Automated Tenant Deprovisioning with Service Management Automation in Windows Azure PackPublished: 2014

For the latest information, please see http://aka.ms/BuildingClouds

Introduction.....................................................................................................1Problem Statement / Question / Answer.......................................................1

Background......................................................................................................2

Download.........................................................................................................3

Scope...............................................................................................................4Prerequisites.................................................................................................4

Process.............................................................................................................6

Runbooks.........................................................................................................7Core Example Runbook Scripts.....................................................................8Bonus! Example Runbook Scripts................................................................13

Assets............................................................................................................14Runbook Variable and Credential Asset Requirements...............................14Creating the SMA Assets.............................................................................14

Example Execution Results............................................................................16First Execution............................................................................................16Second Execution........................................................................................16

What Else?.....................................................................................................17

Appendix........................................................................................................18Links Referenced within the Document.......................................................18Links from the Related Blog Series.............................................................18Links to Other Related and Valuable Content.............................................19

Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

IntroductionThis document is dedicated to a topic that has been coming up more and more as the usage of the Windows Azure Pack (WAP) increases. That said, while Provisioning for Tenants is pretty straightforward (and documented), its counterpart, Deprovisioning, is not often a more difficult task manage. The following pages aim to demystify what it means to Deprovision tenant resources within WAP, and thus Virtual Machine Manager (VMM), all leveraging the already available IaaS Cloud Automation tool, Service Management Automation (SMA).

Problem Statement / Question / AnswerProblem “When I delete the Subscription for a WAP User (or the actual User), their Subscription Resources remain in VMM!”

Question “How do I automatically remove Tenant Subscription Resources after the Subscription (or User and Subscription) has been removed from WAP?”

Answer Service Management Automation (SMA) Runbooks constructed specifically to remove Subscription Resources, tied to the WAP/SPF Subscription.Delete Action Event.

1 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

BackgroundAt the beginning of 2014, I published a series of posts around Automated Tenant Provisioning (and later in the year, a White Paper). At that time, it was far more important to get something published that had to do with the creation of resources within WAP, rather than the other side of the coin: removal of those resources within WAP. And while I always had scripts that would remove a given set of resources (who wants to manually do something that can be scripted!?), I never made them “official” – even in my Dev/Test/Prod environments.

Recently, while working on a project where literally hundreds of subscriptions were being created with the intention of immediate removal, I decided to turn my “Deprovisioning Scripts” into actual “Tenant Deprovisioning Runbooks”. I even expanded on their original functionality, linking them to action events within WAP/SPF, and adding even more Deprovision functionality (covering most all of my daily Deprovisioning scenarios).

2 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

DownloadThe download for all the artifacts within this example solution can be found on TechNet Gallery. The downloadable content introduces a collection of example PowerShell Scripts and SMA Runbooks that you can use to Automate Tenant Deprovisioning of Gallery Item VMRoles within WAP.URL: http://gallery.technet.microsoft.com/Windows-Azure-Pack-Tenant-11a71b5d

The download (Windows Azure Pack Tenant Deprovisioning Automation Toolkit.zip) includes the following (11) files:

Core Example Runbook Scripts (8)

Subscription-Delete-Dispatcher.ps1 Get-WAPSubscription.ps1 Remove-SubscriptionResources.ps1 Remove-VMMCloudService.ps1 Remove-VMMStandaloneVM.ps1 Remove-VMMUserRole.ps1 Remove-VMMVMNetwork.ps1 Remove-WAPSubscription.ps1

Bonus! Example Runbook Scripts (2)

Remove-VMMCloudResource.ps1 Remove-WAPUser.ps1

Bonus! SMA Asset Creation Script (1)

Set-TenantDeprovisioningSMAAssets.ps1

3 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

ScopeThis document covers how I went about answering the above question – within a certain scope, of course. There are many ways to accomplish what I am about to provide examples for – so, please leverage this content accordingly.

Here is the scope of this document:

Removal of Tenant Subscription Resources based on Subscription (or User + Subscription) removal

Removal is based on Subscription ID (it is the parameter passed into the Process Runbook)

Removal of the following Subscription Resources: o VMM Cloud Services (Which for my environment, based on

my previous examples, contain all deployed VMM Cloud Resources, or VMRoles)

o VMM Standalone VMs (VM Template deployed Virtual Machines)

o VMM VM Networks (Including Removal of all network specific dependencies (e.g. Gateways, Subnets, etc.)

o VMM User Role (While this usually gets removed when a Subscription is deleted, I have it as part of my process to ensure its removal)

o WAP Subscription (Again, while this is usually removed as part of the Subscription deletion in the portal, I have seen instances where a second call to this via PowerShell with -Force is required)

Removal of the WAP User (A bonus example Runbook I have used to initiate the entire process during load/unload testing – this can be called within a foreach to perform automated Deprovisioning at a large scale)

Removal of the VMM Cloud Resources (Another bonus example Runbook I used before I discovered the over-arching Cloud Service Removal – this may or may not be useful)

Subscription-Delete-Dispatcher (The SPF tagged Runbook that gets invoked whenever the WAP/SPF Subscription.Delete Action Event fires

Example Set/Create Script to ensure the required SMA Assets (Variables and Credentials) can easily be created

Prerequisites

This set of examples is not without its prerequisites. The following is a list of setup/configuration needed to ensure these examples work in your environment:

4 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

Windows Azure Pack , Service Management Automation, Virtual Machine Manager, Service Provider Foundation installed, configured, integrated and working

Automation within Virtual Machine Clouds needs to be configured and working (Runbooks should be able to be triggered based on WAP/SPF Action Events)

SMA should have permissions to execute VMM PowerShell Commands

I also found this TechNet Article interesting: Requirements for using VM Clouds

These may seem like steep prerequisites, but really, they are the same as the Tenant Provisioning Scenario, of which you likely already have working (or at least something similar), otherwise you wouldn’t be looking for this set of examples.

5 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

ProcessThe Deprovisioning process is simple compared to the Provisioning process. In these examples I go directly against VMM (and WAP where appropriate), using the well-known Cmdlets.

The following is the high-level process:

6 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

RunbooksThis post contains the following Runbooks:

Also listed here as text with their nesting associations:

Subscription-Delete-Dispatcher      --> Get-WAPSubscription      --> Remove-SubscriptionResources           --> Remove-VMMCloudService           --> Remove-VMMStandaloneVM           --> Remove-VMMVMNetwork           --> Remove-VMMUserRole           --> Remove-WAPSubscription

Bonus! Runbooks- Remove-VMMCloudResource- Remove-WAPUser

Note     These Runbooks EXAMPLES are by no means perfect. But they are what I use every day in hundreds of various Deprovisioning jobs.

Disclaimer     As the name indicates, these example scripts are meant to Deprovision resources from an environment. They are DESTRUCTIVE. Please ensure you either these as guidance, or have modified them in such a way that works best for your environment. Remember, these are here to provide an automated example to save you clicks. You do not have to use them. Also, they could stand some more Error Handling, I get that. I wanted to get them out as soon as possible, so that you could consume, digest, and refactor as you see fit.

7 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

Core Example Runbook Scripts

And now for the actual scripts. They will be displayed in the same order as listed above.

Subscription-Delete-Dispatcherworkflow Subscription-Delete-Dispatcher{ param ( [object]$resourceObject ) #Get WAP Info and Token $WAPServer = Get-AutomationVariable -Name 'WAP Server' $ClientRealm = Get-AutomationVariable -Name 'Default Client Realm' $WAPCreds = Get-AutomationPSCredential -Name 'WAP Credentials' $Token = Get-Token -WAPServer $WAPServer -clientRealm $ClientRealm -Creds $WAPCreds #Get VMM Info $VmmServerName = Get-AutomationVariable -Name 'VMM Server' $VMMCreds = Get-AutomationPSCredential -Name 'VMM Credentials' #Get Subscription $Subscription = Get-WAPSubscription -SubscriptionID $resourceObject -WAPCreds $WAPCreds ` -WAPServer $WAPServer -Token $Token if (!$Subscription.Error -and $Subscription.SubscriptionObj.State -eq "DeletePending") { Write-Output "Removing all Resources associated with SubscriptionID $resourceObject" Remove-SubscriptionResources -SubscriptionID $resourceObject ` -VMMCreds $VMMCreds -VMMServerName $VmmServerName ` -WAPServer $WAPServer -WAPCreds $WAPCreds -Token $Token } else { Write-Output "$resourceObject No Longer Exists" }}

Notes

1. This Runbook example contains a few SMA Assets (Variables and Credentials). The requirements for these can be found in the next section titled, “Runbook Variable and Credential Asset Requirements”

2. This Runbook example references a Sub-Runbook named “Get-Token” – it is not part of these examples, but has been documented/described previously (see this post, search for “Get and Usage of the WAP MgmtSvcToken”)

3. Depending on the authentication method in your environment, you may need to get an ADFS Token – again, it is not part of these examples, but has also been documented/described previously (see this post, search for “Requesting a token with ADFS”)

4. Because the Delete.Subscription Action Event initiates every time a Subscription is marked for delete (even if it is done multiple times, and even if it is done while in “Deletion in Progress” status), it was important to add the Get-WAPSubscription and include logic which could determine whether or not the Subscription still existed or not

8 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

5. Because Removal of the Subscription happens as part of the process (inside the Remove-SubscriptionResources Runbook), the Subscription-Delete-Dispatcher will initiate twice for every Subscription deleted (this is an extra measure that I took due to some issues with deletion from time to time).

Get-WAPSubscriptionworkflow Get-WAPSubscription{ param ( [string]$SubscriptionID, [string]$WAPServer, [PSCredential]$WAPCreds, [string]$Token ) #Get WAP Connection Info $AdminUri = "https://{0}:30004" -f $WAPServer #Connect to WAP and Get Subscription Info InlineScript { try { $ErrorActionPreference = "Stop" $WAPSubscription = Get-MgmtSvcSubscription -AdminUri $Using:AdminUri ` -SubscriptionId $Using:SubscriptionID ` -Token $Using:Token } catch { $errorMessage = $Error[0].Exception } finally { $ErrorActionPreference = "Continue" } $SubStatusMsg = [PSCustomObject]@{ SubscriptionID = $using:SubscriptionID SubscriptionObj = $WAPSubscription Error = $errorMessage } Write-Output $SubStatusMsg } -PSComputerName $WAPServer -PSCredential $WAPCreds}

Note     This Runbook contains more error handling than I normally provide in my examples. Based on how the WAP Cmdlets handle “Gets” when something doesn’t exist, this was my best option. Remember, this is just an example. There are other ways to handle this.

Remove-SubscriptionResourcesworkflow Remove-SubscriptionResources{ param ( [object]$SubscriptionID, [string]$VmmServerName, [PSCredential]$VMMCreds, [string]$WAPServer, [PSCredential]$WAPCreds, [string]$Token )

9 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

Remove-VMMCloudService -SubscriptionID $SubscriptionID -VMMCreds $VMMCreds ` -VMMServerName $VmmServerName Remove-VMMStandaloneVM -SubscriptionID $SubscriptionID -VMMCreds $VMMCreds ` -VMMServerName $VmmServerName

Remove-VMMVMNetwork -SubscriptionID $SubscriptionID -VMMCreds $VMMCreds ` -VMMServerName $VmmServerName Remove-VMMUserRole -SubscriptionID $SubscriptionID -VMMCreds $VMMCreds ` -VMMServerName $VmmServerName

Remove-WAPSubscription -SubscriptionID $SubscriptionID -WAPCreds $WAPCreds ` -WAPServer $WAPServer -Token $Token}

Note     If you followed my guidance for Automated Tenant Provisioning, you likely have all your VMRoles (Cloud Resources) leveraging the same Cloud Service (naming convention: CloudService-4-<SubscriptionGUID>). If this is the case, you only need to remove the one Cloud Service containing all your VMRoles. If not, it will still get and remove all Cloud Services associated Cloud Resources.

Remove-VMMStandaloneVMworkflow Remove-VMMStandaloneVM{ param ( [string]$SubscriptionID, [string]$VmmServerName, [PSCredential]$VMMCreds ) InlineScript {

Get-SCVMMServer -ComputerName $Using:VmmServerName | Out-Null $StandaloneVMs = Get-SCVirtualMachine | ? {$_.UserRoleID -eq $Using:SubscriptionID -and $_.CloudVmRoleName.Length -eq 0} if ($StandaloneVMs) { foreach ($StandaloneVM in $StandaloneVMs) { $StandaloneVMStop = Stop-SCVirtualMachine -VM $StandaloneVM -Force Write-Verbose $StandaloneVMStop $SAVMStopMsg = "Stopping {0} {1} for {2}" -f $StandaloneVMStop.ObjectType,$StandaloneVMStop.Name,$StandaloneVMStop.UserRole Write-Output $SAVMStopMsg $StandaloneVMRemove = Remove-SCVirtualMachine -VM $StandaloneVM Write-Verbose $StandaloneVMRemove $SAVMRemoveMsg = "{0} {1} {2} for {3}" -f $StandaloneVMRemove.VirtualMachineState,$StandaloneVMRemove.ObjectType,$StandaloneVMRemove.Name,$StandaloneVMRemove.UserRole Write-Output $SAVMRemoveMsg } } } -PSComputerName $VmmServerName -PSCredential $VMMCreds}

Note     This example includes both the Stop and Remove commands required to delete a Standalone VM from VMM. I am also identifying this VM object as non-VMRole by checking that the CloudVmRoleName.Length -eq 0. There are other ways to do this, this is the way that worked for me.

10 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

Remove-VMMVMNetworkworkflow Remove-VMMVMNetwork{ param ( [string]$SubscriptionID, [string]$VmmServerName, [PSCredential]$VMMCreds ) InlineScript { Get-SCVMMServer -ComputerName $Using:VmmServerName | Out-Null $VMNetworks = Get-SCVMNetwork | where {$_.UserRoleID -eq $Using:SubscriptionID} if ($VMNetworks) { foreach ($VMNetwork in $VMNetworks) { $VMNGW = Get-SCVMNetworkGateway -VMNetwork $VMNetwork | Remove-SCVMNetworkGateway Write-Verbose $VMNGW $VMNGWRemoveMsg = "Removing {0} {1} for SubscriptionID: {2}" -f $VMNGW.ObjectType,$VMNGW.Name,$Using:SubscriptionID Write-Output $VMNGWRemoveMsg $VMSubnet = Get-SCVMSubnet -VMNetwork $VMNetwork $VMNIPPool = Get-SCStaticIPAddressPool -VMSubnet $VMSubnet | Remove-SCStaticIPAddressPool Write-Verbose $VMNIPPool $VMNIPPRemoveMsg = "Removing {0} {1} for SubscriptionID: {2}" -f $VMNIPPool.ObjectType,$VMNIPPool.Name,$Using:SubscriptionID Write-Output $VMNIPPRemoveMsg $VMNSubnet = Remove-SCVMSubnet $VMSubnet Write-Verbose $VMNSubnet $VMNSRemoveMsg = "Removing {0} {1} for SubscriptionID: {2}" -f $VMNSubnet.ObjectType,$VMNSubnet.Name,$Using:SubscriptionID Write-Output $VMNSRemoveMsg $VMN = Remove-SCVMNetwork $VMNetwork Write-Verbose $VMN $VMNRemoveMsg = "Removing {0} {1} for SubscriptionID: {2}" -f $VMN.ObjectType,$VMN.Name,$Using:SubscriptionID Write-Output $VMNRemoveMsg } } } -PSComputerName $VmmServerName -PSCredential $VMMCreds}

Note     This example is the most involved of all the Deprovisioning Runbooks. It contains the most moving parts, and is the most “delicate”. You likely know what it takes to create a network with all the various options, so tearing that network back down has to happen in a particular order. This example will remove the following, in the following order: Gateway, Static IP Address Pool, Subnet, and finally the Network. Your environment will vary, so be sure to modify to fit.

Remove-VMMUserRoleworkflow Remove-VMMUserRole{ param ( [string]$SubscriptionID, [string]$VmmServerName, [PSCredential]$VMMCreds

11 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

) InlineScript {

Get-SCVMMServer -ComputerName $Using:VmmServerName | Out-Null $VMMUserRole = Get-SCUserRole -ID $Using:SubscriptionID if ($VMMUserRole) { $VMMUserRoleRemove = Remove-SCUserRole -UserRole $VMMUserRole Write-Verbose $VMMUserRoleRemove $URRemoveMsg = "Removing {0} for {1}" -f $VMMUserRoleRemove.ObjectType,$VMMUserRoleRemove.Name Write-Output $URRemoveMsg } } -PSComputerName $VmmServerName -PSCredential $VMMCreds}

Note     This example is me being (likely) overly thorough. I believe I noticed that even though the Subscription Delete in WAP is supposed to Remove the VMM User Role, sometimes it did not. To ensure that it is deleted, I added this Sub-Runbook to the process. It makes sure the VMM User Role does not remain once a WAP Subscription Removal has been initiated.

Remove-WAPSubscriptionworkflow Remove-WAPSubscription{ param ( [string]$SubscriptionID, [string]$WAPServer, [PSCredential]$WAPCreds, [string]$Token ) #Get WAP Connection Info $AdminUri = "https://{0}:30004" -f $WAPServer #Connect to WAP and Remove Subscription InlineScript { Remove-MgmtSvcSubscription -AdminUri $Using:AdminUri -SubscriptionId $Using:SubscriptionID ` -Token $Using:Token -Confirm:$false -Force } -PSComputerName $WAPServer -PSCredential $WAPCreds}

Note     Again, this is me being (likely) overly thorough. Sometimes, it appears that the Subscription gets “stuck” in “Deletion Pending” (or something similar) – this ensures that it gets removed (the -force works wonders in the WAP Cmdlets).

Bonus! Example Runbook ScriptsRemove-VMMCloudResourceworkflow Remove-VMMCloudResource{ param ( [string]$SubscriptionID, [string]$VmmServerName, [PSCredential]$VMMCreds )

12 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

InlineScript {

Get-SCVMMServer -ComputerName $Using:VmmServerName | Out-Null $CloudResources = Get-CloudResource | ? {$_.UserRoleID -eq $Using:SubscriptionID} if ($CloudResources) { foreach ($CloudResource in $CloudResources) { $CloudResourceRemove = Remove-CloudResource -CloudResource $CloudResource Write-Verbose $CloudResourceRemove $CRRemoveMsg = "{0} {1} {2} for {3}" -f $CloudResourceRemove.ProvisioningState,$CloudResourceRemove.ObjectType,$CloudResourceRemove.Name,$CloudResourceRemove.UserRole Write-Output $CRRemoveMsg } } else { Write-Output "No Cloud Resources exist for Subscription: $Using:SubscriptionID" } } -PSComputerName $VmmServerName -PSCredential $VMMCreds}

Note     As noted above in the Remove-VMMCloudService example, this script is likely not necessary. It also is nearly identical to the Cloud Service example, with a few keywords swapped. It may be useful for out-of-band Cloud Resource Removals (orphaned resources, etc.).

Remove-WAPUserworkflow Remove-WAPUser{ param ( [string]$User, [boolean]$DeleteSubscriptions )

#Get Token $WAPServer = Get-AutomationVariable -Name 'WAP Server' $ClientRealm = Get-AutomationVariable -Name 'Default Client Realm' $WAPCreds = Get-AutomationPSCredential -Name 'WAP Credentials' $Token = Get-Token -WAPServer $WAPServer -clientRealm $ClientRealm -Creds $WAPCreds #Get WAP Connection Info $AdminUri = "https://{0}:30004" -f $WAPServer #Connect to WAP and Remove Subscription InlineScript { if ($Using:DeleteSubscriptions -eq $true) { Remove-MgmtSvcUser -AdminUri $Using:AdminUri -Name $Using:User ` -Token $Using:Token -Confirm:$false -DeleteSubscriptions } else { Remove-MgmtSvcUser -AdminUri $Using:AdminUri -Name $Using:User ` -Token $Using:Token -Confirm:$false -Force } } -PSComputerName $WAPServer -PSCredential $WAPCreds}

Note     This is meant to be a standalone Runbook that can be executed on its own (thus the specific callout to Get a Token). It can be used to force the deletion of a stubborn WAP User (one that gets stuck in “Deletion in Progress” (or something similar)) or to clear out a User and Subscription. Either way, if this is used, and the Subscription.Delete Action Event is hooked to a Runbook, that Runbook will be fired. If it is hooked to the set above, then all the associated resources will be removed as well.

13 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

AssetsAs you can see in the above examples, I have leveraged a few Assets (Variables and Credentials).

Runbook Variable and Credential Asset Requirements

The following is a listing of the required Runbook Variable and Credential Assets.

Variable Assets

WAP Server - Name of the WAP Server (or at least one node of WAP where the Cmdlets are installed)

Default Client Realm - In everything I do for all these examples: http://azureservices/AdminSite

VMM Server - Name of the VMM Server (either one of the nodes, or the cluster name)

Credential Assets

WAP Credentials - Credentials with permissions to perform the remove actions in WAP

VMM Credentials - Credentials with permissions to perform the remove actions in VMM

Note     These Variables and Credentials are primarily used to store information about the environment (WAP and VMM) and the ability to access/authenticate to perform the above scripts. The Token is used to authenticate against the SM API; and the WAP/VMM Credentials are used to remotely connect to the WAP and VMM targets to perform the commands within the scripts.

Creating the SMA Assets

One of the best ways that I have found to make the SMA Assets portable for a given set of Runbooks is to create a “Set Script”. This script leverages the very versatile Set-SmaVariable Cmdlet found in the SMA Module. This Cmdlet has the ability to both SET existing and CREATE new Assets.

The following is an example “Set Script” which can be modified and executed to create the Variable and Credential Assets required for these Deprovisioning Runbooks:

#SET Variable for SMA Web Service Endpoint

14 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

$smaWSEndpoint = "https://sma-server.fqdn"

#SET Variable AssetsSet-SmaVariable -Name "Default Client Realm" -Value "http://azureservices/AdminSite" -WebServiceEndpoint $smaWSEndpointSet-SmaVariable -Name "VMM Server" -Value "vmm-server.fqdn" -WebServiceEndpoint $smaWSEndpointSet-SmaVariable -Name "WAP Server" -Value "wap-server.fqdn" -WebServiceEndpoint $smaWSEndpoint

#SET Credential Assets (by prompt)Set-SmaCredential -Name "WAP Credentials" -Value (Get-Credential)Set-SmaCredential -Name "VMM Credentials" -Value (Get-Credential)

#OR SET Credential Assets (by hardcoded plain text)Set-SmaCredential -Name "WAP Credentials" -Value (New-Object System.Management.Automation.PSCredential ("domain\username", (ConvertTo-SecureString "MyPassword" -AsPlainText -Force))) -WebServiceEndpoint $smaWSEndpointSet-SmaCredential -Name "VMM Credentials" -Value (New-Object System.Management.Automation.PSCredential ("domain\username", (ConvertTo-SecureString "MyPassword" -AsPlainText -Force))) -WebServiceEndpoint $smaWSEndpoint

Note     This is just a simple example of how you could make the SMA Assets (Variables and Credentials) portable from one environment to the next. I have used generic values, so be sure to update the script before use. Once updated, this should be executed on a SMA server where the associated Runbooks will be (or are) imported (or at least somewhere the SMA Module is installed and the SMA WS is accessible).

15 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

Example Execution ResultsThe following are a couple screenshots of the output from the Automated Tenant Deprovisioning Process:

First ExecutionRemoved a Cloud Service, VM Network, and User Role

Second ExecutionAs expected as part of the process, results in a verification that the Subscription “No Longer Exists”

16 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

What Else?The initiation of this process follows the same concept as my Tenant Provisioning Runbooks – WAP/SPF Action Events driven automation. I simply used a different Action Event (Subscription.Delete). There are plenty of other Action Events you could key off of, and initiate Runbooks from…in fact, you could use this same concept to perform a different set of actions (via Runbook) when a Subscription has been Suspended. Yes, there is a WAP/SPF Action Event for Subscription.Suspend/Activate – so just imagine the possibilities (Start/Stop/Store VMs, etc.).

17 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

AppendixThe following are the links referenced throughout this document as well as links related directly to the content:

Links Referenced within the Document Building Clouds Blog: http://aka.ms/BuildingClouds Windows Azure Pack Tenant Provisioning Automation Toolkit TechNet

Gallery Contribution: http://gallery.technet.microsoft.com/Windows-Azure-Pack-Tenant-3e8afd64

Windows Azure Pack Tenant Deprovisioning Automation Toolkit TechNet Gallery Contribution: http://gallery.technet.microsoft.com/Windows-Azure-Pack-Tenant-11a71b5d

Automation–The New World of Tenant Provisioning with Windows Azure Pack (Part 1): Introduction and Table of Contents: http://blogs.technet.com/b/privatecloud/archive/2014/02/28/automation-the-new-world-of-tenant-provisioning-with-windows-azure-pack-part-1-introduction-and-table-of-contents.aspx

Windows Azure Pack for Windows Server: http://technet.microsoft.com/en-us/library/dn296435.aspx

Service Management Automation: http://technet.microsoft.com/en-us/library/dn469260.aspx

Virtual Machine Manager: http://technet.microsoft.com/en-us/library/gg610610.aspx

Service Provider Foundation: http://technet.microsoft.com/en-us/library/jj642895.aspx

Using automation with Virtual Machine Clouds: http://technet.microsoft.com/en-us/library/dn457800.aspx

Requirements for using VM Clouds: http://technet.microsoft.com/en-us/library/dn457804.aspx

Links from the Related Blog SeriesAutomation–Windows Azure Pack & Service Management Automation–Automated Tenant Deprovisioning

18 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack

Automation–The New World of Tenant Provisioning with Windows Azure Pack

Part 1: Intro & TOC Part 2: Automated Deployment of Tenant Network and Identity

Workload (Isolated Tenant Virtual Network & Active Directory VMRole; from the Service Admin Persona)

Part 3: Automated Deployment of the Identity Workload as a Tenant Admin (Active Directory VMRole; from the Tenant Admin Persona)

Part 4: Automated Deployment of Tenant Workloads (Lync, SharePoint, and Exchange) (Lync, SharePoint, and Exchange VMRoles; from both Service Admin and Tenant Admin Personas)

Part 5: Working with the SQL Server resource provider, and the ITIL dilemma (by Bruno Saille)

Links to Other Related and Valuable Content Windows Azure Pack–Gallery Item VMRole–References for Creation,

Configuration, and Automation: http://blogs.technet.com/b/privatecloud/archive/2014/03/11/windows-azure-pack-gallery-item-vm-role-resources-for-creation-configuration-and-automation.aspx

8-Minute-Demo: Automated Tenant Provisioning Video: http://www.youtube.com/watch?v=xZIgPAyyg7E

19 Automated Tenant Deprovisioning with Service Management Automation in Windows Azure Pack