Windows Azure Services for Windows Server, SPF and SCVMM – Managing Tenants across these components (Part 1)

SPF, short for service provider foundation, adds multi-tenancy capabilities to your System Center environment by offering a web service that in the backend will talk to other management products like System Center Virtual Machine Manager. To give users a good self service experience you can design a portal that communicates with SPF. Or if you want to save time you can use Windows Azure Services for Windows Server that contains different portals – one of them a tenant portal that allows new tenants to sign up and also order and manage virtual machines.

I will not go into any details how all these components are installed as there are already good articles out there. Check out this excellent series by Mark van Eijk.

In this post I’d like to focus more on the tenant objects and how they are managed. For this I will start with the sign up process on the Windows Azure Services portal to create a new tenant.


After a few seconds the tenant is created and is logged in automatically. Depending on the selected plan and it’s configuration, he will see different areas on the portal. In this case I selected a plan that only allows the creation of virtual machines and networks.


So the initial registration is done. But what happened in the background when the tenant was created? First, a new tenant was created in SPF. This can be checked by using the SPFAdmin PowerShell module available on the SPF server.


This tenant lives in the SPF SQL database. This can also be checked by checking the tenant table in the database. It displays more or less the same information as the cmdlet.


SPF will talk to SCVMM to deploy and manage virtual machines if the tenant requests it from the portal. Let’s check what happened in SCVMM so far. For that I use the VMM PowerShell module to connect to the SCVMM server and display the user roles.



As you can see, a user role (tenant) was created in SCVMM that has the same ID as the tenant in SPF. Whenever SPF initiates a connection to SCVMM to do work for a logged in user, this ID is used to identify the tenant in SCVMM. Good, so everything seems to be prepared. Let’s deploy a new VM from the tenant portal.


After some seconds you should see different jobs running in SCVMM that will deploy the new virtual machine. In this example the virtual machine creation job failed because the Hyper-V server was not running – doesn’t matter Smiley


If the deployment was successful, you should see that the virtual machine has been associated with the appropriate tenant.


This is the first blog post that describes how tenants are managed in SPF and SCVMM. More posts to come soon!


About Marcel Zehner

Microsoft Azure MVP
This entry was posted in System Center (without SCSM) and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s