Deploy new Azure RM template

To create new Azure RM template you open up Visual Studio -> File -> New -> Project ->

Under Visual C# select Cloud and select Azure Resource Group.

Azure5

Select pre-built template

Azure6

Now you have a script and .json file.

Azure7

Json file describes template and .ps1 script deploys it to resource group.
The problem is that cmdlets in .PS1 file are outdated.

http://blogs.msdn.com/b/powershell/archive/2015/07/20/introducing-azure-resource-manager-cmdlets-for-azure-powershell-dsc-extension.aspx
https://github.com/Azure/azure-powershell/wiki/Deprecation-of-Switch-AzureMode-in-Azure-PowerShell

So if you are like me and regularly update your modules, then you have to explore AzureRM module. Well. To be honest there is more than one.
https://www.powershellgallery.com/packages?q=azurerm

Install AzureRM.Storage cmdlets and change script:

Comment out any Switch-AzureMode
Replace last command with


Login-AzureRmAccount
New-AzureRmResourceGroup -Name $ResourceGroupName -Location $ResourceGroupLocation
New-AzureRmResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile $TemplateFile -TemplateParameterFile $TemplateParametersFile -Force -Verbose

Now basic deploy will work.

To deploy template to Azure

Right click soluiton in VS and select Deploy -> New Deployment
Enter your subscription details and other parameters, click Edit Parameters

Azure8 Azure9

That is it. just wait for it to deploy and you have a template deployed to Azure.

Have fun automating 😉

 

 

Advertisements

DSC Pull Server in Azure

I was working on a DSC pull server v2 for the last couple of months. I heard about all the great new bells and whistles it brings and I was eager to test them. I was also working on a web interface such as Mark Gray showcased on PowerShell Summit Europe 2015 in Stockholm. Here is the video for his session: https://www.youtube.com/watch?v=y3-_XBQTpS8&index=33&list=PLfeA8kIs7CodimM6hjMqE13xHTPQUB8Pf

So I was working on an interface for pull server to upload DSC configs, assign them to servers and to monitor the deployment. then a couple of days back, I saw this video up on Channel 9, where they were talking about Azure automation, https://channel9.msdn.com/Blogs/Regular-IT-Guy/Automate-everywhere-with-the-new-Azure-Automation-in-OMS–with-special-guest-Jeffrey-Snover. Really a great video, except for that guy that keep on interrupting. 🙂 Just kidding Jeffrey 😉

There I saw that Azure now has DSC pull server option that can also manage on-prem servers. I just had to try it out!

So let’s open our Azure portal, https://portal.azure.com/ and then click through

  1. New Automation Account
  2. Dsc Configurations
  3. Add a configuration
  4. Compile configuration

You have to create a new automation account, then click on DSC Configurations Upload a configuration file and compile it. I created a simple test config, that just installs XPS Viewer. (Sorry for lack of indentation…it keeps disappearing :/)

XPSTest - Microsoft Azure
configuration XPSTest
{
node test
{
WindowsFeature XPS
{
Ensure = 'Present'
Name = 'XPS-Viewer'
}
}
}

Azure1

Now that we have config uploaded and compiled we have to apply it to a node.

If you want to manage Azure VMs.

  1. Make sure you user Virtual machines with new “Resource mode”
  2. Click on Automation Accout you just created
  3. Click on DSC Nodes
  4. Add Azure VM
  5. Select virtual machines to onboard
  6. Click OK
  7. Configure registration data
  8. Click OK
  9. And click Create

Azure3

There is one catch though. You can only manage “new” Azure VMs, created in Resource Mode, not “classic” VMs. Read here for explanation of differences: https://azure.microsoft.com/en-us/documentation/articles/resource-manager-deployment-model/.

Azure2

If you want to configure on prem machine you can select Add on-prem VM in step 4. you will find some instructions on how to do that, but cmdlets you have there are out of date!

http://blogs.msdn.com/b/powershell/archive/2015/07/20/introducing-azure-resource-manager-cmdlets-for-azure-powershell-dsc-extension.aspx

https://github.com/Azure/azure-powershell/wiki/Deprecation-of-Switch-AzureMode-in-Azure-PowerShell

Azure4

These instructions are out of date!

So if you are like me and regularly update your modules, then you have to explore AzureRM module. Well. To be honest there is more than one.

https://www.powershellgallery.com/packages?q=azurerm

For onboarding on-prem VM to Azure DSC pull server, you will need AzureRM.Automation.

Login-AzureRmAccount
Get-AzureRmAutomationDscOnboardingMetaconfig -ResourceGroupName 'RG name' -AutomationAccountName 'Automation Acc Name' -ComputerName 'Computer Name' -OutputFolder 'Folder for MOF files'

Apply mof to server

Set-DscLocalConfigurationManager -Path .\DscMetaConfigs\ -ComputerName DSCJBK2-T

Now you can see both types of machines in your Azure automation account. You can also change which configuration they should pick up, and see the history, basically all I was about to do on my own, I just found out can be done in Azure. 🙂

Happy automating 🙂

 

Deploying Operating systems with MDT, SCCM, Orchestrator and SCSM – part 7

I intend this to be a series of blog posts about my experience in implementing end to end OSD solution. I will be writing about my lab implementation, as production version has much unneeded clutter that would just confuse the whole blog post.

I thought this blog series would be split in following posts:

  1. Intro
  2. Lab setup
  3. MDT
  4. SCCM
  5. Intel AMT
  6. Orchestrator
  7. SCSM
  8. Bringing it all together
  9. Recap

OK, it is now time to deploy our self-service portal. I will be using SCSM for this, as it was the only thing available to me at the time. 🙂 In the mean time, that is since I started to write this blog post, I have come across other solutions that are better suited, at least in my opinion, if you just need the self-service portal. Using SCSM for just this functionality is, again in my opinion, moronic. 🙂 It is such a big product, that it makes no sense what so ever to use it for just this one bit. But if you have it in your datacenter already, then it might make more sense…

To present one possible alternative that, in my opinion, is better suited is ZervicePoint by Enfo Zipper: http://zervicepoint.com/

I had a chance to meet some of them in Stockholm and they are really great. I have also tested the solution in our datacenter and I have to say it is great! I cannot recommend it enough.

OK. With that out of the way 🙂 let’s dig into SCSM. I will not go in depth on how to install it, there are many guides online, like this one for minimum config: https://technet.microsoft.com/en-us/library/hh914211.aspx

But I would like to point out a few things I found out while deploying. For example, you cannot use special characters in SCSM service accounts passwords. You cannot use .$V^]@\u)D.x@on?”7IM for a password, which is a randomly generated string I wanted to use for a password for SCSM services account. It was too complex… 🙂

Another thing would be if you decide to install Self Service portal on a separate server and you want to use SCOM, make sure you install SCOM agent before you install SCSM, and leave it installed! This only applies to self service portal on a separate server. For all other roles you must uninstall SCOM agent, but for this role you must leave it installed. If you do not, then you do not have all SCOM bits you need and it does not work, and you cannot install SCOM agent, because installer detects that SCSM is installed and it will refuse to continue. There is a registry hack workaround, but I recommend planning ahead. 🙂

Link for self-service portal installation: http://www.server-log.com/blog/2011/12/29/scsm-2012how-to-install-the-self-service-portal.html

 

Now that we have SCSM and it’s self-service portal installed, we need to configure connectors so it can find computers, users, runbooks, … OK for what we will do, just runbooks will do. So let’s create an Orchestrator connector. In SCSM console:

  1. Go to Administration -> Connectors
  2. On right hand side click Create connector
  3. Select Orchestrator connector
  4. Give it a name
  5. Write in the URL for Web service
  6. Create account that has permissions on Orchestrator server (It needs read and execute permissions on runbooks)
  7. Select sync folder (Which runbooks will be available to SCSM)
  8. Write in the URL for Web console

scsm1scsm2

Now we have connector created, we need to wait for a while for it to sync the runbooks. After you see it complete you can check your notebooks in Library workspace -> Runbooks. I have noted that if you rename a runbook, it will not appear in SCSM as expected. In this case it is best to remove it from SCSM manually and sync Orchestrator connector again.

scsm3

Now that we have our runbooks available we need to name them available via self-service portal. now since SCSM is closely following MOF, which is following ITIL we have to get a few thins straight. 🙂 We will be creating a Service Offering in our Service Catalog in which we will make our Request Offering available.

Let’s break this down. service catalog is a list of all available services. Each service can have a Request Offering, which is something we offer to our end users. In my environment I designed is as such. Our Service is Computer management, where users/admins/HD technicians can request application deploy, OSD, … This would be our Service Offering in SCSM and each of possible tasks users can do is a Request Offering.

You can find your service catalog just beneath your runbooks in Library workspace.

Let’s create there a new Service Offering. It is a straight forward process,  just make sure you select a custom Management Pack, as is the best practice for SCSM.

Now we will not create a Request offering just yet. First we need to create a few templates. Templates will enable us to create reusable working items. In Library workspace you can find Templates on the bottom of the list on the right side.

Create a new template and select Runbook Automation Activity. Please use sth like RAA in the name, so you can differentiate different kind of templates easily. I had to learn it the hard way 🙂 Also, use custom management pack you created earlier, or a completely new one. Click on Runbook tab and select the runbook for creating New Computer. Mappings should already be configured to text fields.scsm4

Now save and create another template. This time select Service Request template. Again, name it appropriately and select your management pack! 🙂 Click on activities tab and click on the little + in top right corner. Now select your Runbook Automation Activity you created in previous step.

scsm5.PNG

Now we are ready to create a Request Offering. Under Request Offerings click on Create Request Offering, give it a meaning full Title and select template. Select  Service Templates and select the one you just created. Select appropriate Management pack. Now you will have to create and configure appropriate User Prompts and map them. Now this is completely dependent on how you create your runbook in Orchestrator, mine look like this.

scsm6.PNG

Now that you have configured all this, you just need to publish it and assign it to a Service Offering you create in the first step. once this is is done, you can see it on your self-service portal.

scsm7scsm8

This is it for this blog series. It has been a looong time since I started. I hope some of you will find this useful. 🙂