In this webinar replay you will learn how you can ignite your company’s managed services offering with ServiceControl’s Simplified Hybrid Identity and Account Governance platform. This is the follow-up webinar to our sponsorship of the Microsoft Worldwide Partner conference in July, 2016.

2. Aldo Zanoni, CEO
ServiceControl, Inc.
Hybrid Identity Made Simple
aldo@servicecontrol.com
www.servicecontrol.com

3. Why the Cloud represents the future
The Microsoft Cloud has reached a tipping point. Customers are moving
to the cloud at a record pace, resulting in nearly 120,000 MS Azure
subscriptions every month.
According to Gartner, 50% of enterprises will use Hybrid Cloud by 2017.
According to a new IDC study, partners with more than half their
revenues in the cloud are growing twice as fast, realizing 1.5 times gross
profits, and experiencing 1.8 times more recurring revenues than those
with less than 50% of their revenues in the cloud.

4. We’re in the golden era of cloud application services.
- Satya Nadella
Microsoft CEO

5. Microsoft’s WPC 2016 message summary to partners
Partners must find ways to transition from
a break/fix model to delivering scalable,
long-term managed services for their cloud
and legacy customers.
Agility is the key to survival. Transition or
be left behind in the cloud dust and become
tomorrow’s dinosaurs!
Secure your position in the digital
transformation. Become your customer’s
trusted Managed Service Partner by
providing innovative solutions to your
customer’s new challenges.

6. The biggest MSP challenge: Cloud +
COMPLEXITY
The tools and scripts we have don’t allow us to create
and manage user accounts, application access, self-
service and workflow across our customer’s new cloud
services and existing systems.
We need to login to different admin apps on different
systems with different credentials to manage identities
for multiple Azure AD, AD on-premises, HR, CRM, ERP,
email systems, and other applications.
Each of these admin apps is complex, require
administrator permissions, and extensive training.
My systems administrators are not developers. They
can’t create and manage PowerShell scripts.

7. Customers are looking for:
Lower costs and simplicity: Reduce the amount
of training required for users to perform simple
tasks across multiple systems.
Better security: Delegate role-based
management tasks more securely.
Business Process automation: Improve
business processes and efficiency with built-in
integrated and advanced workflow.
Single point of management: Create, manage,
and audit user accounts across multiple services
from a single, easy-to-use portal.

8. MSPs value ServiceControl for its…
Simplicity
Security
Scalability
Speed of deployment
Savings and immediate return
on investment
Cloud based systems
On-premises systems
Directories
Email systems
Line of Business applications
CRM & ERP systems
Service multiple customers, across
multiple systems - from a single browser
TM

9. Why ServiceControl?
Highly scalable private cloud or on-premises
implementation.
Connects to your customer’s services and
infrastructure with minimal changes.
Remote installation and configuration services
ensure that your team is up and running quickly.
Securely designate highly technical tasks to non-
technical team members.
Remove IT and high-tech applications from
being a bottleneck. Allow your customer’s
teams to focus on high-priority, revenue-
generating projects.
Cloud based systems
On-premises systems
Directories
Email systems
Line of Business applications
CRM & ERP systems

10. ServiceControl helps us deliver secure, simple, and better
delegated management across our customer’s multiple
systems and applications.
ServiceControl’s integrated workflow and business workflow
automation deliver immediate value to all stakeholders.

11. 011001
011010
001101010
1010Hybrid Cloud with ServiceControl

12. 011001
011010
001101010
1010Hybrid Cloud with ServiceControl
Cloud Services and Applications Connectors: On-Premises Applications Connectors:

13. Site-to-Site VPN
and
Express Route
ON-PREMISES
VIRTUAL NETWORK
(VNET)
Exchange Server
2016/2013/2010
Lync Server 2013
GroupWise 2014/8
Active Directory,
eDirectory, OpenLDAP
Office 365
Remote Agents (Connectors)
Exchange Online
Skype for Business
Azure AD
Example of ServiceControl deployment on Azure Cloud
ServiceControl +
Workflow Engine

14. Site-to-Site VPN
and
Express Route
ON-PREMISES
VIRTUAL NETWORK
(VNET)
Exchange Server
2016/2013/2010
Lync Server 2013
GroupWise 2014/8
Active Directory,
eDirectory, OpenLDAP
Office 365
Remote Agents (Connectors)
Exchange Online
Skype for Business
Azure AD
Example of ServiceControl deployment on Azure Cloud
ServiceControl +
Workflow Engine
Full support for Azure
Service Bus for secure,
transparent, behind the
firewall communication
between ServiceControl
and on-premises
applications.

15. Demonstration infrastructure

16. Remote Agent Server - IIS configuration (sample)

17. GetUserById()
CreateNewUser()
User Principal Name
User License Profile
User Location
SetUserLicense()
correct licenses?
user exist?
0
1
2). Create user (skip if will be created by DirSync)
3). Assign ‘Usage Location’
4). Set user attributes
5). Check licensing profile
1). Try to get user
6). Assign licenses if necessary
CreateUser() method
2). n/a
3). Assign ‘Usage Location’
4). Set user attributes
5). Check licensing profile
1). Try to get user
6). Assign licenses if necessary
EnableUser() method
2). Remove user licenses
3). Delete user object
1). Try to get user
DeleteUser() method
2). Remove user licenses
1). Try to get user
DisableUser() method
wait for DirSync
1
ServiceControl: License-aware user account management
0
0
1
0

18. Create
 Provisioning
 De-provisioning
With ServiceControl, you’re in control
Cloud SaaSOn-premises ServiceControl Platform
Manage
 SaaS and On-premises
Accounts
 Licensing
 Group Membership
 Access Rights
 Applications
Self-service Audit
 Audit Report
 Lifecycle Report
Workflows
Azure AD
Office 365
Public
cloud
Partner SaaS
AppsOther Directories

19. Microsoft Azure
Web AppsSaaS apps
Leveraging Azure AD and Microsoft Cloud Platform
Multiple directories and SaaS apps in the Cloud
(Azure Active Directory
Application Proxy)
Integrated custom apps
Other Directories

20. Integrate your partner solution with Microsoft Azure
Cloud hybrid identities
Use ServiceControl to Manage and Integrate

21. Comprehensiveidentityand
accessmanagementconsole.
Centralizedanddelegated
administrationand
managementforon-premises
andcloud-basedapplications
andservices.
Centrallymanage multiplecustomers’accountsand applicationaccess
Service Team and Non-Technical Staff
IT professional
Azure and Application
Management Portals

22. ServiceControl platform modules

23. ServiceControl: Create
Simplify account creation across multiple systems
Azure Active Directory
Active Directory
eDirectory
Open LDAP
3rd party systems through connectors (SQL,
REST, SOAP)
Office 365 Exchange Online, Exchange on
premise, GroupWise

24. ServiceControl: Create

25. ServiceControl: Manage
Delegate tasks across multiple systems
Active Directory
Azure Active Directory
Open LDAP
3rd party systems (SQL, REST, SOAP)
Account status (enabling/disabling)
Lock/unlock accounts
Security and Distribution Group Membership
Account update (demographic attributes)
Task Authority:
Defines which service desk users
can carry out which tasks.
Search Authority:
Defines with which systems, OUs,
groups, users, or applications tasks
can be carried out.

26. ServiceControl: Manage

27. ServiceControl: Self-Service
Empower end-users
Forgot password (password reset)
Distribution group membership
Auto-enroll/subscription
Request vacation/time off

28. ServiceControl: Self-Service

29. ServiceControl: Audit
Improve compliance
Audit reports
Lifecycle reports
Write audit data to SQL
for enterprise reporting
and billing

30. ServiceControl: Audit

31. ServiceControl: Workflow
Process Automation
Approvals
Notifications
Custom Business Processes
Connectors to cloud services, on-premises
web services, LOB applications and external
workflows

32. ServiceControl: Workflow Designer

33. ServiceControl: Workflow Engine Administration UI

34. ServiceControl: Office 365 App Launcher

35. ServiceControl roadmap (partner- and customer-driven)
DocumentAccess
RightsManagement
(RMS)
Device
Management
PrivilegedIdentity
Management
MoreConnectors:
Salesforce,Dynamics,
Marketo
Dynamicand
UniversalGroups
VDIand
RemoteApps
PartnerSolutions

36. In Summary: ServiceControl Differentiators
Workflow Integration across multiple systems
Workflow-enabled user provisioning and
manager
Hybrid Cloud user account management
Unified account management interface
Delegated authorization
ServiceControl as a Hybrid Cloud Identity hub
Workflow and Remote Action Framework (Secret Sauce)

37. How to partner with ServiceControl:
Schedule a demonstration and technical deep
dive
Complete a mutual non-disclosure agreement
Submit a partner application
http://www.servicecontrol.com/partnerapplication/
Schedule a needs analysis
Schedule a systems requirements review
Schedule 2-hour initial installation and
configuration

38. ServiceControl Pricing
Contact us for pricing, or visit our website at:
http://www.servicecontrol.com/pricing/

39. Partner programs
Value Added Resellers (VARs)
Strategic Alliance Partners
Managed Service Providers
Visit our website at:
http://www.servicecontrol.com/partners/

40. Frequently asked technical questions
Q: What is the unique value of the ServiceControl Business Process Automation
Platform in comparison with other workflow and SaaS integration platforms?
• BizTalk
• Amazon Simple Workflows,
• Nintex workflows
• SharePoint workflows
• Microsoft App Service Logic Apps
• Microsoft Flows
• Others: MuleSoft, SnapLogic, IFTTT, Zapier, etc.

41. A: Indeed, ServiceControl Business Process Automation Platform is, in fact, just another SaaS integration platform.
• Similar to SharePoint and Dynamics CRM workflows, ServiceControl is based on Microsoft Workflow Foundation.
• Similar to Microsoft App Service Logic Apps, ServiceControl uses Swagger metadata to connect to REST services.
• Similar to BizTalk, ServiceControl uses WSDL metadata to connect to SOAP/WCF services.
• Similar to Amazon Simple Workflows and Nintex, ServiceControl can be hosted in the AWS cloud.
• Similar to MuleSoft, SnapLogic, IFTTT, Zapier and others, ServiceControl uses pre-built and custom remote agents to connect to many
SaaS services.
• Similar to Microsoft Flows, ServiceControl can be hosted on Azure Cloud and leverage Azure Service Bus.
What makes ServiceControl different and unique is that the ServiceControl Automation Platform is designed with a focus on identity and
access management. This requires field-specific access and focus which is perhaps not the center of attention of other platforms.
For example:
• ServiceControl has to audit, profile and be able to report on every execution step. It needs to keep a secure record of every service
request/response, exception, email or approval action.
• ServiceControl has to connect dissimilar services in a single orchestration. In our practice, we have to deal with PowerShell, SOAP web services,
REST services, SQL and other proprietary APIs, sometimes all in the context of a single workflow. We have to work with 64-bit and 32-bit
SDKs which cannot be installed on the same box. This is why we have chosen an indirect way to invoke API calls via connectors (remote agents)
that run on independent VMs, not directly via coding workflow activities against the API.
• ServiceControl needs to use management APIs, not content APIs. Most connectors on the market today are concern with content
• management or content integration. Our connectors are mostly concern with identity and access management. These are typically packaged
in separate API sets.
• We have to compensate for the shortcomings of PowerShell APIs. Most management APIs are usually PowerShell-based. This means there
are extra dependencies on other components, multi-threading and scalability issues, incomplete metadata, and other issues.

42. Frequently asked technical questions
Q: Why not just use PowerShell, which is Microsoft’s de-facto standard for
automation and management? After all, PowerShell is used by System Center
runbooks and has many attractive features like:
• PowerShell remoting
• PowerShell workflows
• PowerShell Desirable State Configuration (DSC)
• PowerShell Integrated Scripting Environment (ISE)
• Ability to write custom modules

43. A:PowerShell, is a powerful tool for script and batch management of just about everything. But is it a
good choice as the base technology for a business process automation platform? We do not think so because:
1. PowerShell is not a scalable server technology. WCF and REST are, but not PowerShell.
• PowerShell was designed for desktop client that is run by a single sysadmin in interactive mode.
• Typically, only 2-3 simultaneous remote sessions are allowed.
• Remote sessions take long time to establish, they are easily become abandoned and blocking
entire channel.
2. PowerShell requires custom coding.
• PowerShell assumes that sysadmin will become a programmer. They call it “scripting”, VB-like scripting with embedded
fragments of C# and descriptive language (in case of PS workflows and DSC).
• Our goal is opposite, we want to avoid custom coding as much as possible, which minimize the mistake sysadmin can
make and significantly simplifies DevOps maintenance.
3. PowerShell does not provide complete metadata for proxy auto-generation.
• In comparison with WSDL and Swagger, which are standard means of proxy auto-generation, PowerShell modules
are lacking this essential feature. Metadata can be partially retrieved for arguments, but not for return values
or exceptions.
4. PowerShell development environment is too basic.
• PowerShell Integrated Scripting Environment (ISE) is a standard tool on any Windows Server box. It is nice for a quick
and easy jobs, big improvement comparing with good old Command Prompt.
• It is dwarf, however, in comparison with Visual Studio IDE, BizTalk orchestrator or SharePoint Designer.
• Our approach to design tools is more close to the last two.

44. Frequently asked technical questions
Q: In some cases, like managing Lync 2013 or Skype for Business, PowerShell is
the only management API available. How does ServiceControl help to avoid
PowerShell programming in these scenarios?
Lync 2013 - Provides a
Silverlight-based
management portal with
PowerShell support. No
SDK or REST
management APIs
available for Lync.

45. A: ServiceControl’s connectors to Lync 2013, Skype for Business, Exchange Online, Azure AD and other
systems that require PowerShell for management, do, of course, use PowerShell.
• Note that with ServiceControl, all technical complexity and the challenges of programming with PowerShell
are hidden from you, encapsulated inside our own code that was created by experienced programmers.
• Each connector is a pluggable component that can be used in your business process orchestration.
All complexity related to one or more PowerShell modules and cmdlets is encapsulated inside our connector.
• Connectors encapsulate, aggregate and expose PowerShell functionality in a new way via standard,
ready-for-automation WCF and REST interfaces.
• To be used in workflows, these interfaces are turned into proxies that are used as workflows activities,
the elementary building blocks of any workflow.
• So, instead of programming complexity with PowerShell, we implement the simple composition of
activities into a workflow orchestration.
• At runtime, each workflow step will trigger an activity. The activity calls a proxy. The proxy calls
a connector and the connector will invoke the PowerShell cmdlet(s).

46. Frequently asked technical questions
Q: Why not just use Azure AD, Exchange Online, Skype for Business and the
standard web-based management portals provided by Microsoft?

47. A: There are a number of reasons:
• Not all management operations are available in management portals. Some require
PowerShell programming.
• Typically, IT processes/tasks involve operations on multiple cloud services, each managed from
its own management portal. It is not very convenient for a sysadmin to jump from one portal
to another just to accomplish one single task. For example, the CreateUser task may involve
creating that user account in Azure AD, then in Exchange Online, and then in Skype for Business.
This means that the system administration needs to be trained on and use three 3 different portals.
• Microsoft management portals only support operations on a one-at-a-time basis, e.g. single user
account, single group, etc. Operations on multiple users, groups, accounts are usually not possible.
Bulk importing and management operations are limited and not consistent across portals.
• Working with portals assumes manual interactive processes - no automation possible.

48. Frequently asked technical questions
Q: How can I manage my LOB applications that run behind a firewall
in an on-premises data center?

49. A: ServiceControl’s Automation Platform has the ability to connect to services
and LOB applications that are running behind a firewall.
Depending on the environment, various techniques can be used:
• Azure Virtual Network (VNET) and Site-to-Site connection
• Azure Virtual Network (VNET) and Point-to-Site connection
• Azure Virtual Network (VNET) and Express Route
• Azure AD Application Proxy
• Azure Service Bus (Relay Messaging)
Or, simply install the Azure custom connector behind your firewall. ServiceControl connectors have
built-in support for Azure Service Bus Queues and Relay Messaging.

50. Frequently asked technical questions
Q: What is required to expose my custom cloud service or an on-premises
LOB application to ServiceControl workflows?

51. A: Similar to SOA (service-oriented-architecture) requirements
for web services, ServiceControl requires your service or LOB app
to expose its functionality via a SOAP/WCF/REST web service.
To simplify the proxy auto-generation, the service should make its metadata accessible
via WSDL or Swagger interfaces. Where this is not possible, the ServiceControl
engineering team will help you to build/code the specific proxy.

52. Other questions?
sales@servicecontrol.com
www.servicecontrol.com
http://kb.servicecontrol.com

53. Don’t get left behind in the Cloud dust!
Build your MSP future with ServiceControl.
Aldo Zanoni, CEO
408.675.5020 ext. 232
aldo@servicecontrol.com
www.servicecontrol.com