November 10th, 2016

Automation Runbooks & DSC: How Operational Management Suite keeps Customers Safe & Secure in Azure

azure-automation_color

In my last post, I talked about the second of the two services within the Operational Management Suit (OMS) that focuses on Backup & Recovery of your On-Prem or Cloud related infrastructure. However, this is only one piece of the operational management footprint that Public Sector customers’ IT departments need to keep their applications and infrastructure safe, secure, and most importantly, functioning. The third service within OMS that I want to talk about now is Azure Automation, which you can think of as a service that will manage frequent, time-consuming, and error-prone management tasks.

Automation Runbooks and Desired State Configuration(DSC)

As much as we would love them to, Applications, Servers and VMs are rarely able to take care of themselves. There is continual upkeep and tasks that need to be performed over time as well as the need to make sure that each Server or VM of a specific type is configured in just the right way for the Application(s) to function properly. That is where Azure Automation comes into play and just like the two previous Services that I discussed, it can be used for both your Azure Government Cloud Services as well as your On-Prem environment.

Runbooks

If you are, or have ever been a Windows System Administrator, then you probably have one or more PowerShell scripts that you are using either through the Windows Scheduler service or you are running them from your own workstations to perform regularly scheduled tasks. Even though your Servers may now be in Azure Government, this does not mean that those PowerShell scripts are no longer relevant. Matter of fact, there are probably some additional scripts that you will need to automate tasks within the Azure Government Cloud itself and PowerShell is definitely a great way to go.

Here are just a few of the features that you get from Azure Automation Runbooks:

  • Windows PowerShell scripts and workflows—known as Runbooks—help you work smarter by handling the creation, deployment, monitoring, and maintenance of Azure resources and third-party applications
  • Automation Runbook Gallery puts samples, utilities, and scenario runbooks right at your fingertips, so that you can get up and running quickly with your automation tasks
  • Automation Runbooks work with Web Apps in Azure App Service, Azure Virtual Machines, Azure Storage, Azure SQL Database, and other popular Azure services
  • PowerShell parameters, credentials, certificates, and custom modules can all be saved and managed centrally for use within one or many different Runbooks
  • With the availability of Webhooks, the same PowerShell Runbooks that can be triggered manually or through a scheduled job, can be called from outside Azure Automation by other services
  • Hybrid Runbook Worker feature of Azure Automation allows you to run runbooks on machines located in your data center in order to manage local resources
  • Runbooks can be imported, created, or edited through either a Textual or Graphical editor and then tested while all Runbook code is maintained in source code control
    Azure Automation Account Summary
    Azure Automation Account Summary
    Runbook Graphical Editor
    Runbook Graphical Editor
    Desired State Configuration (DSC)

    The last area to bring all of this together is Configuration Management. There are many ways to provide this type of functionality with both On-Prem and Cloud based environments, but to provide a single location that can provide Configuration Management as well as all of the other services that we have been talking about can only be done through Azure Government, and specifically, Azure Automation DSC.

    With DSC, you put together a PowerShell script that defines what configurations, services, and software should be installed within a given Server or VM and this can be applied to both Windows and Linux VMs alike. However, over time the requirements for the VMs will change and will you want to manage and audit the VMs to verify that they have had their configurations applied properly. For example, the following few lines of code will make sure that a Windows Server has IIS installed and that .NET 4.5.1 is installed on top:

    WindowsFeature IIS { Name = “Web-Server” Ensure = “Present” }

    WindowsFeature InstallDotNet45 { Name = “Web-Asp-Net45” Ensure = “Present” }

    Without using some kind of configuration management system, you are required to configure each VM individually with the DSC script and then audit each of those servers manually. With Azure Automation DSC, we provide you with a single interface where you can upload and compile the DSC script for use, configure the VMs to use the specific Configuration that should be applied, define a frequency for how often the server should check for changes to the script as well as a central place to audit and validate that the server has all of the correct configurations applied to it.

    Automation DSC Node Audit
    Automation DSC Node Audit

    For more detailed information about all of the capabilities with both Azure Automation Runbooks and DSC, please take a look at the following documentation: https://azure.microsoft.com/en-us/documentation/services/automation/

    Finally

    Now that I have covered three of the four services, I hope that you can see how Microsoft and specifically Azure Government can deliver a safe and secure environment for your applications that are deployed using a standard IaaS based infrastructure. That infrastructure is kept safe and secure through these operational management services that can deliver Backup & Recovery services as well as Automated operational and configuration management tasks. All of this is possible no matter if your infrastructure is in Azure Government or is in your own On-Prem environment.

    In my final post, I will cover the last and in my opinion, the best of the four services within OMS, Log Analytics, which brings everything together by providing a tremendously rich monitoring platform for your IaaS.

    0 comments

    Discussion are closed.