Azure Automation State Configuration

In this lesson, we explore Azure Automation Desired State Configuration (DSC)—a robust Azure service designed to automate and manage system configurations across both Azure and on-premises environments. By leveraging specialized PowerShell scripts, DSC verifies current settings, deploys updates, and enforces new configurations to ensure system compliance.

Azure Automation DSC delivers three primary functions:

1. It verifies the current system setup.
2. It updates configurations as needed.
3. It deploys new configurations across multiple systems concurrently.

This level of automation not only saves time but also reduces the risk of human error compared to manual configuration methods.

Key Features

Azure Automation DSC offers significant benefits that include:

Managing Multiple Virtual Machines

Consider a scenario where you need to ensure that specific software is installed and configured across multiple Windows virtual machines (VMs). By combining Azure Automation DSC with Azure Virtual Machines, you can seamlessly manage and monitor configurations across your entire environment.

Step 1: Create an Automation Account

Begin by creating an Automation Account in Azure, which acts as your central control hub for managing configurations and running automated tasks.

Step 2: Connect Virtual Machines

After creating your automation account, the next step is to connect your VMs. This process integrates your existing Azure VMs with the automation account, allowing DSC to manage settings and enforce periodic configuration checks. You can customize the frequency of these checks and updates to suit your operational needs.

Once you confirm the settings, Azure proceeds to connect your VM to the automation account.

After a successful connection, your VM appears in the DSC dashboard’s status section, displaying its compliance state.

Adding and Applying a New Configuration

Now that your VM is connected, you can add a new configuration. You have the option to write your own DSC script or utilize one from the gallery. In this example, we will use a script that sets up a daily task on the VM. This task runs a PowerShell process every day at midnight and repeats every 15 minutes for an 8-hour period.

Importing and Compiling the Configuration

Once the configuration is imported into your automation account, compile it to verify for errors and prepare it for deployment. Below is an example DSC configuration script:

Node localhost
{
    ScheduledTask ScheduledTaskDailyAdd
    {
        TaskName         = 'Test task Daily'
        TaskPath         = 'MyTasks'
        ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
        ScheduleType     = 'Daily'
        DaysInterval     = 1
        RepeatInterval   = '00:15:00'
    }
}

After compiling, note that your previously compliant VM will temporarily register as non-compliant because the new configuration has not yet been applied.

Applying the Configuration to Your VM

To deploy the new configuration:

1. Open the VM's page within your automation account.
2. Select "Assign Node Configuration."
3. Choose the desired configuration and confirm your selection.

Following this assignment, the VM will initially be marked as non-compliant while it applies the new settings. Once the configuration process completes successfully, the VM’s status will update to compliant. This demonstrates how Azure Automation DSC helps maintain consistency and enforces the desired configuration across your infrastructure.

Through this lesson, you have learned how to effectively utilize Azure Automation DSC to manage multiple virtual machines, reducing configuration drift and automating system updates to maintain optimal performance and compliance.