, or tenants, to manage and configure cloud services that are included in the plans that they subscribe to.
• Windows Azure Pack Tenant Public API – Windows Azure Pack Tenant Public API enables end users to manage and configure cloud services that are included in the plans that they subscribe to. The Tenant Public API is designed to serve all the requirements of end users that subscribe to the various services that a hosting service provider provides.

Authentication sites

• Admin Authentication Site – This is the authentication site where Administrators authenticate against. By default, Windows Azure Pack uses Windows authentication for the administration portal. You also have the option to use Windows Azure Active Directory Federation Services (AD FS) to authenticate users.
• Tenant Authentication Site – This is the authentication site where Tenants (Customers) authenticate against. Windows Azure Pack uses an ASP.NET Membership provider to provide authentication for the management portal for tenants.

Service Management portals

• Management portal for administrators – A portal for administrators to configure and manage resource clouds, user accounts, tenant plans, quotas, and pricing. In this portal, administrators create Web Site clouds, virtual machine private clouds, create plans, and manage user subscriptions.
• Management portal for tenants – A customizable self-service portal to provision, monitor, and manage services. In this portal, users sign up for services and create services, virtual machines, and databases.

Source: TechNet

In addition to the Windows Azure Pack components you also have the Resource providers such as VM Cloud (IaaS), Websites, SQL and more, which integrate in WAP.

Design

You can install all of the Windows Azure Pack components on different servers and also make them highly available and scalable. First you have to understand that there are multiple types of components, you have the Tenant Portal, Tenant authentication site and the tenant public API which are public and should be accessible for the customers, Tenant API, Admin API, Admin Portal, Admin Authentication site as well as the SQL database behind are so called privileged services which should be protected.

Microsoft describes several different scenarios which you can mix. The minimal installation shows you two “servers” or tiers, one for the public facing services and one for the privileged services. To make them highly available you would have two servers for each tiers behind a load balancer.

The make the deployment more scalable you can split up the different components on different tiers.

Well and Microsoft also offers you an express installation which should only be used for lab or proof of concept installations. This installs all the needed components on to a single server.

At the end you and the customer have to decide how you deploy your environment based on scale, availability and security. You can get more information about the Windows Azure Pack Architecture on TechNet.