© 2014 IBM Corporation
Service Integration Guide for IBM Cloud Marketplace Providers John Teoh & Dominique Vernier 06/17/2015
IBM Confidential
© 2014 IBM Corporation
Introduction and Overview
2 IBM Confidential
Comprehensive catalog including both IBM and 3rd party offerings and supported by multi-billion dollar investments:
- Biz (line of business) features hundreds of world class applications in SaaS portfolio
- Dev (developer) supports traditional application styles (patterns) and new application styles (composable services/Bluemix)
- Ops (IT operations) features SoftLayer’s high performance infrastructure services
Purpose built Solutions (e.g., Mobile, DevOps) help you navigate the catalog
Enables customers to discover and experiment with a broad portfolio of offerings in a consistent way
http://ibm.com/marketplace/cloud http://www.ibm.com/cloud-computing/us/en/partner-landing.html
Partner
Join-now:
© 2014 IBM Corporation
Frequently Asked Questions As Partners Think About Service Integration
• I have a product/service that I want to sell on the IBM Cloud Marketplace. How do I begin to list my service in your catalog?
• I’m currently running or will run my service on SoftLayer. What do I need to do to integrate my service into the marketplace?
• When a customer buys my service on the marketplace, what do I need to do to provision the service for the customer?
3 IBM Confidential
1
2
3
© 2014 IBM Corporation
How to list my service in your catalog?
I. Decide to use the download or Web App fully integrated listing type
II. Plan and enter marketing profile and features
III. Plan and enter pricing plans
4
© 2014 IBM Corporation
What do I need to list a download listing for my service in the marketplace? I. Simply complete the download
listing forms in the marketplace
II. Comply with export compliance. Reference section G and links to US Department of Commerce in this doc: Business Partner Policies
5
© 2014 IBM Corporation
What do I need to do to integrate my service into the marketplace? I. Add a web app product
II. Decide if single user or multi-user usage model
III. Develop endpoints to manage subscription lifecycle
IV. Provision software or service
6
Controller
Partner Service Deployment
Service Orchestrator (Package, Deploy & Manage SW/Service)
Marketplace
IBM & Partner Services
“Buy”
Business Support
Services (BSS)
Service Orchestration
SaaS SW Image
© 2014 IBM Corporation IBM Confidential 06/19/14
The marketplace acts as an OpenID 2.0 provider to support single sign-on for
applications. To support single sign-on, your applications need to act as OpenID
consumers.
Login URL is an endpoint that redirects users to your product login page.
OpenID Realm is optional: For OpenID authentication requests from unknown
consumers, Marketplace will prompt users with a confirmation message asking if they
want to log into the site.
When user places a new order, the marketplace notifies your service via
Subscription Create Notification URL.
When user changes from one pricing plan to another, the marketplace
notifies your service about the plan change.
When user cancels a service subscription, the marketplace notifies
your service about the cancellation.
When there is a status change, e.g. when free trial expires, marketplace notifies you.
When UPCOMING_Invoice is checked, you will be reminded to send in metered data
for billing.
Subscription Add-on Event flow is created when user buys an add-on on
top of a pricing edition.
For Bluemix integration, this notification is used to carry the Cloud
Foundry payload e.g. cf create-, bind-, unbind-, delete-service from
Bluemix
IBM Confidential
OAuth provides authorization for all Marketplace APIs and validates if the
request is coming from your marketplace service
7
Marketplace Integration Endpoints
© 2014 IBM Corporation
RES
T A
PI
OAuth authorize
Fetch Event data Product
Actions
Marketplace 3
4
5
6
7
1
Partner Product
Events
“Buy”
Customer
Products Listing
End
po
int
XML/JSON
XML
Return Response
“Subscription Create/Order”
Notification
Integration Flow
2
Event object generated
https://www.xxmarketplacexx.com/api/integration/v1/events/dummyOrder
Subscription_Order
Subscription_Change
Subscription_Notice
Subscription_Cancel
Addon_Order
…
…
<consumer key/secret>
<consumer key/secret>
- Create account or
register user.
- Deploy resources
required on
Softlayer
8
© 2014 IBM Corporation IBM Confidential 9
Introducing Service Controller Integration Tool
─ Optional tool for partners to
use to simplify service
integration
─ Java based tool requiring
small footprint (1 VM, App
Svr and DB Svr)
─ Deploys software images
and services on SL
─ Automates provisioning
management on partner or
customer SL account
─ Reduces integration errors
via automation with
systematic step-by-step
implementation process
─ Maintains security and
validates each user request
between the marketplace
and the service
Marketplace Listings
Orchestration via Service Controller
“Buy”
User
Partner Enablement
Team
Browse, Buy & Use Services
Provision images
SoftLayer BMs
Service Controller VM
Tomcat VM
SoftLayer VMs
Services
Service Controller Deeper Look
IBM Confidential
CDN
© 2014 IBM Corporation
Each marketplace service can have one or more Editions (i.e., pricing plans) and each Edition can have one of the following 4 Revenue Models
Editions and Revenue Models
Pre-configured mode
Custom mode
11
Support flat rate and usage pricings
IBM Confidential
© 2014 IBM Corporation
Common Partner Deployment Use Cases
12 IBM Confidential
• Partner delivers free trial, multi-tenant SaaS, software/service for Bluemix, from their SoftLayer environment
• Partner has full control of the software and environment, freedom to choose which SoftLayer location and VLANs for deployment
• Partner manages the software and infrastructure endpoints
• Partner delivers software directly into
customer’s SoftLayer environment
• Partner wants the customer to have the
option to choose which SoftLayer location
and VLANs to deploy software
• Customer manages the software and
infrastructure endpoints
Partner SL Account (UC1) Customer SL Account (UC2)
© 2014 IBM Corporation
IBM Marketplace – Bluemix Integration Overview
I. Bluemix leverages IBM Cloud Marketplace master catalog listing to publish the same product and pricing plans in Bluemix
II. A service broker/gateway is in place to connect between Marketplace and Bluemix
III. Bluemix subscription activities flow through marketplace so service can listen to the same consistent endpoint
13 IBM Confidential
Controller
Partner Service Deployment
Service Orchestrator (Package, Deploy & Manage SW/Service)
Marketplace
IBM & Partner Services
“Buy”
Business Support
Services (BSS)
Service Orchestration
© 2014 IBM Corporation IBM Confidential 14
Marketplace - Bluemix Integration
Bluemix Catalog
Catalog
4 CF Calls B
M-M
P B
roke
r
SSO
Svc
Service Endpoints
BM Sub-Marketplace
Svc
Main Marketplace
Svc
BM
Pro
xy
Service Controller
Bluemix Users
Marketplace - Bluemix Integration Process Overview
© 2014 IBM Corporation IBM Confidential
Marketplace - Bluemix Integration Details
15
Bluemix
Catalog
4 CF Calls
SOFTLAYER
BM
-MP
Bro
ker
Bluemix
Users SSO
(12) IBM: Create a new partner account (13) IBM: Refresh Bluemix Catalog • Run
update_service_broker for new/update offering in private mode
(14) IBM: Tag as IBM 3rd party offering
Svc
(7) IBM: Set BM category tag (need input from partner? Or pull from MP tag) (8) IBM: Request to add to BM sub-mp for specific location (Dallas, London, etc) One time (9) Partner: Partner approves add (one time only) (10) IBM: Add button - Network publish to BM marketplace (11) IBM: Notify BM team
(1) Create Marketplace catalog entry w/ product info & pricing (2) Complete prereq fields and BM enablement steps in : BM Integration Select Edition-based (non-app bindable) or Add-on (app bindable) based option . Note: Bluemix does not support Interactive Page/Additional product settings. Ignore CF extension pre-reqs, use Bluemix pre-reqs instead (3) Develop product endpoints to handle auth and subscription functions: Service Orchestration Package (Password avail. upon contract signing) (5) Complete publishing offering in marketplace 6) IBM: Review to • Approve/reject (new/update) • Assign/update marketplace
settings
Service Endpoints
(4) Test listening to endpoints and take product actions
(15) Partner: Test product responses to user’s CF subscription calls. If Add-on bind intg is needed, test: cf create-service -> MP create + Addon create cf bind-service -> MP addon bind cf unbind-service -> MP addon unbind cf delete-service -> MP addon delete (16) IBM: Verify dashboard_URL created by provision works (optional if SSO is used) (17) IBM: BM approval team approves/rejects (18) IBM: Admin team makes offering public
BM Sub-Marketplace
Svc
Main Marketplace
Svc
BM
Pro
xy
Service Controller
© 2014 IBM Corporation
Document Resources
16 IBM Confidential
Document / Link Description
Vendor guide http://docs.marketplace.ibmcloud.com/files/vendorguide.pdf
Service orchestration package https://developer.ibm.com/marketplace/docs/vendor-guide/downloads/
Password required
Marketplace API overview http://info.appdirect.com/api/docs
Integrating with Bluemix https://developer.ibm.com/marketplace/docs/vendor-guide/integrating-bluemix/
© 2014 IBM Corporation
Demo
17 IBM Confidential
Common Marketplace
Controller
Partner Services
REST Endpoint for Marketplace Integration
“Try or Buy”
Customer
Service Provider
(IBM or BP)
Browse, Buy & Use Services
Common Business Support Services
(BSS)
Manage Service
Service Virtual Machines
Pro
vid
e S
erv
ice
Provision
• Goal: Using service controller framework to accelerate
partner service integration
• Provide guidance to help jumpstart service providers in
integrating their service with marketplace APIs
• Show how to use the controller to handle and interact
with requests/events coming from the marketplace
• Provisions resources to customer SL account
SoftLayer Tomcat Image Tomcat + MySQL n-tier App Deployment
Tomcat VM Tomcat VM MySQL VM
DNS
Shared SL
Svc
© 2014 IBM Corporation
Backup
18 IBM Confidential
© 2014 IBM Corporation
Integration Endpoints
© 2014 IBM Corporation
Standard Service Controller Framework
20 IBM Confidential
Common Marketplace
Controller / Service Provider
Partner Services
REST Endpoint for Marketplace Integration
“Buy”
Customer
Service Provider
(IBM or BP)
Browse, Buy & Use Services
Marketplace Common Business Support Services
(BSS)
Manage Service
Pro
vid
e S
erv
ice
Provision service
Does your service require SL resources to be dynamically provisioned
for each new user or connecting all users to already provisioned
running service resources???
Service Resources e.g. Virtual Machines
SL DNS
Service
• Use Case: Leverage service controller framework
(Sample Java methods) to accelerate partner service
integration and manage SL resources for basic
integration
• Jumpstart service providers in integrating their service
with marketplace APIs
• Selection Criteria:
Use Service controller for basic integration.
Not intended for application packaging or
managing the lifecycle of application environment
including monitoring, backup/restore, auto-
scaling, etc
© 2014 IBM Corporation IBM Confidential 06/19/14
Service Controller Deeper Look: The Framework Technically is…
1. A Java Web Application which runs on an Application Server (Tested on
WebSphere, Tomcat and Jetty).
2. A fully customizable application;
1. Service provider can provide their own business logic at different stage
of the request execution.
2. Service provider can provide the topology to deploy on IaaS e.g.
SoftLayer.
3. Service provider can decide which database to use for auditing.
3. Managing authentication between the marketplace and the controller.
4. A marketplace emulator application which allows you to test your controller
implementation locally.
5. A Developer's Guide.
6. A zip file which contains:
1. Scripts to download all Open Source dependencies.
2. Script to build the controller and generate the war file.
3. Script to build the marketplace emulator.
4. The javadoc.
21
© 2014 IBM Corporation IBM Confidential 06/19/14
Service Controller Deeper Look: Service Controller Component Model
Listener component:
Listens to the request from the cloud marketplace e.g. REST
API and dispatches the request after authentication to the
handler component. Separating the Listener component from
the Handler component allows for asynchronous
communication and request buffering for performance.
Authentication component:
Checks the authorization and authentication for a given
request.
AccountID component:
Generates the unique accountID for service instance creation.
As the Controller deals with only one subscription per user, the
unique accountID is used to identify the user for a particular
service. Also, it keeps track and manages the resources used
to provide the service to the user.
Topology component:
Provides a way to describe the organization of the resources needed for a
given service. Resources can be either IT IaaS, PaaS or SaaS or non-IT
generic services. The topology describes the characteristics of resources,.
e.g. infrastructure characteristics include CPU, MEM, Storage along with
the service configuration scripts needed to run on each VM after
deployment.
Handler component:
Receives the request from the listener, validates it and then executes it.
The validation will be the first action, if the validation does not pass, an
error message will be returned to the listener as response for the request.
It retrieves information from the Topology and AccountID components in
order to know what to do. Service providers have the opportunity to run
custom code/script and interact before and after the deployment.
Audit component:
The audit component will record the origin, timestamp and status of all
requests .
BSS component:
The handler updates BSS component with usage metrics about the
deployed service in order to generate billing and invoice information. 22
© 2014 IBM Corporation IBM Confidential 06/19/14
Service Controller: Service Pre-requisites
1. Service event_type: a) Subscribe: Subscribe to a pricing edition and deploy service with service
controller
b) Unsubscribe: Unsubscribe from a pricing edition and remove service with service
controller
2. A service description id:
a) Reference the type of service that needs to be provided. E.g. the offering plan the
user selects
b) Description includes service name, unique edition code, add-on code, etc
3. ServiceTrackingID:
a) Generates the unique ID (UUID) to track service resources. The tracking is
needed to deallocate the right resources from the service.
4. Controller deployment pre-reqs:
a) Install maven client on client machine
b) Install Java 1.8, Tomcat or another application server, DB on a light-weight VM
server
23
© 2014 IBM Corporation IBM Confidential 06/19/14
Service Controller Flow Click here
for clarity
24
© 2014 IBM Corporation
Service Controller Flow (contd')
All requests follow the same flow of steps below, only the step 7 differs: 1. The request from the marketplace to controller is authenticated using Oauth implementation.
2. The details of the request is retrieved.
3. The request is sent to the dispatcher.
4. The dispatcher audits the request for future tracking.
5. Additional Authentication/Authorization against the user and account resource allocation, as needed.
6. The dispatcher select the correct handler. Each handler executes the following steps:
i. i) validate the request.
ii. ii) execute business logic before executing the request.
iii. iii) execute the request.
iv. iv) execute business logic after the request execution.
v. v) Update the BSS.
7. The implementation of the above is done on the different handler types.
Our implementation has handler out of the box to subscribe/unsubscribe PaaS services on Softlayer, Cloudify and
CloudFoundry. Depending on the cloud target, the needed topology is provided in an adapted form.
Softlayer: An JSON represents configuration for resources to be deployed and the service specific scripts to be
launched.
CloudFoundry: A buildpack to deploy.
Cloudify: A recipe to deploy.
Processing errors are sent back to the marketplace.
25
© 2014 IBM Corporation
Service Controller: Sample Use Case 1
The ISV service provider would like to deliver a solution based on SaaS solution which is already
deployed on SoftLayer.
1.The ISV creates a new product in the IBM Cloud marketplace.
2.The ISV defines at the minimum the subscription and cancel URL endpoints.
3.The ISV implements the handlers (Java) to make the service available.
1. The following hook methods exist: validate, beforeHandler, handler, afterHandler,
updateBSS and progress. The ISV can put his own business logic in each of them.
4.The ISV configure and install the service controller.
5.The controller will:
1. Capture each request and:
1. Verify if the request was sent from the marketplace using OAuth.
2. Automatically call the correct handlers.
2. Provide an audit trail table.
26
© 2014 IBM Corporation
Service Controller: Sample Use Case 2
The ISV service provider would like to deliver a solution based on VM containing Tomcat and
another containing MySQL on Softlayer.
1.The ISV creates a new product in the IBM Cloud marketplace.
2.The ISV defines at the minimum the subscription and cancel API URL endpoints.
3.The ISV configures and installs the service controller.
4.The controller will (in addition to the actions in Sample Use Case 1):
1. Capture the subscription request and:
1. Automatically deploy the Tomcat and MySQL VMs.
2. Make available the IP address of the MySQL VM on the Tomcat VM
3. Make available additional service specific parameters to configure on each VM
4. Launches on each VM the necessary scripts to install/configure the ISV application.
5. Potentially add a DNS entry to access the Tomcat environment.
2. Capture the cancel request and:
1. Uniquely identify the user’s environment
2. Decommission the full environment.
3. Delete the DNS entry.
27
© 2014 IBM Corporation IBM Confidential 06/19/14
Service Controller: The Results
1. A service a) Is deployed on a chosen platform: Our current implementation integrates with
SoftLayer, CloudFoundry and Cloudify.
b) The capability to manage this service through different events.
2. An Audit trail a) Allowing to audit all requests and their corresponding statuses.
28
© 2014 IBM Corporation
Controller Flow
29 IBM Confidential
© 2014 IBM Corporation
IBM Cloud partner
MP (Marketpla
ce )
MySQL Service
Clo
ud
Fo
un
dry
Gat
eway
/ S
ervi
ce
Bro
ker
IBM BlueMix IBM Cloud Marketplace
30
© 2014 IBM Corporation IBM Confidential 31
Bluemix-MP Service Broker - SSO Flow
© 2014 IBM Corporation 32 IBM Confidential
Deploying Software and Services to SoftLayer from Marketplace
Deploying software – traditional customer owned and managed IT
–Customer selects software product from the marketplace – ISV supplies software – ISV deploys software –Customer owns SoftLayer account and resources –Customer manages the software and other resources
–3Q: ISV owns the deployment service (service controller) –Future: IBM provides the deployment service as a multi-tenant service for providers
Deploying a service – as a service, provider owned and managed IT
–Customer selects service from the marketplace – ISV/provider supplies software – ISV/provider deploys software – ISV/provider owns SoftLayer account and resources – ISV/provider manages the software and other resources
–3Q: ISV owns the deployment service (service controller) –Future: IBM provides the deployment service as a multi-tenant service for providers
© 2014 IBM Corporation
How will IBM and Business Partners handle commerce? Commercial model will follow established marketplace models.
- IBM will invoice the customer and collect payment.
- Different options for metering and billing, including support for complex metering by taking metering information from the Business Partner as part of the regular billing cycle.
- IBM retains a royalty.
- Business Partners will be responsible for their costs of delivery, including infrastructure.
Business Partners continue to establish and maintain direct relationships with customers.
Business Partners must ensure their services meet production SLAs with production level support.
First commercial capability launched in Q3 2-14, supporting US transactions with credit cards. Additional functionality will be provided in successive upgrades, including support for non-US transactions.
Will support US federal government requirements for usage by federal users in 2015.
33
© 2014 IBM Corporation
Each marketplace service can have one or more Editions (i.e., pricing plans)
Each Edition can have one of the following Revenue Models - Free - One time - Recurring - Tiered
All business partners must offer at least one priced edition, with a 30 day trial period.
One time services are charged upon checkout. Any download service (e.g., pattern, image) must be set up as a One time service.
Recurring services can be charged per day or per month. Partial day or partial month usage counts as a full day or month, respectively.
Tiered services can combine multiple one time and recurring charges.
Metered services (e.g., “$/user”) provide the most flexibility. Your service provides the usage data, and IBM Cloud marketplace performs the calculations and billing. Most common units of measurement are supported.
All priced plans can have a setup fee.
Editions and Pricing
34
© 2014 IBM Corporation
To Sign up for the free trial, please visit:
http://www.softlayer.com/info/free-cloud
To sign up to become referral partners, please visit:
http://www.softlayer.com/referral-program
If you’d like to become part of the Solution & Services Provider Program
(AKA Reseller Program). Please contact: Stella Clary at [email protected]
SoftLayer Sign-up
35