Laurie Rhodes' Info

Architectural Overview

All virtual machine disks are accessible by WebAPI off their underlying Storage volume (either through Storage Account Access or through Snapshot usage with Managed Disks).  In the case of Storage Accounts, a single factor of access exists for retrieval of disk Images from the internet (knowledge of URI and Storage Account key).  Different controls may be implemented to reduce the threat of data loss.  Core to these controls is the requirement for all data to be encrypted at REST. 

Chocolatey is a variation of NuGet server that is freely available in different forms.  NuGet is targeted as a class or library distribution system that allows developers to search for (and install) modules into developed projects.  The variation of Chocolatey allows packages to also run install and uninstall scripts – which transforms the NuGet framework into a fully-fledged package management system. 

Windows Management Framework 5.1 incorporates Chocolatey providers that allow packages to be installed to a Windows system with single-line PowerShell commands.

The PowerShell DSC sequence I’m using to deploy my Windows machines primarily uses script elements although a multitude of other elements (such as WindowsFeature shown below) could be used.  The Pull Server has PowerShell DSC installed as a feature.

With this example, I’m using Server 2016 in Azure against other Azure provisioned systems.

Azure Script Extensions allow end-to-end provisioning of standardised machines by providing a bootstrap mechanism to start configuration.

In the examples below, I am retrieving initial bootstrap scripts from a web server located on my vNet (and addressable in DNS). 

Linux Script Extension

With Linux, I’m using the CustomScriptForLinux.

This method utilises the free utility NuGet Package Explorer to wrap existing software packages for bootstrapping with Cloud provisioning.  These examples use a custom launcher (available on this site) to standatdise install and uninstall interfaces for software packages.  Once packaged, the Chocolatey installers can be installed from a NuGet server using standard PowerShell cmdlines

Package Metadata

This example shows how to join a RedHat 7 EC2 instance to an Active Directory Domain.

Windows Remote Management is a core technology for the remote management and configuration of Windows machines.  WinRM is essential for automating complex Azure and AWS tasks.  This guide will outline how to establish WinRM using SSH and a self-signed certificate.  A certificate issued from a Certificate Authority would be preferable but for the purpose of establishing a test environment, the steps below are enough to get the technology working.

This demonstration is in three parts.

To demonstrate how powerful the IIS Odata extension for PowerShell is, I’ve tweaked the SSH PowerShell module that I published previously for use with Azure Pack.  By doing so, as long as I can connect to my Windows IIS web server, I can relay SSH commands from any other physical environment.

You will need to have setup the Odata IIS server extension as described in http://www.laurierhodes.info/?q=node/111

Service Management Automation is young enough to have a number of quirks that can be frustrating to get around.  One surprising quirk has been with SMA Module Activity Data (i.e. functions) to not appear on all machines consistently.

This module is reworked from the version posted by Eamon O’Reily on the technet gallery.

https://gallery.technet.microsoft.com/scriptcenter/Sample-PowerShell-module-8d961a1c/view/Discussions#content