PowerShell Desired State Configuration

Slides:

Advertisements

Similar presentations

Version 2.0 © Copyright 2008 ANB Software Ltd. ActivMan 2.0 Scenarios Basic Features Templates Mass Manipulation Importing Auto Importing Extracting from.

Advertisements

Module 5: Creating and Configuring Group Policy

Remote mailbox access gateway Software lab project.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Module 8: Managing Client Configuration and Connectivity.

Session 10 Windows Platform Eng. Dina Alkhoudari.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.

CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.

Windows Domain Hardening

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Microsoft FrontPage 2003 Illustrated Complete Finalizing a Web Site.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,

Module 3 Configuring File Access and Printers on Windows 7 Clients.

SONIC-3: Creating Large Scale Installations & Deployments Andrew S. Neumann Principal Engineer, Progress Sonic.

Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.

1 PUPPET AND DSC. INTRODUCTION AND USAGE IN CONTINUOUS DELIVERY PROCESS. VIKTAR VEDMICH PAVEL PESETSKIY AUGUST 1, 2015.

Module 5: Creating and Configuring Group Policies.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

Windows PowerShell Desired State Configuration Overview (for WMF 4.0 Preview) Windows PowerShell Desired State Configuration (DSC) is a new management.

SONIC-3: Creating Large Scale Installations & Deployments Andrew S. Neumann Principal Engineer Progress Sonic.

System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.

Linux Operations and Administration

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Hyperion Artifact Life Cycle Management Agenda  Overview  Demo  Tips & Tricks  Takeaways  Queries.

IPS Infrastructure Technological Overview of Work Done.

Exchange Hybrid: Deployment, best practices, and what’s new

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Simple Push DSC with SCCM Compliance Items Matthew H. Teegarden Systems Software Engineer Lifetouch Inc. Joseph.

Long Live Azure Automation!Long Live Azure Automation! Cloud-first Configuration Management and Automation Beth Cooper Program Manager.

Oracle HFM Implementation Boot Camp Presented by Saravanan Singaravadivelan Developed by Saravanan Singaravadivelan Senior Consultant Qubix International.

SQL Database Management

Architecture Review 10/11/2004

Patch Management Module 13.

Installation The Intercompany Integration Solution for SAP Business One Version 2.0 for SAP Business One 9.1 Welcome to the course on the installation.

Running a Forms Developer Application

Tivoli Storage Manager Product Family

Using E-Business Suite Attachments

Securing the Network Perimeter with ISA 2004

Configuring and Troubleshooting Routing and Remote Access

Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro.

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Deploying and Configuring SSIS Packages

Configuration Management with Azure Automation DSC

THE STEPS TO MANAGE THE GRID

Microsoft FrontPage 2003 Illustrated Complete

Installation The Intercompany Integration Solution for SAP Business One Version 2.0 for SAP Business One 9.1 Welcome to the course on the installation.

DevOps – Desired State Configuration –

The future of deployments by Rami Mounla

State of the SharePoint PowerShell nation, 2017

Getting Started with PowerShell Desired State Configuration (DSC)

Automating configuration of SQL Server

Configuring Internet-related services

SharePoint Online Hybrid – Configure Outbound Search

Getting Started with PowerShell Desired State Configuration (DSC)

SharePoint services Provides team collaboration through SharePoint Sites and makes it easy for communities to work together on documents, tasks, contacts,

Desired State Configuration

David Cleverly – Development Lead

Michelle Haarhues Keeping up with SSMS.

This is the slide shown before the presentation starts

Getting Started with PowerShell Desired State Configuration (DSC)

Preparing for the Windows 8.1 MCSA

Presentation transcript:

PowerShell Desired State Configuration Keep your Service stable and stay on top of your config

Ingo Gegenwarth IT Principal Consultant @SAP MCM Exchange 2010 Office Server and Services MVP Blog: https://ingogegenwarth.wordpress.com/ Twitter: @IngoGegenwarth E-mail: ingo@thecluelessguy.de

Objectives Provide you a brief overview of Desired State Configuration(DSC) Where can DSC help you with Exchange

Motivation for using DSC Project Exchange 2016 upgrade Consolidate several scripts for different purposes Remove a few scheduled tasks Centralize management Avoid configuration drift Keep customization in place (CU upgrade)

What is Desired State Configuration? DSC is a management platform based on Windows Powershell (v4 and later) Text file based configurations Built-In and many community resources (PowerShell gallery)

Main components Local Configuration Manager Resources Configuration The engine running on a node, which reads and try to ensure the desired state described in a configuration(MOF). Lives in the process WmiPrvSE Resources PowerShell Modules, which are able to handle statements in a configuration. Besides the built-in resources you can find many built by the community Configuration One or more statement how one/multiple resources should be configured

Push- or Pull-Mode Push-Mode: Pull-Mode: Can be any server You need to deploy any used resource, which is not built-in No reporting capabilities Pull-Mode: SMB or Web based No need to deploy any used resource, which is not built-in Certificate needed(best practice) Reporting capabilities

Securing MOFs For some configurations you need to provide credential By default plaintext passwords are not allowed(PsDscAllowPlainTextPassword must be set to true) In order to encrypt the credential, the target nodes need to have a valid certificate Process: Export the public key of node’s certificate to the machine you create the MOF files In the configuration block provide path to the exported certificate and its thumbprint Create the MOF file Configure the target node’s LCM with the correct thumbprint

How can DSC help me with Exchange?

Example #1 Client-specific message size limits in Exchange 2 web.config files 5 values Services Configuration file Keys and default values Size Client Access %ExchangeInstallPath%\FrontEnd\ HttpProxy\Sync\web.config maxAllowedContentLength = “35000000“ Not present by default bytes maxRequestLength = “35840” kilobytes Backend %ExchangeInstallPath%\ClientAccess\ Sync\web.config maxAllowedContentLength = “35000000” Not present by default maxRequestLength=“35840” <add key=“MaxDocumentDataSize” value=“35840000”>

Example #2 Modern Attachments behind a web proxy

Example #2 Modern attachments behind a web proxy By default Exchange doesn’t support web proxies in this scenario. You need to edit for each used protocols web.config files the following properties: usesystemdefault Proxyaddress Address

Example #2 Modern attachments behind a web proxy The following files needs to be modified: %ExchangeInstallPath%\ClientAccess\Owa\web.config %ExchangeInstallPath%\ClientAccess\mapi\emsmdb\web.config %ExchangeInstallPath%\ClientAccess\exchweb\ews\web.config

Example #2 Modern Attachments behind a web proxy

Example #2 Modern Attachments behind a web proxy

Are there any limitations?

Limitations Exchange does support WMF5.1 only on Windows Server 2016 (installation of WMF from stand-alone downloads are NOT supported) New WMF5.1 feature ConfigurationNames is currently not supported by the xExchange DSC module In a mixed environment (WMF5.1/WMF4) securing of MOF file is not supported across versions (known bug)

Is DSC easy to use out-of-the-box?

Challenges: ConfigurationID How do you keep track of the GUIDs for all the nodes? Solution: Use ObjectGUID from corresponding AD object

Challenges: CertificateID How do you keep track of all the thumbprints, when you cannot use the same across all nodes? Solution: Use remote PowerShell to gather the thumbprint of a valid certificate on the target node.

Challenges: Thumbprint/CertificateFile As you need to configure the target node’s LCM, you also need to add the information to the configuration for each node.

Challenges:Thumbprint/CertificateFile How do you keep track and export all the certificates? You also need to edit the configuration script each time a node changes, which is error prone. Solution: Create those node specific blocks dynamically

Challenges:Create different configurations When you separate Configuration and Environment Data, you can import the Environment Data and inject for each node individual settings AllNodes is an array of hashtables Each hashtable reflects an individual node Procedure: Create a CSV file, which contains the desired properties Import this CSV file and convert it to a hashtable Append the hashtable to the AllNodes array

Challenges:Create different configurations

Tooling: New-DSCConfigsFromFiles.ps1 3 different files: Configuration (contains all statements, but no values) Environment Data (contains values for statements in configuration) CSV (contains values for individual node block)

New-DSCConfigsFromFiles.ps1 CSV Configuration Environment Data New-DSCConfigsFromFiles.ps1 MOF file

Tooling: Different configs made easy Change properties in CSV file Filter on those properties in Configuration Re-run script

Tooling: Set-DSCLCMforPullServer.ps1 The script configures the LCM of a target node Reads a CSV file to get target nodes Retrieves GUID from AD object If needed retrieves certificate thumbprint from target nodes

Tooling: Enforce-DSCConfiguration.ps1 Triggers a consistency check on target nodes If necessary kills the WmiPrvSE process If necessary delete cache of File resource Support multi-threading

How does it look like in action?

Configure LCM with script

Create MOF files with script

Enforce configuration with script

Q&A

Appendix Windows PowerShell Desired State Configuration https://msdn.microsoft.com/powershell/dsc/overview Separating Configuration Environment Data https://msdn.microsoft.com/powershell/dsc/configdata# PowerShell Gallery Repository https://www.powershellgallery.com/ New-DSCConfigsFromFiles.ps1 https://gallery.technet.microsoft.com/scriptcenter/New-DSCConfigsFromFilesps1-cf6826ba Set-DSCLCMforPullServer.ps1 https://gallery.technet.microsoft.com/scriptcenter/Set-DSCLCMforPullServer-04eb0351 Enforce-DSCConfiguration.ps1 https://gallery.technet.microsoft.com/scriptcenter/Enforce-DSCConfigurationps1-3bcd6f93