Beta

AZ-400: Designing and Implementing Microsoft DevOps Solutions

Design and Implement Infrastructure as Code IaC

Design and implement desired state configuration for environments

In this article, we explore how to design and implement Desired State Configuration (DSC) to establish and maintain stable, reliable IT environments. DSC offers a blueprint that ensures your systems remain configured as intended by automatically correcting any deviations from the desired state. This approach not only guarantees consistency but also minimizes the risk of configuration drift.

Azure provides a suite of tools to implement DSC effectively, including Azure Automation DSC, Azure Resource Manager, Bicep, and Azure Automanage Machine Configuration. Each tool addresses specific aspects of system management, allowing you to choose the best solution for your environment's needs.

The image lists tools for designing and implementing Desired State Configuration (DSC) for environments, including Azure Automation State Configuration, Azure Resource Manager, Bicep, and Azure Automanage Machine Configuration.

Understanding Desired State Configuration

Desired State Configuration (DSC) is a powerful method that ensures your IT systems are configured exactly according to your specifications. It serves two primary purposes:

  1. Maintaining infrastructure consistency by applying a predetermined configuration.
  2. Automatically correcting configuration drift by reapplying the desired state when deviations occur.

The image is an introduction to Desired State Configuration, highlighting two points: ensuring infrastructure consistency and automating correction of configuration drift.

Example: Configuring a Web Server Using PowerShell DSC

Below is a detailed example of using PowerShell DSC to configure a simple web server on Windows Server with the IIS role. This configuration script ensures that the IIS role is installed and that the default website is present and intentionally set in a stopped state.

Configuration WebServerSetup {
    # Import the module that contains the DSC resources.
    Import-DscResource -ModuleName PSDesiredStateConfiguration

    # The Node block specifies the target machine for this configuration.
    Node "localhost" {
        # Ensure the IIS role is installed.
        WindowsFeature IIS {
            Ensure = "Present"   # Can be "Present" or "Absent"
            Name   = "Web-Server"  # The name of the feature to install or uninstall
        }

        # Ensure that the default website is present in IIS and is stopped.
        xWebsite DefaultSite {
            Ensure       = "present"
            Name         = "Default Web Site"
            State        = "Stopped"   # Ensure the website is not running
            PhysicalPath = "C:\inetpub\wwwroot"
            DependsOn    = "[WindowsFeature]IIS" # Ensure the IIS feature is installed first
        }
    }
}

Steps Explained

  1. Define the Configuration:
    The configuration script outlines the desired state for the server. In this scenario, it guarantees that the IIS role is installed and the default website exists in IIS, albeit in a stopped state.

  2. Compile the Configuration:
    After writing the configuration script, compile it to generate a Managed Object Format (MOF) file. The MOF file is a standard representation that the Local Configuration Manager (LCM) on the target system reads and applies.

  3. Apply the Configuration:
    Execute the following PowerShell command to enforce the configuration. This command directs the LCM to read the MOF file and adjust the system state to match the defined configuration.

    Start-DscConfiguration -Path WebServerSetup -Wait -Verbose -Force
    • The -Path parameter specifies the directory containing the MOF file.
    • The -Wait parameter pauses execution until the configuration job completes.
    • The -Verbose flag provides detailed operational output.
    • The -Force parameter re-applies the configuration even if it appears to be already in effect.

Note

For further details on DSC and its application in different environments, refer to the official DSC documentation.

The Role of the Local Configuration Manager

The Local Configuration Manager (LCM) is the core engine that applies DSC configurations on target nodes. It routinely verifies that the system's configuration aligns with the desired state defined in the MOF file. If any drift is detected, the LCM automatically re-applies the configuration to restore compliance.

In our example, two DSC resources are used:

  • WindowsFeature: Ensures that specific Windows roles or features, like the IIS role (Internet Information Services), are either installed or removed.
  • xWebsite: Manages the state of IIS websites, ensuring that the default site exists and remains in a stopped state.

Azure Automation DSC

Azure Automation DSC offers a cloud-based approach to managing DSC configurations for Windows machines. Leveraging the same principles as standard DSC, it provides centralized configuration management across your environment. With Azure Automation DSC, you can:

  • Maintain consistent configurations across cloud and on-premises systems.
  • Monitor compliance in real-time.
  • Automatically correct any configuration drift across your managed nodes.

The DSC configuration example provided earlier can also be deployed using Azure Automation DSC. This ensures that the desired state, including the configuration of the IIS role and website settings, is consistently applied across all managed machines.

By incorporating DSC with the array of Azure tools available, you can develop robust, self-healing systems that remain perpetually aligned with your desired configuration state.

Additional Resources

Watch Video

Watch video content

Previous
Exploring Configuration management technology for application infrastructure
Next
Azure Automation State Configuration