Technology Stronghold

Building Microsoft System Center Cloud – SCOrch 2012 R2 – Orchestrator – Design

It is not always easy to divide Low-level Design and High-Level Design. How to differentiate between high-level and low-level design depends on the entity that we refer to. When we need to design our cloud then high-level decision could be for example choice of the technology that makes our SQL Servers highly-available. But when we talk about our business or company (the entity) then SQL Servers are in Low-level Design category. This means that following division to High-level Design and Low-level Design are only within our entity.

High-level Design

Following design was chosen for our testing environment. As architect you need to choose own design according needs of your business. Use following design only as help to understand how to model your environment.

Architectural design questions you need to ask

Multiple separated Runbook servers?

It is possible in a single environment to deploy only one Orchestrator Management Server but it is possible to deploy multiple Orchestrator Runbook Servers.

Runbook Servers are not made to run on Failover or Network Load Balancing cluster nodes but multiple Runbook Servers can guarantee that is possible to run Runbooks on the second server when the first is not available. Also default configuration setting specify that it is not possible to run more than 50 Runbooks simultaneously on one server. The limitation can be increased but in the case you need to run hundreds of Runbooks simultaneously you certainly need more Runbook Servers.

  • As Architect you have to evaluate the risk. You need to ask: What happened when the service is not available? What is the probability that could happen? Is the service important for your business?
    • There are orchestration tasks for example for 24/7 services. In such case you should consider to have one Runbook server as a backup.
    • You cannot double Management Server and you cannot automatically run jobs on the second Runbook server when the first is down but in the case of failure you can manually choose the second.
    • If your environment will never run a lot of jobs then it is not mistake to use a simple deployment and install all features to a single highly-available virtual machine.

Do you need Orchestrator Web Service and Orchestration console?

  • The Orchestrator Web Service is a service that enables custom applications to connect to Orchestrator to start and stop runbooks and retrieve information.
  • The Orchestration console uses this web service to interact with Orchestrator.
  • The functions that you can perform in the Orchestration console is a subset of the functions in the Runbook Designer so it is not required to install Orchestrator Web Service. But if you install the Web Service in the production environment it is required to secure it.
    • HTTPS
      • In the production environment you need to use Secure Sockets Layer (SSL) for the Orchestrator Web Service.
      • If you have any problem to configure Internet Information Services (IIS) server to use SSL only (only allowed access over HTTPS) then for the security reasons do not install Orchestrator Web Service.
    • Logging
      • By default the Web Service calls are not logged. This applies to the requests made by the Orchestration console as well as the Orchestration Integration Toolkit (OIT). The result is that a user can start a job and pass parameters into a runbook with no record of who started the job.

Environment for the simple deployment

Virtual machines

  • contsco0
    • Microsoft System Center Orchestrator 2012 R2
      • Features
        • [x] Management Server
        • [x] Runbook Server
        • [x] Orchestration Console and Web Service
          • Optional when you need to use Orchestration Console or connect to the Orchestrator from third party application.
        • [x] Runbook Designer
    • .NET Framework 3.5
  • contdb1c0 (SQL Server Failover Cluster with AlwaysOn Availability Groups) or
  • contscodb0 (highly-available VM with standalone SQL Server)
    • Microsoft SQL Server 2012 SP1
      • Features
        • Required
          • [x] Database Engine Services
        • Optional – Management Tools (I recommended to install them on management server only)
          • [x] Management Tools – Basic
            • [x] Management Tools – Complete
      • Named instance (standalone VM): SCO0
      • Collation: SQL_Latin1_General_CP1_CI_AS
    • Configurations
      • Firewall
        • Open
          • 1433 (SQL Server)
          • 5022 (AlwaysOn DB mirroring)
  • contscmng0 (our management terminal server)
    • Microsoft System Center Operations Manager 2012 R2
      • Features
        • [x] Runbook Designer

Service accounts, user accounts and security groups

SCOrch – Service accounts

  • serscos0
    • Service account: SCORch services account
    • Members Of
      • Local Administrators
        • Orchestrator Servers (All)

SCOrch – Security groups

  • scoadmins0
    • Security group: SCORch Users (Administrators)
    • Members
      • You and other admins
    • Members Of
      • Local Administrators
        • Orchestrator Servers (All)

SQL DB Servers – Service accounts

  • serscdb0
    • Service account: Microsoft SQL Servers for System Center deployment.

SQL DB Servers – Security groups

  • scdbadmins0
    • Security group: DB Administrators
    • Members
      • You and other DB admins that are allowed to work on the DBs for the System Center deployment.

Environment for the complex deployment

Virtual machines

  • contscorm0
    • Microsoft System Center Orchestrator 2012 R2
      • Features:
        • [x] Management Server
    • .NET Framework 3.5
  • contscorr0
    • Microsoft System Center Orchestrator 2012 R2
      • Features
        • [x] Runbook Server
        • [x] Runbook Designer
    • .NET Framework 3.5
  • contscorr1 (optional)
    • Microsoft System Center Orchestrator 2012 R2
      • Features
        • [x] Runbook Server
        • [x] Runbook Designer
    • .NET Framework 3.5
  • contscorw0
    • Optional when you need to use Orchestration Console or connect to the Orchestrator from third party application.
    • Microsoft System Center Orchestrator 2012 R2
      • Features
        • [x] Orchestration Console and Web Service
    • .NET Framework 3.5
  • contdb1c0 (SQL Server Failover Cluster with AlwaysOn Availability Groups) or
  • contscodb0 (highly-available VM with standalone SQL Server)
    • Microsoft SQL Server 2012 SP1
      • Features
        • Required
          • [x] Database Engine Services
        • Optional – Management Tools (I recommended to install them on management server only)
          • [x] Management Tools – Basic
            • [x] Management Tools – Complete
      • Named instance (standalone VM): SCO1 / SCOR0
      • Collation: SQL_Latin1_General_CP1_CI_AS
    • Configurations
      • Firewall
        • Open
          • 1433 (SQL Server)
          • 5022 (AlwaysOn DB mirroring)
  • contscmng0 (our management terminal server)
    • Microsoft System Center Operations Manager 2012 R2
      • Features
        • [x] Runbook Designer

Service accounts, user accounts and security groups

  • Same as in the simple deployment.

Rudolf Vesely

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Active Directory Advanced function AlwaysOn Availability Groups AlwaysOn Failover Cluster Instances Building Cloud Cloud Cluster Cmdlet Database Deployment Design DFS Domain Controller DSC Fabric Failover Clustering File Server Group Policy Hardware Profile Host Hyper-V Installation Library Library Asset Library Server Network Operations Manager Orchestrator PowerShell PowerShell User Group PowerShell Workflow Security Service Manager SQL Server Storage System Center Template Time Time Synchronization Tips Virtual Machine Virtual Machine Manager VM Network VM Template Windows Server 2012 R2