DAY 1

DAY 2
Continuous IT Services

5
Continuous Hybrid Consistent
services automation enterprise
Speed
 Continuous services

With OMS:
You can take immediate action to
rectify errors by triggering scripts on
demand in the cloud or in your local
datacenter.

You can enable responsive IT

services and deliver continuous
Issue: application availability across your IT
Resolving infrastructure and application issues environment, with improved SLA.
can be time-consuming and can impact SLA.

Speed Choice Control

 Capabilities for responsive IT services

Automated Orchestrated Integrated

remediation recovery solutions

• Ready-made runbooks • Repeatable plans • Multi-platform support

• Anywhere triggers • Order sequencing • Community gallery
• Native webhooks • Customizable checkpoints • Partner ecosystem

Speed Choice Control

Organizations with
automated monitoring
and management
solutions have a 50
percent reduction in
the time administrators Automated remediation
spend on day-to-day
operations.
Rectify errors with Trigger runbook in Take action in response
*Source: EMA Research Report: Data Center
Automation in the Age of Cloud,” July 2013
ready-made runbooks the cloud or locally in to log search query or
or native webhooks. the datacenter. any alerts.

Speed Choice Control

 Orchestrated recovery
*Source: IDC: The Growth Opportunity for |
SMB Cloud and Hybrid Business Continuity,
by Raymond Boggs, Christopher Chute &
Laura DuBois; April 2015 Automate multi-site Create groups and Customize plans with
recovery with sequence the order of prompts for manual
repeatable runbooks. multi-tier app recovery. actions and scripts.

Speed Choice Control

 Integrated solutions

Re-use or customize Import third-party Integrate natively with

runbooks for modules from partner solutions,
*Source: EMA Research Report: Data Center
Automation in the Age of Cloud,” July 2013 multiple platforms. PowerShell gallery. increasing time to value.

Speed Choice Control

Community Gallery
• Remediation runbooks
• Recovery plans
• Integration modules

Speed Choice Control

Hybrid IT Automation

13
Continuous Hybrid Consistent
services automation enterprise
Choice
 Hybrid IT automation

With OMS:
Issue:
Managing the IT lifecycle activities in today’s
IT environment across platforms and clouds
can be challenging and chaotic.
You can simplify provisioning,
deployment, monitoring, and
protection and also manage change—
no matter what type of IT resources
you have or where they are located—
by adopting proactive automation.
You can enable efficient IT operations
and deliver flexible automation across
your heterogeneous IT environment.

Speed Choice Control

 Capabilities for flexible IT operations

Management tools Multiple options Hybrid support

• Central repository • Graphical runbooks • Cross-platform

• Source control • PowerShell scripts • Migration toolkit
• Operator role • Workflows • Hybrid worker

Speed Choice Control

 Management tools

Maintain and access Treat automations Provide just enough

automation assets in a as code with source access with role-based
Toon Dillen
Innovation Manager central repository. control integrations. access control.
Aurelium, Inc.
(an OMS customer)

Speed Choice Control

 Multiple options

Author runbooks with Re-use your existing Edit runbooks easily in

intuitive graphical PowerShell scripts with portal with intellisense
programming model. native support in OMS. and color coding.
Use cloud-based Leverage PowerShell ISE Get help to access
graphical editor. add-on. related resources.

Speed Choice Control

 Hybrid support

Automate across Migrate Orchestrator Designate on-premises

platforms on-premises runbooks to OMS and server(s) to connect with
or in any cloud. integrate on-premises. OMS via the Internet.

Speed Choice Control

Graphical authoring
• Graphical runbooks
• Intuitive editor in web portal
• Drag-and-drop controls

Speed Choice Control

Consistent Enterprise Control

21
Continuous Hybrid Consistent
services automation enterprise
Control
 Consistent enterprise

With OMS:
You can manage the state of your IT
resources by automatically applying,
monitoring, and updating
configurations.

You can enable compliant IT resources

Issue: and manage change across your IT
environment with ease.
Deploying infrastructure and application resources
with the required configurations and maintaining
their state can be tedious and error prone.

Speed Choice Control

 Capabilities for compliant IT resources

Configuration Intelligent Change

management patching monitoring

• Highly available • Cross-platform • Universal tracker

• Granular reporting • Application-aware • Dashboard view
• Automatic update • Group orchestration • Compliance reporting

Speed Choice Control

 Configuration management

Apply configurations Monitor status of the Resolve configuration

using highly available nodes with granular drifts with automated
pull service. reporting. update.

Speed Choice Control

 Intelligent patching

Manage updates across Be in the know, with Group and sequence

Microsoft enterprise Windows and Linux, with application dependencies updates with
customer feedback insights, including across servers. orchestrated runbooks.
estimated duration.

Speed Choice Control

 Change monitoring

Keep tab on changes Troubleshoot issues Enable compliance

Visible Ops Handbook across your IT quickly by using the reporting of most of
The IT Process Institute environment with change context. the changes in IT.
dashboard view.

Speed Choice Control

Intelligent patching
• Cross-platform support
• Application-aware patching
• Grouping and orchestration

Speed Choice Control

Concepts

29
 Any cloud

Configuration
and automation

Any platform
 Speed with
choice and control
Automation and control technologies
Azure Automation
Key concepts include:
• Automation Account • Hybrid Worker Groups
• Run As Accounts • Desired State
• Runbooks Configuration
• Jobs • DSC Configurations

• Assets • DSC Nodes

Components of Azure Automation
• Automation Account – a container
− A container for your automation resources

Automation Account
Components of Azure Automation
• Automation Account – an isolation boundary
Automation Account

Automation Account Logically separate

resources
Automation Account

Development

Test

Production
Components of Azure Automation
• Azure Automation authentication
− Azure AD Org ID credential-based authentication
• When creating an Azure Automation account the
following are created:
− Run As account
• New service principle in Azure AD
• Certificate
• Contributor access granted at the subscription level
− Classic Run As account
• Uses a management certificate to authenticate when managing classic
resources
Components of Azure Automation
• Jobs
− A single execution instance of a runbook
− Jobs are executed by Azure Automation workers
• Assets
− the various resources that are globally available to
be used in or associated with a runbook. Includes:
• Schedules • Variables
• Connections • Certificates
• Modules • Credentials
Components of Azure Automation
• Hybrid Worker Groups
− On-premises machines designated to run runbooks
from Azure Automation
− Workers have the Microsoft Management Agent
installed
− Connectivity to OMS Pull
workspace is maintained for
monitoring
− Onsite worker initiates
communication with Azure
Automation to download
runbooks
Components of Azure Automation
• Desired State Configuration
− Builds on PowerShell DSC
− DSC Nodes exclusively ‘pull’ configurations from
Azure Automation DSC Pull Server
• No inbound firewall changes required
− Manage the configuration of Windows and Linux
• On-premises
• Physical and VM
• In Azure
• In AWS
Using Azure Automation

40
The Right Tool for the Job
When should use Azure Automation Runbooks and when
should you use Azure Automation DSC?
• Runbooks:
− When automating fabric-level operations
• Example: starting/stopping VMs based on a schedule

• DSC Configurations
− When managing configurations within the operating system of a
physical or virtual (on-premises or IaaS)
• Example: configuring a new IaaS VM as a standard web server

There is some overlap…use what you are familiar with

Example Use Cases
Task to accomplish
I want to automate the starting and stopping of Azure IaaS VMs?
I need to automatically scale (up or down) my Azure SQL Database based
on performance metrics?
I want to make copies of my Azure IaaS VM disks and place them in a
remote storage account?
I want to make sure my application servers are configured identically and
automatically?
I want to make sure the standard configuration of my servers does not
drift?
I know VM Scale Sets deploys identical VMs, but how do I ensure they
stay identical?
I use OMS Log Analytics to monitor my on premises and cloud servers.
How can I automate installing the MMA agent and ensure it is running?

Possibilities are limited only by your imagination

Example Use Cases
Task to accomplish Solution
I want to automate the starting and stopping of Azure IaaS VMs? Azure Automation
I need to automatically scale (up or down) my Azure SQL Database based Azure Automation
on performance metrics?
I want to make copies of my Azure IaaS VM disks and place them in a Azure Automation
remote storage account?
I want to make sure my application servers are configured identically and Azure Automation
automatically? DSC
I want to make sure the standard configuration of my servers does not Azure Automation
drift? DSC
I know VM Scale Sets deploys identical VMs, but how do I ensure they Azure Automation
stay identical? DSC
I use OMS Log Analytics to monitor my on premises and cloud servers. Azure Automation
How can I automate installing the MMA agent and ensure it is running? DSC

Possibilities are limited only by your imagination

Runbook Creation
Runbook Creation (cont.)
How to Invoke a Runbook
• Manual start

• Start according to schedule

• Start by using a webhook

Using DSC
1. Author a PowerShell DSC Configuration and import into
Automation DSC
2. Import required PowerShell modules into Automation
DSC
3. Compile the configuration
4. Assign the configuration to machines (DSC Nodes)
Author a DSC Configuration
• Example: Enabling OMS Log Analytics monitoring by
installing (if needed) the MMA agent and ensuring that it
is running.
• Prerequisite: Existing OMS Log Analytics workspace
DSC Configuration Example
Configuration MMAAgentConfig {

# TODO: add your OMS workspace onboarding values here

$OmsWorkspaceId = "YOUR WORKSPACE ID"
$OmsWorkspaceKey = "YOUR WORKSPACE KEY"

$OIPackageLocalPath = "C:\MMASetup-AMD64.exe"
Import-DscResource -ModuleName xPSDesiredStateConfiguration

Node OMSServer {

#Service state
Service OIService {
Name = "HealthService" Service
State = "Running"
DependsOn = "[Package]OI" Resource
}

xRemoteFile OIPackage {
Uri = "https://opsinsight.blob.core.windows.net/publicfiles/MMASetup-AMD64.exe"
xRemoteFile
DestinationPath = $OIPackageLocalPath Resource
}

#Application
Package OI {
Ensure = "Present"
Path = $OIPackageLocalPath
Name = "Microsoft Monitoring Agent"
ProductId = "C318816D-D471-4F18-999A-7662DB906BC0"
Arguments = '/C:"setup.exe /qn ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=' + $OmsWorkspaceId + '
Package
OPINSIGHTS_WORKSPACE_KEY=' + $OmsWorkspaceKey + ' AcceptEndUserLicenseAgreement=1"' Resource
DependsOn = "[xRemoteFile]OIPackage"
}
}
}
Import the configuration
Import required PS Modules
• This example requires the xPSDesiredStateConfiguration
module
• Navigate to
https://www.powershellgallery.com/packages/xPSDesired
StateConfiguration
• Click Deploy to Azure Automation
Import required PS Modules (cont.)
• Choose your Automation Account and click OK on the
Import blade.
Compile the configuration
• On the configuration blade click Compile
• Note the confirmation and click Yes

• Monitor the compilation job until is completes

successfully.
Apply the configuration
• Get the name of the configuration
Apply the configuration (cont.)
• Add the DSC Nodes
 Leap ahead with
proactive automation