1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Microsoft Azure Automation: Concepts and Practical Usage

What is Azure Automation DSC?

Start course


Join Trevor Sullivan, a Microsoft MVP for Windows PowerShell, in this conceptual and practical course covering the Microsoft Azure Automation service! This course from Cloud Academy guides you through the fundamental concepts of Azure Automation, and offers live demonstrations for all of its major components, including cloud-based PowerShell Runbooks, and a cloud-hosted Pull Server for PowerShell Desired State Configuration (DSC)! Leave a comment on the course, get involved in the discussion, and tell us what you'd like to see more of! 

The Microsoft Azure Automation service offers two key components, both of which are covered in depth, in this course:

- Runbook Automation - Execute PowerShell-based Runbooks securely in the cloud. Runbooks can be authored as PowerShell scripts, PowerShell Workflows, or as Graphical Runbooks, using an in-browser designer. Azure Automation provides an "asset store" that enables you to store supporting variables, credentials, schedules, and other resources, which can be referenced by Runbooks. Once you've created or imported an Azure Automation Runbook, you can invoke it directly from the Azure Portal, from the Azure Resource Manager (ARM) PowerShell module, or even from external services through the use of Webhooks

- Automation Desired State Configuration (DSC) - Manage your cloud and on-premises Windows or Linux infrastructure using declarative configuration files that are hosted in the cloud! With Azure Automation DSC, there's no need to set up a PowerShell DSC Pull Server, which normally would require additional infrastrucutre, complex configuration, and ongoing maintenance! Simply create an Automation Account, upload your PowerShell DSC configurations and compile them into "node configuraitons" (MOF files)! After "onboarding" (registering) your managed nodes with Azure Automation, you can assign the node configurations to each node, and you're done! There isn't an easier way to get stared declaratively managing your nodes, than signing up for Azure Automation DSC.

Key Takeaways

After watching this Cloud Academy course, you'll be empowered to start automating tasks, using Windows PowerShell, in a cloud-first approach! You'll also be able to set up Azure Automation as a cloud-based PowerShell DSC Pull Server, making it incredibly easy to start managing your nodes using declarative PowerShell syntax. If you have any comments for this course, please leave a comment on the course, or e-mail support@cloudacademy.com!

This course isn't intended to be a deep dive on authoring PowerShell scripts and PowerShell Desired State Configuration (DSC) documents, but keep an eye out for content surrounding these topics!



Hello, and welcome to Microsoft Azure Automation Desired State Configuration. In this lecture, we're going to talk about what Azure Automation DSC is, how to upload DSC configurations to Azure Automation, DSC compilation jobs, DSC configuration data, registration or onboarding nodes with Desired State Configuration, and finally associating configurations with nodes. Some of these topics will be covered in the lecture, and some of them will be covered in demos.

So first we have to ask the question, "What is Azure Automation DSC and how does it help me?" Azure Automation DSC provides a couple of essential functions. First, it acts as a Desired State Configuration pull server. This reduces the need for you to set up an on-premises pull server and manage it on an ongoing basis. Because Azure Automation DSC abstracts the configuration of the pull server, you don't need to worry about managing one yourself.

Secondly, Azure Automation DSC works as a reporting point, where you can get reports about the state of your nodes configuration. You can associate Azure Virtual Machines or on-premises VMs with Azure Automation DSC. Any servers that are on your on-premises network will need access to Microsoft Azure services in order to access Azure Automation DSC services. If you have servers that are behind a firewall and are not allowed to access the public internet, then Azure Automation DSC may not work for you today.

Let's take a look at the workflow for setting up Azure Automation DSC. First, you create an automation account inside a resource group within your Azure subscription. Next, you'll upload your Desired State Configuration documents to the service. After you upload your DSC configurations, you'll compile them into what are called "node configurations". Next, you'll need to onboard or register your DSC nodes, or managed endpoints with the Azure Automation service. Finally, you'll associate the DSC node configurations with the nodes themselves that have been onboarded.

The next question becomes, "How do I actually onboard nodes to DSC?" You can onboard nodes to DSC by generating the Local Configuration Manager configuration documents through the use of a manual process, which is documented on Azure Automation's documentation site, or you can use the AzureRM. Automation module to dynamically generate the meta-configurations for you. You can also onboard nodes by using the Azure VM DSC extension. This only works for Azure Virtual Machines that are running under Azure Resource Manager.

Let's take a look architecturally at how Azure Automation DSC works. Inside your subscription, you create a resource group, and then you create your Automation account. You import your DSC configuration, which are your PowerShell script files that contain your configuration documents. Next, you run what's called a "compilation job", which compiles the DSC configurations and PowerShell syntax into what are called "node configurations". Each node in your environment has its own MOF file that gets compiled as a result of the DSC configuration compilation process. Your Azure and on-premises VMs can then be onboarded to the service and associated with those node configurations.

Now, let's talk about DSC configuration data. DSC configuration data separates your environmental details from the DSC configuration structure in your configuration document or function. DSC configuration data is defined as a PowerShell hash table that's specially crafted according to the DSC documentation.

In Microsoft Azure Automation, you must compile your MOF files, or your node configurations, using the Azure Resource Manager PowerShell module, because the Azure Portal does not yet support DSC configuration data during compilation. From a graphical perspective, the process is as follows. You have your PowerShell DSC configuration document and you separately have another file that contains the configuration data defined as the hash table. During the compilation into node configurations or MOF files, those two files are combined into the final node configuration. Again, each node in your environment gets its own MOF file or node configuration.

About the Author

Trevor Sullivan is a Microsoft MVP for Windows PowerShell, and enjoys working with cloud and automation technologies. As a strong, vocal veteran of the Microsoft-centric IT field since 2004, Trevor has developed open source projects, provided significant amounts of product feedback, authored a large variety of training resources, and presented at IT functions including worldwide user groups and conferences.