Cloud Infrastructure – Operations Management Suite – Azure Automation

In previous posts I described some basic characteristics of the OMS Suite as well as some specific features of the Log Analytics solution. In this post, we will delve into the IT Automation component.

image001

Azure Automation

In 2009 Microsoft acquired Opalis as the first foray into automation as a product. Their orchestration product was rebranded as Orchestrator and added to the System Center Suite. Later the Service Management Automation feature gave PowerShell Worflow capabilities to IT Professionals and was the basis for automation inside the Windows Azure Pack.

In 2013, Microsoft attempted to provide automation capabilities in Azure with the same interface as the SMA solution. It was possible to use PowerShell V4 workflows to run scripts that reached out to Azure subscriptions, virtual machines, websites and other Azure resources. A gallery of scripts was also provided. This gallery now numbers over 200 scripts!

In 2015 Microsoft consolidated and released a new automation interface inside the Azure Portal (http://portal.azure.com). This interface comes with some important advancements:

  • Graphical Authoring – to the professional who uses PowerShell daily, the graphical authoring feature seems to be an overhead to the lightweight PS scripts, but to the beginner, the ability to connect the dots and access parameters and flows in a graphical manner may reduce the resistance to create the workflows in the first place.
  • DSC – Azure Automation DSC allows you to author and manage PowerShell Desired State Configurations, import DSC Resources, and generate DSC Node Configurations (MOF documents) in the cloud. These items will be hosted in Azure (as a pull server) and can be reached by the target nodes, get applied and these nodes report back to Azure.
  • Hybrid Workers – tightly integrated with the Log Analytics solution, you can leverage any computer that has the OMS client to become a local worker for your automation workflows.
  • Integration with Azure Site Recovery and Log Analytics – I have not covered Azure Site Recovery in these articles yet, but some failover scenarios will require complex steps to properly move applications to Azure. Automation will help with the orchestration of necessary steps to guarantee the proper operation of the applications. Additionally, automation runbooks may be called by the Log Analytics alerting feature to remediate certain situations.
  • Pure PowerShell support – Until late 2015, only PowerShell V4.0 Workflows were supported as automation runbooks. While PowerShell workflow is not significantly different from regular PowerShell scripting, there is a small learning curve and different handling. Currently, regular PowerShell is supported.

Creating Automation Runbooks

The automation features are available in both old and new Azure portals. However, not all features are available in the old portal. For this post, I will show only the features in the new portal.

It all starts with Automation accounts. Each automation account contains multiple resources, like Runbooks, Assets, DSC Configurations and nodes, Hybrid workers, etc.

image002

The runbooks are the stars of the show. The new portal allows for multiple types of runbooks. You can now create a ‘normal’ runbook, referring back to PS 4.0 workflows. You can also create a graphical runbook. More recently, the capability of creating PowerShell (not workflow) runbooks has been added.

image004

Once you create a new PowerShell runbook, the experience is similar to editing locally.

image005

Note that you have access to CmdLets and previously created runbooks. You also have access to the assets you made available before, like credentials, variables, connections and certificates.

image007

When assets like credentials are added, the full command to retrieve the contents will be added. That is helpful for the IT Pro writing his daily automation tasks.

There is also a testing pane, where you can select whether you want to run the script in Azure or against a local hybrid worker.

image009

When editing a graphical runbook, the visual experience helps add parameters and control the flow of your runbooks. There are some limitations though, like not supporting Cycles or Loops.

image011

You can check a detailed description of how graphical authoring works here in this great post by Brian Wrenn (@MPAuthor).

Feels like Home

You can work with Azure Automation runbooks from the convenience of a laptop. This project in GitHub allows for azure automation runbooks, with an ISE Add-on.

Screenshot - 2_4_2016 , 10_11_56 AM

You can easily synchronize the runbooks, use variables from Azure and run local tests before you publish your runbooks.

Runbook Gallery

Azure Automation provides a gallery with very handy assortment of runbooks, in a self-service fashion.

image013

For example, you can quickly add Runbook to your account that will stop all Azure VMs, so you don’t have compute costs when you aren’t using the resources. That is in fact one of the most common uses of Azure Automation so far and it’s how I manage my subscription for lab infrastructure in Azure. All you do is add a Schedule Asset and you have a daily task that will shutdown your VMs at night. A step by step guide can be found here (it uses the old Azure portal, but the concept is the same).

Real World Scenarios

Recently a customer asked us to create a mechanism to allow them to stop and start jobs (scheduler and SQL jobs) as well as set computers or objects in maintenance mode when a task was scheduled. The first option that came to mind was System Center Orchestrator. I tested the mechanism (a PowerShell script) with a hybrid scenario by replacing the Orchestrator server in my lab. I could reuse the same scripts when working with the local worker, with the advantage of not having to install SQL Server and Orchestrator. The basic challenges were the same and related mostly to authentication and authorization of remote execution of procedures. You can read more details here.

Conclusion

The previous example makes pretty clear that heavy on-premises automation infrastructure may be replaced, partially or totally, by cloud based servers, with on-premises agents. That allows for more controllable and accountable experiences for IT Pros, who will be able to focus more on the real business of creating complex local infrastructure.

There is some adaptation required and that is when the hybrid concept is leveraged. Microsoft has made it possible for automation solutions to interact with both on-premises and cloud infrastructure. That is  key in the transition of infrastructures to the cloud.