Azure Managed Applications enable Managed Service Provider (MSP), Independent Software Vendor (ISV) partners, and enterprise IT teams to deliver fully managed turnkey cloud solutions that can be made available through the enterprise Service Catalog of a specific end-customer. Customers can quickly deploy managed applications in their own subscription and rely on the partner or central IT team for maintenance operations and support across the lifecycle.
It is the doorway through which enterprises consume Azure.
Organization Service Catalog as a distribution channel
Service Catalog allows organizations to create a catalog of approved applications and services that can be consumed by people in the organization. It can contain anything from customized virtual machine offers, servers, databases to complex in-house applications. Maintaining such a catalog of solutions is helpful especially for central IT teams in enterprises as it enables them to ensure compliance with certain organizational standards while providing great solutions for their organization. They can control, update, and maintain these applications. It allows employees in the organization to easily discover the rich set of applications that are recommended and approved by the IT department. The customers will only see the Service Catalog Managed Applications created by themselves or those that have been shared with them by other people in the organization.
Enterprise can control who gets to publish to the Service Catalog using Azure Role Based access control. This role translates to a Service Catalog Admin. And then there can be a separate role for consumers of Service Catalog.
Publishing to the Service Catalog is simple can be performed using Azure Portal, CLI or PowerShell. The main components required are a) the template files, which describe the resources that will be provisioned, and b) the UI definition file, which describes how the required inputs for provisioning these resources will be displayed in the portal. The required files are packaged in a .zip file and uploaded through the Service Catalog blade in portal. Below is the screenshot from the publishing portal. Learn more about how to publish and consume Service Catalog Managed Applications.
There are no additional fees for partners publishing Managed Applications into customer Service Catalog.
Customers are billed for the consumption of the Azure resources which are part of the Managed Application, using their regular billing construct. For example, if as part of the Managed Application, a virtual machine gets provisioned in the customers subscription, the customer will be charged for the virtual machine usage. Similarly, the fees partners charge customers for lifecycle operations will show as a new line item in customer’s Azure invoice.
The resource group containing the resources which are part of the Managed Application is locked for the customer. The customer has read-only access to the resources in this resource group. As a result, the customer cannot accidently delete or update the resources which are part of the Managed application. The publisher can choose to publish an unlocked Managed Application as well which would then allow the customers to make changes or delete the underlying components.
The publisher of the managed application, however, gets either the required permissions which enables him to maintain, service, and upgrade the application in the customer’s tenant. These permissions are defined by the typical Azure RBAC roles. More details on this can be found in the Additional Resources section.
Publishing at Customer’s Service Catalog
Below is a short summary to help in understanding the key capabilities when publishing to Service Catalog.
|Service Catalog Managed Application|
|Publishing Tool|| |
|Consumption Tool|| |
|Artifacts needed for package|| |
|Uses cases |
|Use cases |
Please try out this new service and let us know your feedback through our user voice channel or in the comments below.