Azure Automation : Desired State Configuration (DSC)

PowerShell is a task-orientated shell and scripting solution for Windows system administrators. But PowerShell DSC extends on that idea and provides a declarative syntax that enables people who don’t know anything about the particular IT resources they want to deploy to configure and maintain a particular state for that IT resource, even if they don’t know how to achieve that goal from a technical point of view.

PowerShell allows us to provide a configuration for each server, and ensure that every time the server is deployed, it gets deployed in exactly the same way with the same configuration, and that configuration is maintained for the lifetime of the device.

PowerShell DSC Deployment Models

• Push Model : basically this pushes or sends a configuration file either to the local device or to a remote target, and the configuration is deployed by the Local Configuration Manager on that server immediately.

Push Model

• Pull Model : The pull model is the most commonly-used model and the model that Azure Automation DSC uses. An advantage of the pull model is that the Local Configuration Manager every few minutes will check in to the pull server to make sure that no updated configuration has been made available. Of course if it finds an updated configuration, then that is downloaded to the machine and applied as required.

Azure Automation DSC

Azure Automation DSC is built on PowerShell DSC, and provides a means of configuring cloud or on-premise Windows and Linux VMs with a known configuration. Advantages of Azure Automation DSC over PowerShell DSC:

• Easier to configure
• Integration with existing PowerShell Systems
• Flexibility
• The pull server provided by Azure Automation DSC can be used to store all DSC configurations and resources.
• Reporting allows you to keep track of the compliant state.

DSC Terminology:

• Node : A DSC node is any server that is configured using DSC.
• Resource : Building blocks containing knowledge about how to deploy resources step-by-step.
• A DSC configuration is the configuration file that contains PowerShell DSC code in declarative syntax.
• Compilation Job : Generate one or more node configurations from DSC configuration file.

Azure Automation DSC Lifecycle. (Image Credit : MicroSoft)

Azure Automation

Azure Automation is a feature of Azure that allows you to automate repetitive administrative tasks using PowerShell Workflows or PowerShell Desired State Configuration. Azure Automation can help organisations reduce administrative costs, schedule tasks, and provide a more reliable infrastructure using PowerShell DSC as a service, and reporting services make it easier to keep check on server configuration.

Creating DSC Configuration file:

Before we create a DSC configuration file, an Azure Automation Account must be created on Azure with Portal. Let’s see one of the example of DSC Configuration file:

This DSC Configuration file can be uploaded to DSC configuration blade on Automation Account and once complied, automatically DSC Node configuration is created by Complication Node.

Azure Automation Assets

Assets are resources that are globally available for use in runbooks and can also be called from DSC configurations. They help administrators to solve various challenges when it comes to passing information between systems when using automated procedures.

DSC Resources

A DSC resource is set of PowerShell script functions that can be used by the Local Configuration Manager to configure a server.

DSC Reporting

The Azure management DSC reporting server collects log files sent by the Local Configuration Manager on each DSC node and compiles reports detailing the compliant status of the nodes along with other useful information about the configuration status. Reports can be viewed from the Azure management portal or using PowerShell. To get DSC Node report with PowerShell :

$Node = Get-AzureRmAutomationDscNode -ResourceGroupName “ResourceGroup03” -AutomationAccountName “Contoso17” -Name “Computer14”
Get-AzureRmAutomationDscNodeReport -ResourceGroupName “ResourceGroup03” -AutomationAccountName “Contoso17” -NodeId $Node.Id -Id c0a1718e-d8be-4fa3–91b6–82e1d3a36298

And to Exports the raw content of a DSC report sent from a DSC node to Automation use cmdlet : Export-AzureRmAutomationDscNodeReportContent