Speaking at Microsoft Ignite

I have got the opportunity to speak at Ignite again, this will be my third year I will do a session on this gigantic conference!

I have a Community Theater Session where I would love to have you as a guest if you will also be there and have some time for this topic!

“Using a PowerShell release pipeline for a real-world service provider delivery in Microsoft Azure”

Delivering managed services for a service provider can be cumbersome and often the quality and reliability is not first priority. Utilizing PowerShell and Desired State Configuration makes it repetitive, versionable, and testable! In this real-world case we have implemented a release pipeline to make sure that PowerShell scripts, modules, and dsc configurations are tested before put into production use in Azure Automation.

here you can find it in the session catalog

It is scheduled on Tuesday 4:05-4:25

Lets try to get SMB1 to die …. at least in my lab..

This last weekend there have been quite a buzz about the ransomware that been spreading like the plague based on the fact that there are still so many unpatched servers and clients running windows from the stone age. We can also discuss for a while why in Windows 10 and Windows server 2016 the SMB1 protocol is still enabled and needs to be turned off? One alternative could have been to say that if you want to use this 30 year protocol you would need to enable it and thus knowing the risk and taking that into account when deciding for the legacy track

One way of beeing safe is to of course turn of the computer but that works how long?

In my lab environment I have the luck to only use WIndows 2012 R2 and above, I need to get the computers from the AD and also remove the FS-SMB1 role. The quickest way is to just disable the SMB1 protocol, you know there are users in an ordinary world that kind of does not want servers to be restarted whenever and removing the feature does need a reboot…  So first disable the protocol now and then remove the role when it is time to do the magic reboot

 

Windows Server 2016 is now available on Azure

So the day has come when Windows Server have arrived at Microsoft Azure and you can start deploying your new workloads.

You either find the different flavours from the portal or from PowerShell

screen-shot-2016-10-12-at-15-37-58

And the command for finding them with PowerShell AzureRM module is

and running it looks like this:

screen-shot-2016-10-12-at-16-12-07

Good luck in deploying!

 

updated AzureRM PowerShell Module with Export of Resource Group

Today the version 1.3.0 of AzureRM module was released and in that there was a new cmdlet Export-AzureRMResourceGroup that can be used on an resource group and get a json file from that!

updating your AzureRM is quite easy with the powershell gallery repository

Screen Shot 2016-03-30 at 12.13.19

And then you can run the Export cmdlet and get the json file from that deployment and start playing in Visual Studio or VS Code 🙂

Screen Shot 2016-03-30 at 11.43.21

Have fun automating and deploying with Azure Resource Manager!

install-service during bootstrap a windows node with chef knife

I was exploring last week how I could add a managed windows node in my internal test environment where I have a chef server.

Bootstrap a windows node has been possible quite a while but not so long ago the knife windows added the parameter for also setting up the client as a service. This was part of the Knife Windows 1.0 release as you can read on the Chef site.

Screen Shot 2016-03-17 at 08.43.37

Another great parameter now available is the –msi_url that gives the possibility to set the chef client msi path to something local if the servers cannot speak to the mighty Internet

happy chef-ing!

Azure Automation – Hybrid job with custom runas account

Microsoft and the Azure Automation team has made it possible to use a custom account when running a job on a hybrid worker and that is awesome! Originally the jobs runs under the Microsoft Management Agent´s service account context and that is not always wanted.

Screen Shot 2016-01-09 at 13.56.43

As I described in a post that I did some time ago I used a parameter -PScredential with the inlinescript but now I can with the new functionality get the whole job in the right user context, the user should be saved as a credential asset in your automation account! Last year also the possibility to use PowerShell scripts runbooks besides Workflow runbooks!

Screen Shot 2016-01-09 at 13.57.15

Happy automating!

Managing Azure workloads with Chef and PowerShell DSC at TechDays

pic-devops-kungfu

Last week at TechDays me self and Fredrik Nilsson had a session about managing your workloads in Azure with Chef and PowerShell DSC. Despite the fact that we had the same timeslot as Arwidmark, Nystrom and Ben Armstrong our room was quite full of kung fu interested geeks 😉

Here is the presentation so you can find the links and info:

Screen Shot 2015-10-26 at 10.34.23

TechDaysChefAzure

For you guys that did not have the opportunity to be there, a recording will be available although it is in Swedish…

Using Azure Automation and Hybrid Worker to automate SCVMM tasks

automation-hybrid-runbook-worker-overview

Azure Automation and Hybrid Runbook workers are fun to play with and today I wanted to try something like automating System Center VMM tasks,

I read Markus Lassfolk´s post about changing VM´s network adapters MAC from dynamic to static which is the prefered setting that you should use for your Hyper-V VM´s. So How could I utilize this with Azure Automation runbooks instead of an script that is run on the VMM server?

In my runbook I have a VMM Automation account declared as a credential and I connect to the VMM server with that to be able to reconfigure the VM´s. If I do not use a -PSCredential for the inlinescript the Runbook worker will try to use the system account of the Worker server and that does not work so well on the connection to the VMM server,

Screen Shot 2015-09-09 at 15.24.12

Either start it from powershell console if you have Azure PowerShell module installed or within the GUI and I used only one input parameter and that can be used for an explicit VM or “All” VM´s.

Screen Shot 2015-09-09 at 15.04.50

And as you can see in the VMM log I have changed the VM´s NICS, and also if a VM have two or more NICS all of them get a static MAC configured :

Screen Shot 2015-09-09 at 15.03.07

Hope that you see the potential in Azure Automation and Happy automating!

 

Updating Slack channels with Azure Automation

20150210005716!Slack_Icon

I have been playing a bit with Azure Automation again, and my company and also several customers run Slack, ever heard of it? It is gaining grounds in IT as a collaboration tool and email-killer.

With slack you can connect with a web browser or an app that is available for almost all platforms today! this making it really easy to get everyone onboard using it in your projects or teams to keep up to date.

Once you have got a token for your slack account you can update with a new message, in this case PowerShell:

So how can this be utilized with automation?! Assume that you have some deployment or automated build process that either runs in azure or on premise and your devs want to get information if it was successful or if it failed.. So in that deployment runbook in Azure Automation you can call the Update-Slack runbook with parameters to give the user information on what have happened if it failed or if it was successful.

Screen Shot 2015-09-08 at 15.17.45

In the Slack window it shows the user sending and that it is by they Slackbot

Screen Shot 2015-09-08 at 16.00.14

Another way is if you have a system that can send a web request, then you can use the new Azure Automation webhooks to kick of the runbook to update Slack. My runbook example contains parameters for both ways so I do not have to create two different runbooks depending on what way the req comes to start the Update-Slack runbook.

So how do I handle this in the runbook? In the following runbook I have the user and the token saved as variables and three input variables depending on where the request comes from.

As you can see there are numerous ways of updating and of course it can be done for facebook or twitter or some other social platform if that’s prefered 🙂