1.1 The Infrastructure-As-Code Practice

• In the Infrastructure-as-Code practice, you define the infrastructure (that needs to be deployed in support for your solution) declaratively in code using some sort of domain-specific language (DSL)
  • Azure cloud’s Resource Manager templates (ARM templates) are infrastructure-as-code declarative configuration files written in JSON; we will review ARM templates in a later lecture module
• The infrastructure-defining code becomes part of your project similarly to how you treat your application code
  • For example, just like your application code, you store the infrastructure-defining code in a source repository and version it

1.2 How Can Automation Help?

• Automation can help simplify your solution deployment management and make the process reliable, consistent, and verifiable
• Automation’s main focus is on frequent, human error-prone, and lengthy management tasks achieving this through the infrastructure-as-code approach
• Automation gives you complete control during deployment, operations, and decommissioning of enterprise workloads and resources with assurances that the infrastructure is in a known and reliable state
• Through automation, you can:
  • Save operational time and reduce costs
  • Enforce solution governance
  • Ensure compliance
  • Support DevOps practices

Notes:

As infrastructure becomes part of your solution delivery iterative process, the division between Ops and development will start to gradually disappear.

1.3 Azure Automation

• Azure Automation [https://docs.microsoft.com/en-ca/azure/automation/] is a cloud-based automation solution that supports process automation, configuration management, update management, shared capabilities, and heterogeneous features
• Automation on Azure is supported through these capabilities:
  • Configuration management, including support for script authoring, automatic VM configuration updates
  • Schedule and execute deployments
  • OS updates and patching for Windows ® and Linux
  • Cross-system orchestrate
• Supports Azure and non-Azure environment integration
• With Azure automation there is no upfront costs or termination fees — you only pay for what you have used
  • For Azure Automation prices, visit https://azure.microsoft.com/en-us/pricing/details/automation/

1.4 Azure Automation at a Glance

Source: https://docs.microsoft.com/en-ca/azure/automation/overview

1.5 Common Automation Scenarios

• Azure Automation documentation lists the following common automation scenarios:
  • Schedule tasks – stop VMs or services at night and turn on during the day, weekly or monthly recurring maintenance workflows.
  • Write runbooks – Author PowerShell, PowerShell Workflow, graphical, Python 2 and 3, and DSC runbooks in common languages.
  • Build and deploy resources – Deploy virtual machines across a hybrid environment using runbooks and Azure Resource Manager templates. Integrate into development tools, such as Jenkins and Azure DevOps.
  • Configure VMs – Assess and configure Windows and Linux machines with configurations for the infrastructure and application.
  • Retrieve inventory – Get a complete inventory of deployed resources for targeting, reporting, and compliance.
  • Find changes – Identify and isolate machine changes that can cause misconfiguration and improve operational compliance. Remediate or escalate them to management systems.
  • Periodic maintenance – to execute tasks that need to be performed at set timed intervals like purging stale or old data, or reindex a SQL database.
  • Respond to alerts – Orchestrate a response when cost-based, system-based, service-based, and/or resource utilization alerts are generated.
  • Hybrid automation – Manage or automate on-premises servers and services like SQL Server, Active Directory, SharePoint Server, etc.
  • Azure resource lifecycle management – for IaaS and PaaS services.
  • Dev/test automation scenarios – Start and start resources, scale resources, etc.
  • Governance related automation – Automatically apply or update tags, locks, etc.
  • Azure Site Recovery – orchestrate pre/post scripts defined in a Site Recovery DR workflow.
  • Windows Virtual Desktop – orchestrate scaling of VMs or start/stop VMs based on utilization.

1.6 Service Integration Mechanism

• Azure Automation employs serverless run-books that help integrate Azure and hybrid solutions
• Developers can visually create run-books using PowerShell or Python to integrate Azure and publicly available services for deployment, configuration and management of your cloud solutions
• The process automaton operating environment overview can be found here: https://docs.microsoft.com/en-ca/azure/automation/automation-runbook-execution

1.7 Webhooks

• Azure webhooks [https://docs.microsoft.com/en-ca/azure/automation/automation-webhooks] allow developers to process incoming requests and ensure continuous delivery and operations by triggering automation from:
  • Azure Logic Apps, Azure Function, ITSM product or service, DevOps, and monitoring systems
• The example on the next slide shows a typical webhook-based automation solution that is triggered by an external HTTP request

1.8 Example of Using a Webhook

Source: https://docs.microsoft.com/en-ca/azure/automation/automation-webhooks

1.9 Configuration Management

• Azure Automation supports configuration management through:
  • Change Tracking and Inventory
    • Used for change tracking across Linux and Windows ® VMs to prevent unwanted changes and raise alerts
    • For more details, visit https://docs.microsoft.com/en-ca/azure/automation/change-tracking/overview
  • Azure Automation State Configuration
    • A cloud-based feature for desired state configuration (DSC) written as PowerShell scripts that can be used to apply configurations to virtual or physical machines from a DSC pull server in the Azure cloud
    • For DSC overview, visit https://docs.microsoft.com/en-ca/azure/automation/automation-dsc-overview

Notes:

DSC configurations are PowerShell scripts that define a special type of function. To define a configuration, you use the PowerShell keyword Configuration.

Example of a DSC script (https://docs.microsoft.com/en-us/powershell/scripting/dsc/configurations/configurations?view=powershell-7.1):

Configuration MyDscConfiguration {
    Node "TEST-PC1" {
        WindowsFeature MyFeatureInstance {
            Ensure = 'Present'
            Name = 'RSAT'
        }
        WindowsFeature My2ndFeatureInstance {
            Ensure = 'Present'
            Name = 'Bitlocker'
        }
    }
}
MyDscConfiguration 

1.10 Azure Automation Shared Capabilities

• Include:
  • Shared resources,
  • Role-based access control (RBAC),
  • Scheduling,
  • Source control integration,
  • Auditing, and
  • Tagging

1.11 Shared Resources

• To facilitate the automation effort, Azure Automation offers a number of shared resources, including:
  • Schedules
    • To trigger automation operations at predefined times
  • Modules
    • Microsoft, third-party, community, and custom-defined cmdlets and DSC resources
  • Python 2 and 3 packages
    • Python 2 and 3 runbooks
  • Credentials and Certificates
  • Connection information
    • You define connections in runbooks and configurations for use at runtime in modules
• For more information, visit https://docs.microsoft.com/en-ca/azure/automation/overview#shared-resources

1.12 Azure Automation Compliance Certifications

Source: https://azure.microsoft.com/en-ca/services/automation/#features

Notes:

For a complete list of Microsoft compliance certifications, visit https://docs.microsoft.com/en-us/compliance/regulatory/offering-home?view=o365-worldwide

1.13 Azure Command-Line Options

• You can interface with the Azure cloud for the purposes of resource management and automation using two flavors of command-line interface:
  • Microsoft PowerShell that comes with Azure-centric cmdlets, and/or
  • Bash-based command-line interface (referred to in Azure documentation as CLI) offered through the az tool
• Both command-line shells can be installed locally and used to remotely connect to your Azure cloud
• The Azure portal comes with the built-in Cloud Shell environment that offers a choice of either command-line interface

1.14 Extending Azure Automation

• Azure automation can be extended with additional features and products, such as
  • security, and
  • backup services

1.15 Summary

• Automation is a critical activity to ensure consistent and repeatable deployment and management of cloud resources
• One of the methods supporting successful automation activities is the Infrastructure-as-Code practice
• Azure Automation offers a wide range of capabilities to support cloud-solution delivery automation