SlideShare a Scribd company logo
1 of 14
Azure Automation and Update
Management
Udaiappa Ramachandran ( Udai )
https://udai.io
About me
• Udaiappa Ramachandran ( Udai )
• CTO-Akumina, Inc.
• Cloud Expert
• Microsoft Azure, Amazon Web Services, and Google
• New Hampshire Cloud User Group (http://www.meetup.com/nashuaug )
• https://udai.io
Agenda
• Automation
• Authentication
• Certificate Creation
• PowerShell Workflow
• PowerShell DSC
• Update Management
• Source control integration
• Windows Admin Center
• Demo…Demo…Demo…
Introduction
• What is Azure Automation?
• Automation Features
• Process automation
• Configuration management
• Change Tracking and Inventory
• Azure Automation State Configuration
• Update management
• Shared capabilities
• Shared resources
• Role-based access control
• Source control integration
• Heterogeneous features.
• Windows and Linux
• Azure and Non-Azure
Common Scenarios
• Schedule tasks
• Write runbooks
• Build and deploy resources
• Configure VMs
• Share knowledge
• Retrieve inventory
• Find changes
• Periodic maintenance
• Respond to alerts
• Hybrid automation
• Azure resource lifecycle management
• Dev/test automation scenarios
• Governance related automation
• Azure Site Recovery
• Windows Virtual Desktop
Authentication
• Run As account
• Classic Run As account
• Service principal for Run As account
• System assigned managed identity
• User assigned managed identity
PowerShell - Self-Signed Certs
cd $PSScriptRoot
$subject= read-host "Please enter the certificate subject"
$pwd= read-host "Please enter the password"
$todaydt = Get-Date
$enddt = $todaydt.AddYears(10)
$cert=New-SelfSignedCertificate -Subject $subject -KeyAlgorithm RSA -KeyLength
2048 -CertStoreLocation "Cert:CurrentUserMy" -notafter $enddt
$certPassword = ConvertTo-SecureString -String $pwd -Force -AsPlainText
$pfxFilePath="akumina_v5.pfx"
$certFilePath="akumina_v5.cer"
Export-PfxCertificate -Cert $cert -FilePath $pfxFilePath -Password $certPassword
Export-Certificate -Cert $cert -FilePath $certFilePath
OpenSSL - Self-Signed Certs
#Set the OPENSSL_CONF file
set OPENSSL_CONF=C:Program FilesGitusrsslopenssl.cnf
#Create RSA Key Pair
openssl genrsa -out rsakeypair.pem 2048
#Create CSR
openssl req -new -sha256 -key rsakeypair.pem -out yourapp.csr
#Create CRT
openssl x509 -req -sha256 -days 365 -in yourapp.csr -signkey rsakeypair.pem -out yourapp.crt
#Create pfx file for IIS import of certificate
openssl pkcs12 -export -out yourapp.pfx -inkey rsakeypair.pem -in yourapp.crt
Desired State Configuration
• Configuration Management service
• Create and manage PowerShell scripts for state configuration
• Allows configuration management of workloads in Azure or Non-Azure
• Management of DSC Artifacts
• PowerShell DSC pull/reporting service hosted in the cloud
• PowerShell DSC is declarative and not imperative
• Authoring PowerShell DSC
• Create DSC File
• Compile the DSC file into Microsoft Object Format (MOF) file
• Stage the DSC file for the target nodes
• WMI providers implement the desired configuration as per DSC
UpdateManagement
• Updates received thru Log Analytics workspace
• Schedule updates for Windows/Linux VMs
Windows Admin Center
• Manage Virtual machines from Azure Portal
Source control integration
• Single direction synchronization from your repository to cloud
• Easy to promote development environment to production automation account
• Integration enabled through Managed Identity (System or User) and RunAs account
• User Managed Identity using Automation Variable
(AUTOMATION_SC_USER_ASSIGNED_IDENTITY_ID =<CLIENTID>)
• RunAs Account using Automation variable (AUTOMATION_SC_USE_RUNAS =true)
• Enable Source control integration using Azure Portal or PowerShell
Demo…
• Azure Automation Creation and Overview
• Authentication Types
• Running Runbooks
• Scheduling
• Running PowerShell DSC
• Inventory and Change Tracking
• Update Management
• Version Control
Reference
• Azure Automation: https://docs.microsoft.com/en-us/azure/automation/
• Azure Update Management: https://docs.microsoft.com/en-
us/azure/automation/update-management/overview
• WSUS: https://docs.microsoft.com/en-us/azure/architecture/example-
scenario/wsus/
• WSUS Package Publisher:
https://github.com/DCourtel/Wsus_Package_Publisher
• Preview: Patch Management: https://docs.microsoft.com/en-us/azure/virtual-
machines/automatic-vm-guest-patching

More Related Content

What's hot

What's hot (20)

Azure App Service
Azure App ServiceAzure App Service
Azure App Service
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure Fundamentals
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
An Introduction to Azure IaaS
An Introduction to Azure IaaSAn Introduction to Azure IaaS
An Introduction to Azure IaaS
 
Azure storage
Azure storageAzure storage
Azure storage
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Governance
Azure GovernanceAzure Governance
Azure Governance
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
How to migrate workloads to the google cloud platform
How to migrate workloads to the google cloud platformHow to migrate workloads to the google cloud platform
How to migrate workloads to the google cloud platform
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
 
Microsoft azure backup overview
Microsoft azure backup overviewMicrosoft azure backup overview
Microsoft azure backup overview
 
Azure Introduction
Azure IntroductionAzure Introduction
Azure Introduction
 
Introduction to Azure DevOps
Introduction to Azure DevOpsIntroduction to Azure DevOps
Introduction to Azure DevOps
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaS
 

Similar to Azure Automation and Update Management

Kåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azureKåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azure
Nordic Infrastructure Conference
 

Similar to Azure Automation and Update Management (20)

Become an Automation Ninja in 60 Minutes
Become an Automation Ninja in 60 MinutesBecome an Automation Ninja in 60 Minutes
Become an Automation Ninja in 60 Minutes
 
Kåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azureKåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azure
 
Aos canadian tour (YOW) @energizedtech - Manage AzureRM with powershell
Aos canadian tour (YOW)  @energizedtech - Manage AzureRM with powershellAos canadian tour (YOW)  @energizedtech - Manage AzureRM with powershell
Aos canadian tour (YOW) @energizedtech - Manage AzureRM with powershell
 
Microsoft Operations Management Suite
Microsoft Operations Management Suite Microsoft Operations Management Suite
Microsoft Operations Management Suite
 
Tokyo azure meetup #8 azure update, august
Tokyo azure meetup #8   azure update, augustTokyo azure meetup #8   azure update, august
Tokyo azure meetup #8 azure update, august
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, August
 
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSCWinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
 
Tokyo Azure Meetup #6 - Azure Monthly Update - June
Tokyo Azure Meetup #6 - Azure Monthly Update - JuneTokyo Azure Meetup #6 - Azure Monthly Update - June
Tokyo Azure Meetup #6 - Azure Monthly Update - June
 
VMware Automation, PowerCLI presented at the Northern California PSUG
VMware Automation, PowerCLI presented at the Northern California PSUGVMware Automation, PowerCLI presented at the Northern California PSUG
VMware Automation, PowerCLI presented at the Northern California PSUG
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)
 
Presentation desarrollos cloud con oracle virtualization
Presentation   desarrollos cloud con oracle virtualizationPresentation   desarrollos cloud con oracle virtualization
Presentation desarrollos cloud con oracle virtualization
 
Azure functions serverless
Azure functions serverlessAzure functions serverless
Azure functions serverless
 
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
 
Campus days Azure HDInsight automation
Campus days Azure HDInsight automationCampus days Azure HDInsight automation
Campus days Azure HDInsight automation
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for AzureGet On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
 
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
 
SCCM on Microsoft Azure
SCCM on Microsoft AzureSCCM on Microsoft Azure
SCCM on Microsoft Azure
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
 
Automatyzacja Microsoft Azure z wykorzystaniem Azure Automation
Automatyzacja Microsoft Azure z wykorzystaniem Azure AutomationAutomatyzacja Microsoft Azure z wykorzystaniem Azure Automation
Automatyzacja Microsoft Azure z wykorzystaniem Azure Automation
 

More from Udaiappa Ramachandran

More from Udaiappa Ramachandran (20)

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Level up your security using Intune.pptx
Level up your security using Intune.pptxLevel up your security using Intune.pptx
Level up your security using Intune.pptx
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptx
 
DOTNET8.pptx
DOTNET8.pptxDOTNET8.pptx
DOTNET8.pptx
 
AzureSynapse.pptx
AzureSynapse.pptxAzureSynapse.pptx
AzureSynapse.pptx
 
Vector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptxVector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptx
 
SecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxSecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptx
 
AzureOpenAI.pptx
AzureOpenAI.pptxAzureOpenAI.pptx
AzureOpenAI.pptx
 
OpenAI-Copilot-ChatGPT.pptx
OpenAI-Copilot-ChatGPT.pptxOpenAI-Copilot-ChatGPT.pptx
OpenAI-Copilot-ChatGPT.pptx
 
DiagnoseAndSolveproblems.pptx
DiagnoseAndSolveproblems.pptxDiagnoseAndSolveproblems.pptx
DiagnoseAndSolveproblems.pptx
 
MAUI.pptx
MAUI.pptxMAUI.pptx
MAUI.pptx
 
CosmosDB.pptx
CosmosDB.pptxCosmosDB.pptx
CosmosDB.pptx
 
.NET7.pptx
.NET7.pptx.NET7.pptx
.NET7.pptx
 
AzureDevOps
AzureDevOpsAzureDevOps
AzureDevOps
 
AzureCostManagementAndBilling
AzureCostManagementAndBillingAzureCostManagementAndBilling
AzureCostManagementAndBilling
 
.NET6.pptx
.NET6.pptx.NET6.pptx
.NET6.pptx
 
Azure staticwebapps
Azure staticwebappsAzure staticwebapps
Azure staticwebapps
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelink
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 

Azure Automation and Update Management

  • 1. Azure Automation and Update Management Udaiappa Ramachandran ( Udai ) https://udai.io
  • 2. About me • Udaiappa Ramachandran ( Udai ) • CTO-Akumina, Inc. • Cloud Expert • Microsoft Azure, Amazon Web Services, and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • https://udai.io
  • 3. Agenda • Automation • Authentication • Certificate Creation • PowerShell Workflow • PowerShell DSC • Update Management • Source control integration • Windows Admin Center • Demo…Demo…Demo…
  • 4. Introduction • What is Azure Automation? • Automation Features • Process automation • Configuration management • Change Tracking and Inventory • Azure Automation State Configuration • Update management • Shared capabilities • Shared resources • Role-based access control • Source control integration • Heterogeneous features. • Windows and Linux • Azure and Non-Azure
  • 5. Common Scenarios • Schedule tasks • Write runbooks • Build and deploy resources • Configure VMs • Share knowledge • Retrieve inventory • Find changes • Periodic maintenance • Respond to alerts • Hybrid automation • Azure resource lifecycle management • Dev/test automation scenarios • Governance related automation • Azure Site Recovery • Windows Virtual Desktop
  • 6. Authentication • Run As account • Classic Run As account • Service principal for Run As account • System assigned managed identity • User assigned managed identity
  • 7. PowerShell - Self-Signed Certs cd $PSScriptRoot $subject= read-host "Please enter the certificate subject" $pwd= read-host "Please enter the password" $todaydt = Get-Date $enddt = $todaydt.AddYears(10) $cert=New-SelfSignedCertificate -Subject $subject -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:CurrentUserMy" -notafter $enddt $certPassword = ConvertTo-SecureString -String $pwd -Force -AsPlainText $pfxFilePath="akumina_v5.pfx" $certFilePath="akumina_v5.cer" Export-PfxCertificate -Cert $cert -FilePath $pfxFilePath -Password $certPassword Export-Certificate -Cert $cert -FilePath $certFilePath
  • 8. OpenSSL - Self-Signed Certs #Set the OPENSSL_CONF file set OPENSSL_CONF=C:Program FilesGitusrsslopenssl.cnf #Create RSA Key Pair openssl genrsa -out rsakeypair.pem 2048 #Create CSR openssl req -new -sha256 -key rsakeypair.pem -out yourapp.csr #Create CRT openssl x509 -req -sha256 -days 365 -in yourapp.csr -signkey rsakeypair.pem -out yourapp.crt #Create pfx file for IIS import of certificate openssl pkcs12 -export -out yourapp.pfx -inkey rsakeypair.pem -in yourapp.crt
  • 9. Desired State Configuration • Configuration Management service • Create and manage PowerShell scripts for state configuration • Allows configuration management of workloads in Azure or Non-Azure • Management of DSC Artifacts • PowerShell DSC pull/reporting service hosted in the cloud • PowerShell DSC is declarative and not imperative • Authoring PowerShell DSC • Create DSC File • Compile the DSC file into Microsoft Object Format (MOF) file • Stage the DSC file for the target nodes • WMI providers implement the desired configuration as per DSC
  • 10. UpdateManagement • Updates received thru Log Analytics workspace • Schedule updates for Windows/Linux VMs
  • 11. Windows Admin Center • Manage Virtual machines from Azure Portal
  • 12. Source control integration • Single direction synchronization from your repository to cloud • Easy to promote development environment to production automation account • Integration enabled through Managed Identity (System or User) and RunAs account • User Managed Identity using Automation Variable (AUTOMATION_SC_USER_ASSIGNED_IDENTITY_ID =<CLIENTID>) • RunAs Account using Automation variable (AUTOMATION_SC_USE_RUNAS =true) • Enable Source control integration using Azure Portal or PowerShell
  • 13. Demo… • Azure Automation Creation and Overview • Authentication Types • Running Runbooks • Scheduling • Running PowerShell DSC • Inventory and Change Tracking • Update Management • Version Control
  • 14. Reference • Azure Automation: https://docs.microsoft.com/en-us/azure/automation/ • Azure Update Management: https://docs.microsoft.com/en- us/azure/automation/update-management/overview • WSUS: https://docs.microsoft.com/en-us/azure/architecture/example- scenario/wsus/ • WSUS Package Publisher: https://github.com/DCourtel/Wsus_Package_Publisher • Preview: Patch Management: https://docs.microsoft.com/en-us/azure/virtual- machines/automatic-vm-guest-patching

Editor's Notes

  1. What is Azure Automation? Azure automation delivers a cloud-based automation and configuration service that provides consistent management across your Azure and non-Azure environments Common Scenarios Process Automation – Orchestrate processes using graphical, powershell and Python runbooks Configuration Management – Collect inventory, Track changes, Configure desired state Update Management-Assess compliance, Schedule update installation Shared Capabilities- Role based access control, Secure, global store for variables, credentials, certificates, connections, flexible scheduling, shared modules, source control support , auditing, tags
  2. Schedule tasks - stop VMs or services at night and turn on during the day, weekly or monthly recurring maintenance workflows. Write runbooks - Author PowerShell, PowerShell Workflow, graphical, Python 2 and 3, and DSC runbooks in common languages. Build and deploy resources - Deploy virtual machines across a hybrid environment using runbooks and Azure Resource Manager templates. Integrate into development tools, such as Jenkins and Azure DevOps. Configure VMs - Assess and configure Windows and Linux machines with configurations for the infrastructure and application. Share knowledge - Transfer knowledge into the system on how your organization delivers and maintains workloads. Retrieve inventory - Get a complete inventory of deployed resources for targeting, reporting, and compliance. Find changes - Identify and isolate machine changes that can cause misconfiguration and improve operational compliance. Remediate or escalate them to management systems. Periodic maintenance - to execute tasks that need to be performed at set timed intervals like purging stale or old data, or reindex a SQL database. Respond to alerts - Orchestrate a response when cost-based, system-based, service-based, and/or resource utilization alerts are generated. Hybrid automation - Manage or automate on-premises servers and services like SQL Server, Active Directory, SharePoint Server, etc. Azure resource lifecycle management - for IaaS and PaaS services. Dev/test automation scenarios - Start and start resources, scale resources, etc. Governance related automation - Automatically apply or update tags, locks, etc. Azure Site Recovery - orchestrate pre/post scripts defined in a Site Recovery DR workflow. Windows Virtual Desktop - orchestrate scaling of VMs or start/stop VMs based on utilization.
  3. #TO READ CONTENT OF PFX FILE $outFile="akumina_v5.txt" $clearBytes = get-content $pfxFilePath -Encoding Byte [System.Convert]::ToBase64String($clearBytes)| Out-File $outFile http://kaushikghosh12.blogspot.com/2016/08/self-signed-certificates-with-microsoft.html
  4. RSA=Rivest-Shamir-Adleman CSR=Certificate Signing Request file PEM=Privacy-Enhanced Mail (de facto file format for storing and sending ryptographic keys, certificates and other data) PFX=Personal Information Exchange http://kaushikghosh12.blogspot.com/2016/08/self-signed-certificates-with-microsoft.html Difference between makecert and openssl is that makecert does not create CSP of 24 (The value remains 1) where as openssl does when used pvk2pfx with switch –sy 24
  5. Can be used as a report-only endpoint WMI=Windows Management Instrumentation Push Mode=Configurations are applied via the Start-DSCConfiguration PowerShell command PullMode=Configurations are stored centrally, and the nodes are configured to pole and pull the configurations from the central location
  6. WSUS-Windows Server Update Service