Tag: PowerShell

Microsoft News Summary-28 May 2014

It’s been a slow few days for news. Here’s what popped up overnight.

Don’t Be An IT Dinosaur – Attend TechCamp 2014 On June 19/20

A monumental change is happing in IT right now. You can fight it all you want, but cloud is a disrupting force that will effect our entire environment. IT pros are scared of “the cloud” … but is their fear justified?

This is why a bunch of us are presenting on the IT pro aspects of the Microsoft Cloud OS on June 19th and 20th. It’s a 2 day event in Dublin Citywest, where you can register for the Hybrid Cloud stuff (infrastructure as a service or IaaS) on June 19th, the Office365/etc stuff (software as a service or SaaS) on June 20th, or even register for both days.

The content on June 19th will span on-premises IT, building private clouds, automation, and mixing your on-premise infrastructure with Microsoft Azure. On June 20th we move on to SaaS where there will be lots of Office 365, Windows Intune, and Power BI. All presenters have been instructed to present demo-heavy “here’s how to …” technical sessions.

Now is the time to learn and evolve. Don’t be a dinosaur; get on board with the cloud now and be the person who is employable in 5 years time. You can choose to cover your ears and close your eyes, but you’ll be dug up from an IT tar pit in a few million years time.

dinosaur (3)

IT pros that ignored the cloud as it made them extinct

This event WILL NOT BE REPEATED. This is a once-off collection of subject expert speakers. No roadshow, no Microsoft Ireland event, and no partner event will repeat what we’re doing at TechCamp.

And consultants … this message goes double for you.

Microsoft News Summary-21 May 2014

I took a break from these posts last week while I was at TechEd, and then had work catch up to do this week. Let’s get back a rockin’. There is a distinct tendency towards cloud and automation in the news of the last week. That should be no surprise.

TechEd NA 2014 – Introduction To Microsoft Azure Automation

Speakers: Eamon O’Reilly (System Center automation) & Beth Cooper (same team)

What System Center has done has been extended into Azure. Both in preview. About half of the room are familiar with Orchestrator, the basis of what we will see this morning.

Pretty full room – pretty small room unfortunately.

Benefits

  • Optimize and extend existing investments: Based on POSH. Integrates existing systems.
  • Deliver flexible and reliable services: quicker. Reuse.
  • Lower costs and improve predictability: reduce manual errors.

Concepts

Same as SMA: runbooks, jobs, and assets.

Appears under Automation in the Azure portal.

Capabilities

All runbook management/authoring/testing can be done in the Azure portal. Has a HA engine. Also has suspend/resume/checkpoint features of SMA. All based on POSH workflows so if you have a cmdlet, you can do it.

Pricing

Free in preview. Pricing based on 3 points:

  • Job run time: time from start to complete. 500 minutes on free plan. $20/month (standard plan) gives you 10,000 minutes
  • Number of runbooks: 20 for free in free.
  • Integration module size: 5 MB on free plan.

You can register for the preview on the Azure preview site. This week is the time to do it. Preview is limited to East USA region.

Demo

Create a new automation account. Sample runbooks to be found on script centre. Tags are present to search/filter runbooks, like in SMA. Also has draft (what you are editing) and published runbook status. So you can have a published runbook and edit a new version.

Almost everyone in the room is using PowerShell. IT pros in Ireland are 5 years behind the USA, at least, and this is not a question of scale.

You can manually start a runbook or schedule on. Example: shut down idle VMs at end of workday and power them up at start of workday – save the runtime cost of VMs in Azure.

Automation Accounts

  • Organise automation by group of individual contributor
  • Accounts live in different regions.
  • Create up to 30 accounts

Automation Dashboard

  • For analysis and troubleshooting operations
  • Access problem jobs to get up and running quickly – focus on them instead of the lots of others that are OK

Authoring

  • Author: Create workflow runnbooks. Call existing runbooks in library
  • Manage & browse and insert assets in runbooks: Modules & activities, credentials, variables, connections, schedules
  • Test: Run and see results within authoring window.
  • Troubleshoot issues
  • Publish: Edit draft before publishing

Manage Runbooks & Jobs

  • Dashboard view: view jobs over time. Find jobs that need attention
  • Runbooks view: Filtering of jobs based on status and date. ID authoring state (new, in edit, published). Filter by tags to find runbooks.
  • Jobs view: Histor of jobs per runbook. Who last updated/when. Input parameters and output. Drill into each job to view streams generated to help troubleshooting. Stop/suspend/resume job.

Assets

  • Connections: Information to connect to a particular system. System specific settings.
  • Update to new versions of integration modules
  • Credentials
  • Variables
  • Schedules

Central set of resources that can be used by all runbooks, like in SMA.

Demo

WIN_20140514_090006

Has application insights enabled. If there’s an error on his site, The runbook triggers an action when an alert is created. A response is triggered whenever an alert is detected. All done using inline runbooks. Note: the alert detection method he used was to search for an alert email in GMail via an RSS feed.

Another demo.

WIN_20140514_091209

They’re using SharePoint to store and change control their runbook scripts. A runbook is monitoring the status of scripts in the SharePoint document library (list item), using a custom SharePoint module. This uses a connection asset. They see a script go into a “ready to test” status in SP and that triggers a child runbook. It appears that the action is that the runbook is updated in Azure and moved to “production” status in SharePoint – they don’t really explain but that’s not really the point anyway. The demo was connections to external resources.

Typical Scenarios

Azure automation is more than just about Azure resources. Posh offers huge extensibility via modules.

  • Monitoring & remediation: Alert on a VM. Monitor for new services to ensure management. Notify subscription owners of underutilized VMs that are wasting money.
  • Change control and provisioning: Deploy a VM, and enable monitoring. Deploy a new service and configure endpoints for alerts. Deploy from GIT and automate tests and swap to production if passes. Monitor SharePoint online for approval to update a service and do that once approved.
  • Patch/Update/Backup orchestration: Use traffic manager to patch IaaS VMs without downtime to services. Enable regeneration of storage account keys while avoiding downtime. SQL backup on a schedule. Backup and restore IaaS VMs.

Leave remote management of Azure VMs enabled and Azure Automation can reach into those VMs’ guest OSs.

Anything you do twice: Automate it.

Takes time to create automation, but the more you do it the quicker you do it. And the time you invest up front will save you time in the long term.

TechEd NA 2014 – In-Depth Introduction To Service Management Automation (SMA)

Neil Person PFE is the presenter.

What is PowerShell Workflow?

Introduced with Posh 3.0. Common syntax  but different execution. Uses Windows Workflow Foundation (WF). Used by SMA.

Windows Azure Pack (WAP)

A collection of on-premise Azure tech. Gives you a true cloud: multi-tenant and self-service, with presentation of broad network access and reusable resources provided by Hyper-V and SCVMM. Add-ons provide the measurement billing.

What is SMA?

A process automation tool built on WF that has native integration into WAP. A component of System Center Orchestrator. The files to install it are on the SCORH media. A unit of automation is called a runbook. They are built using POSH workflows in SMA, rather than GUI in SCORCH.

HA and scalable infrastructure.

SMA and WAP

WAP provides a GUI to SMA. You can admin the SMA system and edit SMA runbooks in WAP. You do not need WAP to run SMA, but SMA provides a console to manage it. Once you integrate SMA into WAP, you can use SMA runbooks for WAP activities, e.g. creation of a VM triggers a runbook for post-deployment configuration.

WAP is not a service provided by tenants. It is a service used by the cloud admins to automate work. Might benefit the users/tenants.

Authoring, admin and execution

Can edit in WAP Portal or PowerShell ISE. Tags are used to categorize runbooks – Folders are not used. Runbooks can transition through states: draft, published, or in-edit. There are several ways to execute runbooks – Posh module, a web service. A job is an instance of an executed runbook.

SMA Architecture

3 components:

  • Posh module
  • Web service – the centre of SMA – authenticating users, accepting requests, etc. Deploying this creates an SMA database.
  • Runbook workers.

Requests made, maybe via Posh module or via HTTP to the web service. The request is placed in the SMA database. Results might be sent to the web service. Runbook workers pick up jobs from the database and send job state information back to the database – if using state persistence functionality.

Install and Post-Install

Deploy the SMA components. Deploy multiple runbook workers for HA. Deploy WAP if you want that integration and console. Configure the WAP integration.

Automation in WAP is where you work with SMA. You need to register the SMA endpoint to integrate SMA with WAP. Any runbooks that you’ve created will appear.

SMA also appears under VM Clouds as Automation tab in WAP. This requires a second integration. You can use “an existing endpoint” from the previous step.

There are PKI requirements that have not been covered. Also some admin rights stuff.

There are a bunch of sample runbooks that you’ll see when you install it.

Tags

Runbooks are tagged for sorting or filtering. Runbooks can have more than one tag. Gives a multiple result possibility that folders cannot offer. Useful for nested runbooks where a runbook is reused for several greater tasks.

Managing a runbook

Created via the New menu is used in WAP. Drill into the runbook to see more. Use Configure to tag the runbook and enable logging. Authoring is where you can build the runbook from within the WAP GUI. There are draft and published tabs. SMA will put in a script block (snippet) for the workflow in draft to get you started. The code that you add is PowerShell. He uses Get-ADUser as a simple “hello world” demo to dump data on the output stream (write-output).

The test button gives you immediate feedback on code syntax. Publish the code, and then you can run the runbook. A job is created. It goes from queued to starting as a worker picks up the job from the database.

He copies the code into ISE. He runs it in ISE to test the code. It’s just a POSH workflow. Now he has code from the SMA module. His code runs get-smarunbook to query all the runbooks. Then Import-SMARunbook to import a PowerShell script to create a new runbook. Publish-SMARunbook will publish the runbook, readying it for execution. A new job is createed by running Start-SMARunbook. Get-SMAJob queries the status of the job. The output stream is showsn with Get-SMAJobOutput. And finally he deletes the runbook with Remove-SMARunbook.

Note he has a variable for the web service endpoint that is used as a parameter in each of the above cmdlets.

Assets

A collection of globally available settings we can use in any runbook. A connection asset is used to conenct to an external service. More than just username/password/server name. In ConfigMgr, the site code might be there. Might have a place for a certificate. Similar to what you see in SCORCH. A variable is used to share data across multiple runbooks. Credentials can use PSCredential or certificate to embed ID in a script securely. A schedule allows you to automate the scheduling of runbooks.

Checkpoint/Suspend

We can checkpoint a runbook. This is a save state action. Not like Hyper-V. For example, a script is creating a user and configuring it. If the script is interrupted after creating the user, a resumed execution will continue from the last checkpoint, therefore not trying to create the same user a second time.

Checkpoint-Workflow

Don’t go nuts with them. They have a performance impact. Be judicious, e.g  after a critical action or after doing something that cannot be repeated.

A runbook can be suspended – pause and resume. Let the runbook do stuff, let someone inspect the work, and then resume execution to finish the runbook.

Nesting Runbooks

Don’t create a massive runbook. Use nested smaller runbooks. This encourages code resuse and higher quality runbooks that are more heavily tested.

A parent runbook orchestrates the execution of child runbooks. We can start a runbook inline by referencing the name of the child runbook and passing it any required parameters. They appear as one job. All of the output is rolled up into that one job thanks to your inline execution. Synchronous execution.

Start-SMARunbook is a second way to start child runbooks. The child runbook gets its own job. Output is specific to that job. Asynchronous execution.

Inline Script

Some code that you have lying around might not work. They can be encapsulated in an inline script. The workflow creates a POSH session to run that encapsulated script. Any returned data goes into the workflow. Checkpointing and suspending won’t work inside inline script, but can be done before or after the inline script.

$variable = inlinescript {

code

}

Demo

Parent runbook is taking in parameters that will need to be provided when starting a job. This parent will kick of children to create a user, populate groups, move the user to an OU, and send and email to a  manager.

Get-AutomationPS<something> is used to pull inforation from SMA assets into POSH variables so that they become usable in the runbook code.

EmulatdAutomationActivites module allows you to run the runbook locally on a PC as if it was in SMA.

He calls the child runbooks simply by using the names of the published runbooks in the script as if they were cmdlets.

He publishes the scripts, and filters the tags in WAP. He goes into Assets and clicks Add Setting to add the required assets for the parent runbook. He starts the parent runbook. The parent’s required parameters are supplied via a pop up screen. A single job is created because inline runbook execution is used. The job runs – it creates a user, configures it, and sends an email to the manager.

Post-VM Deployment Servicing Demo

In VM Clouds we see that the VM Create action is tied to a runbook. Run this action will trigger this runbook. He wants to rename the guest OS computer name from the WAP-default random name to match the VM name in Hyper-V.

The scipt goes into a loop until the VM is up and running. He does this using Suspend-Workflow.

That’s all folks. SMA as a concept is pretty simple, as is SCORCH. The magic is in the code that you write. Learn PowerShell.

Microsoft News Summary-1 May 2014

Happy May Day, comrades! I was tied up with events the last couple of mornings so here is two days worth of news. Note the new beta for System Center Advisor. The security functionality looks very interesting!

Microsoft News Summary-28 April 2014

And here’s the news from over the weekend:

Unable To Delete Logical Switch From SCVMM 2012 R2

This post is about a situation where I was not able to remove a logical switch from System Center Virtual Machine Manager 2012 R2 (with Update Rollup 1). This scenario might affect other versions. And the fix might not work for everyone.

I was removing a bunch of logical network stuff from VMM, just mucking around with different types of builds to find one that suited my needs in the lab. I came to delete the virtual switch (logical switch) from Fabric in the SCVMM console but it failed to go. The reason given was that there was a remaining dependency. I checked the dependencies but none were listed.

Very strange!

I tried everything I could think of. Then I gave my MVP friend Damian Flynn a shout to see if he’d seen it. He had (if Damian hasn’t seen it, then it doesn’t exist in VMM), but wasn’t able to remember exactly what the fix was. I suspected I’d be using PowerShell. Damian confirmed it. So we went “wandering” in SCVMM. I found a remaining VM Network. There is no inter-dependency with it and the logical switch, but I decided to delete it. And it wouldn’t delete because a physical computer network adapter was depending on it.

That was strange – I had no hosts or physical computer hardware profiles left ,,, apparently. Time for PowerShell. Finding the verb-noun combination was easy. Damian filled in the –all for me. The following cmdlet corrected me.

Get-SCPhysicalComputerNetworkAdapterProfile -all

Interesting.

I tried but it failed.

Get-SCPhysicalComputerNetworkAdapterProfile -all |Remove-SCPhysicalComputerNetworkAdapterProfile

Apparently a virtual network adapter depended on these physical NICs. Ah… now I knew what was wrong. More on that later.

The next cmdlet confirmed my theory:

Get-SCVirtualNetworkAdapter –all

I removed that virtual network adapter with:

Get-SCVirtualNetworkAdapter -all | Remove-SCVirtualNetworkAdapter

Now I was able to run the following:

Get-SCPhysicalComputerNetworkAdapterProfile -all |Remove-SCPhysicalComputerNetworkAdapterProfile

Then I was able to remove both the virtual network and the logical switch.

So what happened? My previously deleted physical computer hardware profile featured two physical NICs (with CDN defined – don’t know if that’s important for this situation). Those two NICs were teamed using a logical switch and uplink port profile, and a virtual management adapter was connected to the logical switch. That’s what my queries revealed: a virtual network adapter (the virtual management NIC) and physical network adapters. Both the VM Network and the logical switch were dependent on these resources.

It appears that the process to delete the physical computer hardware profile left behind the physical NICs and the virtual management adapter, and the GUI didn’t have a way to present those stragglers.

Thanks to Damian for his help … it proved to be a fine opportunity to run through my design with him. Doing Hyper-V networking via SCVMM is quite different to the much more flexible native WS2012 R2 PowerShell option.

Script To Convert Hyper-V Virtual Machine From VHD To VHDX

Last year I wrote a script that would allow you to specify a virtual machine, and the script would:

  1. Shut down the VM if running
  2. Seek out any VHD files attached to any of the VM’s controllers
  3. Create VHDX files from those VHD files
  4. Replace the VHD files by attaching the VHDX files to the same controllers and locations in the VM settings
  5. Delete the VHD files

In my tests, the script had some issues. But that was nearly a year ago and it was on WS2012 in my lab. The script remained untouched until yesterday. I was chatting with my fellow Hyper-V MVP, Didier Van Hoye (aka @workinghardinit). He told me he was in the process of migrating VMs from an old W2008 R2 cluster to WS2012 and was going to be converting VHD files. Aha! This might be a time for a solution to speed up the process.

I sent the script over to Didier to have a look-see. Would it work. Well, Didier ran a series of tests this morning with guest OSs including W2003 R2 and WS2012. The tests ran flawlessly.

So … here is the script. FYI there are few things to note:

  • You might consider putting in a delay loop to test if the VM is actually shut down if you need to shut it down. Put a timeout of 3 minutes in that. The stop-vm cmdlet is async so it shouldn’t cause an issue as it is below, but you might want to take the extra step, just in case.
  • You might want to comment out the line Remove-VMHardDiskDrive $VHD for your test or pilot runs.
  • I do not support this script 🙂
  • Run the script and specify the VM name as a parameter.

CREDIT: A big thank you to Didier Van Hoye (aka @workinghardinit) for checking my work.

#—-

[CmdletBinding ()]
Param   (
        [Parameter(Mandatory=$True)]
        [string]$VMName
        )

#Disable error reporting – comment out the following line if you need to troubleshoot the script
$ErrorActionPreference = "SilentlyContinue"

cls

$VM = Get-VM $VMName
$VMStatus = $VM.State

if ($VM.VMid -ne $NULL)
{
    if ($VMStatus -eq "Running")
    {  
        #Shut down the VM if it is running
        Write-Host "Shutting down" $VMName
        Stop-VM $VMName  
    }

    #Get the disks in the VM
    $AllVHD = Get-VMHardDiskDrive $VMName

    if ($AllVHD -eq $NULL)
        {
        Write-Host "There are no virtual hard disks to convert"
        Exit
        }

    foreach ($VHD in $AllVHD)
    {
        #Get the VM path and create a VHDX file path
        [string]$VHDFile = Get-Item $VHD.Path
        $VHDFormat = (Get-VHD $VHDFile).VhdFormat
        if ($VHDFormat -eq "VHD")
            {
            [string]$VHDXFile = $VHDFile + "x"

            [string]$ControllerType = $VHD.ControllerType
            [string]$ControllerNumber = $VHD.ControllerNumber
            [string]$ControllerLocation = $VHD.ControllerLocation

            Write-Host "Converting: " $VHDFile "to" $VHDXFile
            Convert-VHD –Path $VHDFile –DestinationPath $VHDXFile
            Sleep 10

            #Reconfigure the Physical Sector Size of the VHDX file to 4 K
            Set-VHD -Path $VHDXFile -PhysicalSectorSizeBytes 4096
            Sleep 10

            #Remove the old VHD
            Write-Host "Removing $VHDFile from $VMName"
            Remove-VMHardDiskDrive $VHD
            Sleep 10
            #Replace the VHD with the VHDX
            Write-Host "Adding $VHDXFile to $VMName"
            Add-VMHardDiskDrive -VMName $VMName -Path $VHDXFile -ControllerType $ControllerType -ControllerNumber $ControllerNumber -ControllerLocation $ControllerLocation

            #Danger Will Robinson – we are going to delete the original VHD – we hope you have a tested VM backup!
            Write-Host "Deleting $VHDFile"
            Remove-Item $VHDFile -Force
            }
        else
            {
            Write-Host "$VHDFile is already a VHDX file: skipping"
            }
    }

    if ($VMStatus -eq "Running")
    {  
        #Restart the VM if it was running before the conversion
        Write-Host "Starting" $VMName
        Start-VM $VMName  
        #Wait for 10 seconds
        Write-Host "Waiting for 10 seconds to verify the virtual machine …"
        Sleep 10
        $VMStatus = $VM.State
        if ($VMStatus -ne "Running")
        {
            #Something went wrong
            Write-Host "$VMName could not reboot – please restore the VM from backup"     
        }
    }

}
else
{
    Write-Host $VMName "does not exist on this host"
    Exit
}

Write-Host "Processing of $VMName has completed"

PowerShell Deployment Toolkit (PDT) For System Center

It takes time to deploy System Center.  It takes a long time to deploy the entire suite.  So you can imagine that I only ever (if that) have bits of System Center deployed.  That’s why it was great to see that Microsoft’s Rob Willis had written a “hydration” kit to deploy a complete System Center demo environment using PowerShell scripts and XML metadata files called the PowerShell Deployment Toolkit.

I want to stress that word: DEMO.  This kit is not to be used for deploying a production system.  Out of the so-called-box (a zip file really) it deploys an architecture that should never ever be used in production.  It’s designed to be able to run on a laptop (a large one) and it does things that any System Center expert would choke at.  But it will deploy, with very little effort, an environment that is fit for performing demonstrations.

In the zip you’ll find a few files:

  • Variable.xml: This file describes the System Center installation.  You can customize this as required (time zones, domains, passwords, etc) – and that’s probably a good idea after you’ve done a test install to see what the PDT does.
  • Downloader.ps1: This script will download all the some of the required pieces to deploy your System Center suite.  All of them!  The newest version even pulls down the new Windows Azure Pack! You’re going to be manually downloading System Center and Windows Server 2012 R2 as pointed out by Reidar Johansen here.
  • VMCreator.ps1: This script will create the Hyper-V VMs required for your demo environment.
  • Installer.ps1: This script will deploy and configure System Center from your downloads.

Before you ask, yes, the kit does download/install WS2012 R2 and System Center 2012 R2, and all of the dependencies (about 11,000 MB at the time of writing).  It’s a monumental piece of work that should be a time saver for those wanting to quickly build new demo environments.

I’m running this kit for the first time right now.  I’ll blog about my experience as time goes by.