BACKGROUND IMAGE: stock.adobe.com
Automation scripts and runbooks are mainstays of the system administrator's toolbox. And moving to cloud infrastructure -- where admins can instantiate, move and scale virtual resources in seconds -- only underscores the importance of a consistent, reproducible management process.
For Windows admins, PowerShell has long been the preferred scripting tool. And today, PowerShell serves as the backbone for the Microsoft Azure Automation service.
Although Azure Automation was initially designed around PowerShell workflows -- a sequence of steps, also known as runbooks, that can execute tasks and commands -- it now also supports declarative patterns. These patterns describe a system or service configuration called Desired State Configuration (DSC), which was first introduced with PowerShell.
These two automation techniques offer different ways to achieve the same goal. Runbooks are like providing turn-by-turn navigational directions to get from point A to point B, while DSC gives GPS mapping software a destination and lets it compute the optimal path to get there.
Here are some considerations for choosing between the two.
Runbooks in the Microsoft Azure Automation service work just like they do in Windows Server; admins can use PowerShell to control any service with an API. Furthermore, any application that includes a PowerShell module implementing a cmdlet can be controlled via an Azure Automation workflow. Although Automation runbooks are designed to manage Azure services, they can also control resources in private data centers with a feature called Hybrid Runbook Workers.
Admins can either create workflows from scratch or tweak those available in the Runbook Gallery. They can also develop custom runbooks in PowerShell code with a text editor or use a graphical UI on the Azure portal. The portal also has an Automation dashboard that shows job activity and error conditions, resource usage and log details for individual jobs.
Recommendations and comparisons
Automation is key to improve admin efficiency, as well as Azure consistency, reliability and security. Here are some recommendations for more effectively managing Azure via automation:
- For organizations standardizing on a single public cloud, Azure Automation should be the default home for system administration scripts, as it's tightly integrated with the Azure service portfolio and supports the scripting environment most Windows admins already use.
- Windows shops already familiar with PowerShell should use it to build Automation runbooks. However, they should also experiment with DSC for some activities, such as keeping VM configurations and patch levels in sync. The risk with this approach is vendor lock-in. Although both Amazon Web Services and Google Cloud Platform support PowerShell, the scripts themselves won't necessarily be reusable. Try and keep code as portable as possible by parameterizing, not hard-coding, Azure-specific API calls or encapsulating Azure-specific code in modules, not the script itself.
- Linux shops will benefit from learning PowerShell for automation, but can start with the CLI, which works in any shell environment.
- Multicloud organizations should investigate third-party configuration management software that works across public and private environments. Also, because automation tools play a role in continuous integration and deployment, consult with developers and DevOps teams before making a decision.
DSC describes the required configuration for an Azure node. It's particularly useful when an organization runs clusters in which multiple nodes share the same configuration, such as load-balanced web frontends or VDI servers. DSC requires a Pull Server that stores configurations and sends them to the Local Configuration Manager (LCM) engine on each managed node. The LCM parses the configuration, compares it to the existing state and executes any required changes using Windows Management Instrumentation.
As with runbooks, DSC is a PowerShell script that uses configuration blocks, which admins can use to build custom DSC resources. Microsoft also provides 12 built-in DSC resources, including functions to archive files, write to the event log or manage registry keys.
Whether using runbooks or DSC, Microsoft Azure Automation is useful for a variety of cloud admin tasks, such as creating and cloning VMs across Azure subscriptions or regions, or configuring and modifying security policies across all machines in a subscription.
Azure Automation alternatives
Admins can also script Azure using PowerShell or a command-line interface (CLI) from any PC, with the same runbook capabilities listed above. Since PowerShell is now open source, you don't need Windows to use it; there are install packages available for OS X, Ubuntu and CentOS.
Microsoft also offers a CLI and open source shell commands for Azure that are available on Windows, Mac OS X and Linux. The CLI can work with either Azure Resource Manager or the classic Azure management portal.
Admins can also use third-party DevOps software, such as Chef, Puppet, Ansible and Salt, to automate Azure resources and manage system installation, configuration, updates, security patches and more. Chef has integrated its software with Azure to simplify the deployment of preconfigured Chef servers from the Azure Marketplace.
Get started with Azure Resource Manager
Eliminate repetitive tasks with Powershell scripts
Get to know the top innovations in Windows Server 2016