Windows PowerShell:
Desired State Configuration
Robert Novák, Senior Premier Field Engineer
Microsoft
Agenda
3
• Introduction
• DSC Architecture
• DSC Authoring in Windows Powershell
• DSC Resource
• DSC Operationanl modes
• DSC Push mode
• DSC Pull mode (SMB and HTTP pull server)
• Build-in DSC resources
• DSC in PowerShell 5.0
• Related PowerShell Workshops
What is Windows PowerShell Desired State Configuration (DSC)
4
• new configuration platform introduced in Windows PowerShell 4.0
• enables the deployment and management of configuration data for:
• software services
• the environment in which these services run (ie. infrastructure technologies, components, etc.)
• Key features:
• based on open standards
• cloud-ready
• flexible enough to work reliably and consistently in each stage of the deployment lifecycle:
• development
• test
• pre-production
• production
• scale-out which is required in the cloud world
• is inherently idempotent:
• configuration changes might be deployed repeatedly with the same resulting desired state
• the desired state will be reached by applying the entire configuration, regardless of the current state
• incremental changes can be made and deployed to the configuration over time without fear of putting the systems
into a bad state
Components of DSC technology
5
• simple declarative syntax introduced in the PowerShell language
• used to describe the desired state of an environment
• New keywords:
• Configuration, node
• Windows PowerShell DSC engine (aka. Local Configuration Manager)
• receives the configuration
• applies the configuration
• can correct configuration drift
• can report configuration drift
• Set of new Powershell cmd-lets and functions for management of the
technology:• Start-DscConfiguration Cmdlet
• Update-DscConfiguration Cmdlet
• Get-DscConfiguration Function
• Test-DscConfiguration Function
• Restore-DscConfiguration Function
• Stop-DscConfiguration Function
• Get-DscLocalConfigurationManager Function
• Set-DscLocalConfigurationManager Cmdlet
• New-DscCheckSum Function
• Get-DscResource Function
• Remove-DscConfigurationDocument Function
DSC Authoring in Windows PowerShell
6
1. Windows PowerShell is used as authoring tool
2. Definition of the desired configuration has form of PowerShell script
3. Execution of this PowerShell script creates MOF file
4. MOF file is the native form of DSC definition
DSC Authoring – understanding DSC configuration script
7
DSC resources
8
• building blocks that you can use to write a Windows PowerShell DSC script
• DSC technology comes with a set of built-in resources such as:
• files and folders
• server features and roles
• registry settings
• environment variables
• services and processes
• A DSC resource is provided as a Windows PowerShell module that contains both:
• schema - the definition of the configurable properties for given type of the DSC resource
• defined in a MOF file (or a class in PowerShell 5.0)
• implementation - the code that executes actual configuration transactions specified by a DSC configuration
script
• Contained in a script module (or a class in PowerShell 5.0)
DSC operational modes – push and pull
9
Pull mode• Authoring:
• target computers
identified by Guids
(created during pull mode
configuration)
• Local Configuration Manager
(LCM) on a pull client:
• requests the pull server for
the current configuration
• downloads the
new/updated
configuration
• downloads resources that
the pull client is missing
• performs a compliance
check on the configuration
of the node
• Prerequisites:
• SMB or HTTP pull server
must be configured
• Target computers must be
configured as pull clients
Push mode• Default mode
• Authoring:
• target computers identified
by names
• administrator has to:
• transmit configuration files
to each target node using
the Start-DscConfiguration
cmdlet
• keep track of which
configurations go to with
which nodes
• Prerequisites:
• WinRM must be running
on target node
• Firewall exceptions at
target computers must
allow WinRM
communication (Set-
WSManQuickConfig)
Push mode - default configuration
10
AllowModuleOverwrite : False
CertificateID :
ConfigurationID :
ConfigurationMode : ApplyAndMonitor
ConfigurationModeFrequencyMins : 30
Credential :
DownloadManagerCustomData :
DownloadManagerName :
RebootNodeIfNeeded : False
RefreshFrequencyMins : 15
RefreshMode : PUSH
PSComputerName :
Get-DscLocalConfigurationManager
· how often the DSC consistency engine applies the latest configuration that
was downloaded to the target node
· The default value is 30.
DSC push operational mode – authoring and deployment of configuration workflow
11
DSC Pull mode –SMB and HTTP pull servers
12
SMB Pull server• simple share that contains the DSC configuration documents
(MOF files) generated by DSC configuration scripts
• Accessed by SMB protocol
HTTP Pull server• website in IIS that uses an OData interface to make DSC
configuration files available to target nodes
• TCP port 8080 used by default
• Accessed by HTTP or HTTPS protocol
• Requirements for using a pull server:
• at least WMF 4.0
• IIS server role
• DSC Service feature
• Ideally, some means of generating a certificate, to
secure credentials passed to the LCM on target nodes
DSC Pull mode – configuration of SMB Pull server
13
• Create folder and share on the server that will host SMB pull server role:
DSC Pull mode – configuration of target nodes for SMB pull
14
• DSC Local Configuration Manager
Pull configuration must be pushed
to target computer(s) from
administrator’s workstation
• Unique guid must be generated for:
• every computer with unique
configuration
• every group of computers with
common configuration
DSC SMB Pull – authoring and deployment of configuration workflow
15
If step 4 is not performed the pull node will download new
configuration at time based on the RefreshFrequencyMins value
DSC Pull mode – configuration of HTTP Pull server
16
Requirements for using a pull server:
• Any server with at least WMF 4.0
• Server needs the IIS server role
• Server needs the DSC Service
Setup procedure:
1. Download the xPSDesiredStateConfiguration module from https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio-
417dc71d
2. unzip DSCPullServerConfiguration.zip to the C:\Program Files\WindowsPowerShell\Modules\ folder
3. Dot source run configuration script Sample_xDscWebService.ps1.
. C:\DSC\Sample_xDscWebService.ps1
4. Run configuration function Sample_xDscWebService. This script creates configuration document (MOF file) for local HTTP pull
server and a compliance server:
Sample_xDscWebService -NodeName $env:computername -OutputPath c:\temp -certificateThumbPrint "AllowUnencryptedTraffic"
5. Apply the configuration document (MOF file) to the local server :
Start-DscConfiguration -ComputerName $env:computername -Path "C:\Temp\$($env:computername).mof" -Force -Wait -Verbose
DSC Pull mode – configuration of target nodes for HTTP pull
17
• DSC Local Configuration Manager Pull
configuration must be pushed to target
computer(s) from administrator’s
workstation
• Unique guid must be generated for:
• every computer with unique
configuration
• every group of computers with
common configuration
DSC HTTP Pull mode – authoring and deployment of configuration workflow
18
If step 4 is not performed the pull node will download new
configuration at time based on the RefreshFrequencyMins value
DSC Resource – Group resource
19
DSC Resource – Package resource (MSI)
20
DSC Resource – WindowsProcess resource
21
DSC Resource - registry
22
DSC Resource - WindowsFeature
23
DSC Resource - Service
24
DSC in Windows PowerShell 5.0
25
• Several new features introduced
- New configuration of Local Configuration Manager
- Posibility to implement resource by means of PowerShell classes
- New types of built-in resource
• More than 180 resources available in DSC Resource Kit Wave 10 (released in Februar 2015) for:
Active Directory, Azure VMs, Certificate Services, SQL Server, disk drives, DNS, file shares, Failover
clusters, Internet Explorer, Exchange, web applications, Hyper-V, networking, Just Enough
Administration, DNS, Remote Desktop Services, the System Center products (SCDPM, SCOM,
SCSMA, SCSPF, SCSR, SCVMM),
Related workshops
26
Windows PowerShell 5.0 – Desired configuration management deep dive – 3 days
Windows PowerShell 5.0 – scripting language workshop for beginners - 5 days
Windows PowerShell 5.0 -Advanced topics – 4 days
Windows PowerShell 3.0 - System management using WMI – 4 days
