{"id":17778,"date":"2019-06-07T02:33:12","date_gmt":"2019-06-07T10:33:12","guid":{"rendered":"http:\/\/devblogs.microsoft.com\/powershell\/?p=17778"},"modified":"2019-06-07T02:51:50","modified_gmt":"2019-06-07T10:51:50","slug":"dsc-planning-update-june-2019","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/dsc-planning-update-june-2019\/","title":{"rendered":"DSC Planning Update &#8211; June 2019"},"content":{"rendered":"<p><span data-contrast=\"auto\">It has been almost a year since the last<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">DSC Planning update.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">There has been a lot going on,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">many decisions being made,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and it just didn\u2019t make sense to post earlier in this calendar year.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">In this post we will review what has been shipped<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and the\u00a0<\/span><span data-contrast=\"auto\">high-level<\/span><span data-contrast=\"auto\">\u00a0direction we are heading.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">I am accompanying this post with<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">write-ups that are for the more technical audience.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">In two parts,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">I would like to explain the implementation<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">of the Guest Configuration client\/service<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and exactly how the new DSC engine functions.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">If you take nothing else away,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">here are the\u00a0<\/span><span data-contrast=\"auto\">top-level<\/span><span data-contrast=\"auto\">\u00a0items:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1003\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">The new implementation of DSC is Azure Policy Guest Configuration<\/span><span data-ccp-props=\"{&quot;335559738&quot;:36,&quot;335559739&quot;:36}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1003\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">The solution is GA for built-in content and is moving towards a preview for custom content<\/span><span data-ccp-props=\"{&quot;335559738&quot;:36,&quot;335559739&quot;:36}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1003\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Your skill set and your DSC scripts\/modules can be used in a new way<\/span><span data-ccp-props=\"{&quot;335559738&quot;:36,&quot;335559739&quot;:36}\">\u00a0<\/span><\/li>\n<\/ul>\n<h3 aria-level=\"2\"><b><span data-contrast=\"none\">Azure Policy Guest Configuration<\/span><\/b><span data-ccp-props=\"{&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Previously we have referred to the new DSC codebase<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">under different names.<\/span><span data-contrast=\"auto\">\u00a0<\/span><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/dsc-future-direction-update\/\"><span data-contrast=\"none\">\u201c<\/span><span data-contrast=\"none\">DSC Core<\/span><span data-contrast=\"none\">\u201d<\/span><\/a><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and<\/span><span data-contrast=\"auto\">\u00a0<\/span><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/dsc-planning-update-january-2018\/\"><span data-contrast=\"none\">\u201c<\/span><span data-contrast=\"none\">the new LCM<\/span><span data-contrast=\"none\">\u201d<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">We also disclosed that the platform would be used in<\/span><span data-contrast=\"auto\">\u00a0<\/span><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/desired-state-configuration-dsc-planning-update-september-2018\/\"><span data-contrast=\"none\">Azure Policy Guest Configuration<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p aria-level=\"3\"><b><span data-contrast=\"none\">What have we shipped?<\/span><\/b><span data-ccp-props=\"{&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The DSC codebase we have been working on is now fully GA as Azure Policy Guest\u00a0Configuration<\/span><span data-contrast=\"auto\">\u00a0<\/span><b><span data-contrast=\"auto\">but this is not the DSC you have known up to this point<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">It is best to think of Azure Policy Guest Configuration as based on the DSC syntax but functionally a new platform.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The intention for this service is to build confidence<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">so application developers\/owners are free to deploy servers when they need them<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">without putting the organization at risk.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">Building this platform on a tool that was designed with operations in mind<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">helps us to look beyond\u00a0<\/span><span data-contrast=\"auto\">the types<\/span><span data-contrast=\"auto\">\u00a0of settings that we thought about in platforms such as Group Policy.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">We can include operational requirements such as making sure all servers have a healthy monitoring agent,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">logging configuration, and the correct certificates in place to function in an enterprise environment.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">DSC has been the basis for other Azure solutions such as the Azure DSC Extension<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and Azure Automation State Configuration,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">that help you to configure virtual machines.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">Azure Policy Guest Configuration currently provides an<\/span><span data-contrast=\"auto\">\u00a0<\/span><i><span data-contrast=\"auto\">audit<\/span><\/i><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">platform<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">to validate settings inside virtual machines.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The full documentation for this service is available at the following short\u00a0url.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/aka.ms\/gcpol\"><span data-contrast=\"none\">https:\/\/aka.ms\/gcpol<\/span><\/a><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">If you would like to continue reading about how this service is technically implemented,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">the two technical write-ups are published to accompany this post.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/azure-policy-guest-configuration-service\/\"><span data-contrast=\"none\">Azure Policy Guest Configuration<\/span><span data-contrast=\"none\">\u00a0\u2013\u00a0<\/span><span data-contrast=\"none\">Service<\/span><\/a><\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/azure-policy-guest-configuration-client\/\"><span data-contrast=\"none\">Azure Policy Guest Configuration &#8211; Client<\/span><\/a><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"none\">High level direction forward<\/span><\/b><span data-ccp-props=\"{&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">For the next semester (the second half of 2019 calendar year)<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">we are focused on iterating upon our first release of this solution,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">introducing the ability for you to use your own content for auditing machines,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and to enable you to also enforce settings inside virtual machines using Azure Policy.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">It is important for many people to understand what the options will be to use DSC in disconnected scenarios going forward.\u00a0 We are considering our options in this area and taking the feedback seriously.\u00a0 I hope to have more to share on this area in the future.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Iterating upon our first release of the solution includes m<\/span><span data-contrast=\"auto\">ultiple areas where we believe we can m<\/span><span data-contrast=\"auto\">ak<\/span><span data-contrast=\"auto\">e<\/span><span data-contrast=\"auto\">\u00a0life easier for customers.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">One of the patterns we have\u00a0<\/span><span data-contrast=\"auto\">observed\u00a0<\/span><span data-contrast=\"auto\">is customers assign<\/span><span data-contrast=\"auto\">ing<\/span><span data-contrast=\"auto\">\u00a0an<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">audit policy\u00a0<\/span><span data-contrast=\"auto\">but forgetting to\u00a0<\/span><span data-contrast=\"auto\">assign the policy\u00a0<\/span><span data-contrast=\"auto\">that<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">handles automatically onboar<\/span><span data-contrast=\"auto\">d<\/span><span data-contrast=\"auto\">ing<\/span><span data-contrast=\"auto\">\u00a0servers.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">\u00a0In the future we believe we can make this\u00a0<\/span><span data-contrast=\"auto\">simpler<\/span><span data-contrast=\"auto\">.\u00a0\u00a0<\/span><span data-contrast=\"auto\">We have\u00a0<\/span><span data-contrast=\"auto\">also\u00a0<\/span><span data-contrast=\"auto\">heard from customers that they would like to have the option to bulk export data<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">about virtual machine compliance so it can be used in other tools,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and t<\/span><span data-contrast=\"auto\">hat t<\/span><span data-contrast=\"auto\">hey would like to use the solution\u00a0<\/span><span data-contrast=\"auto\">t<\/span><span data-contrast=\"auto\">o<\/span><span data-contrast=\"auto\">\u00a0audit servers running o<\/span><span data-contrast=\"auto\">utside of Azure.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">We hope to enable customers to use their own content,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and the tools of their choice,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">when auditing settings inside virtual machines.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">As an example,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">we have heard from Chef customers that they would like to be able to use InSpec<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">to audit Windows Servers.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">As a result, we announced in our session at Chef Conference<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">that we will be co-maintaining a Guest Configuration provider for InSpec<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">as a collaborative open source project that customers can use in\u00a0<\/span><span data-contrast=\"auto\">Azure Policy Guest Configuration<\/span><span data-contrast=\"auto\">.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">More information can be found<\/span><span data-contrast=\"auto\">\u00a0<\/span><a href=\"https:\/\/github.com\/microsoft\/gcInSpec\"><span data-contrast=\"none\">here<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">We are investing in getting the user experience right<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">for developing custom content, cross platform for the developer workstation,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">and having a validation and troubleshooting experience<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">that improves on lessons we learned with DSC.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">We will soon be moving\u00a0<\/span><span data-contrast=\"auto\">into<\/span><span data-contrast=\"auto\">\u00a0a public preview of custom content.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">In the\u00a0<\/span><span data-contrast=\"auto\">meantime<\/span><span data-contrast=\"auto\">,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">you are welcome to give us feedback in our<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">\u201c<\/span><span data-contrast=\"auto\">request for comments<\/span><span data-contrast=\"auto\">\u201d<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">public GitHub repo<\/span><span data-contrast=\"auto\">\u00a0<\/span><a href=\"https:\/\/github.com\/microsoft\/rfc_customguestconfig\"><span data-contrast=\"none\">here<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Finally, we are investigating the right approaches<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">for enforcing settings inside virtual machines using Azure Policy.<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">With this scope in mind,<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">I would like to invite you to respond to a (an anonymous) survey<\/span><span data-contrast=\"auto\">\u00a0<\/span><span data-contrast=\"auto\">to provide feedback on your top requirements.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/forms.office.com\/Pages\/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7gbBEpd0NdDjFoF-FJ2_qpUMVA5OTBWRzBRT0s0SUM2TlFIRFM1QTNDTS4u\"><span data-contrast=\"none\">Survey link<\/span><\/a><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Thank you!<\/span>\n<span data-contrast=\"auto\">Michael Greene<\/span>\n<span data-contrast=\"auto\">Principal Program Manger<\/span>\n<span data-contrast=\"auto\">Microsoft Azure<\/span>\n<a href=\"https:\/\/twitter.com\/migreene\"><span data-contrast=\"none\">@<\/span><span data-contrast=\"none\">migreene<\/span><\/a><span data-ccp-props=\"{&quot;335559738&quot;:180,&quot;335559739&quot;:180}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It has been almost a year since the last\u00a0DSC Planning update.\u00a0There has been a lot going on,\u00a0many decisions being made,\u00a0and it just didn\u2019t make sense to post earlier in this calendar year.\u00a0In this post we will review what has been shipped\u00a0and the\u00a0high-level\u00a0direction we are heading.\u00a0<\/p>\n","protected":false},"author":658,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[142],"class_list":["post-17778","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell","tag-desired-state-configuration"],"acf":[],"blog_post_summary":"<p>It has been almost a year since the last\u00a0DSC Planning update.\u00a0There has been a lot going on,\u00a0many decisions being made,\u00a0and it just didn\u2019t make sense to post earlier in this calendar year.\u00a0In this post we will review what has been shipped\u00a0and the\u00a0high-level\u00a0direction we are heading.\u00a0<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/17778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/658"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=17778"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/17778\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=17778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=17778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=17778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}