service management automation (sma) from zero to hero

Service Management AutomationFrom zero to hero….

Michael RüefliCloud Architect @itnetx gmbh (CH)Email: michael.rueefli@itnetx.chBlog: www.miru.chTwitter: @drmiru

What I am focused on…

Agenda

Why SMA?SMA architecture and conceptsInstallation and configurationBasics on PowerShell workflowsRunbook NestingAbout Modules / Integration with other systemsAuthoring / Debugging / LoggingCurrent limitationsNotes from the field / best practiceUseful resources to get started

So which one to go for?

SC Orchestrator

SMA

Better together ?

Why go for SMA?

Consistent author experienceRunbooks can be authored and tested exernally Very flexible, very scalableLightweight infrastructure64Bit Architecture Because we all love Powershell and its ecosystem

SMA Architecture

SMA Solution StackWAP Admin

Portal

REST APIWeb Service

WorkerWorkerWorker

SMA DB

SCOM

SCSMSCCM

SCVMM

SCORCH

SMA Web Service &Runbook Worker

Admin Portal

Typical Enterprise DeploymentPortal and Web Service Load BalancedMultiple Workers for Load DistributionHA SQL DBAlwaysOn or WFC

SMA Web Service &Runbook Worker

Admin Portal

SQL Always On SQL Always On

Installation(1) WAP Admin Portal via Web Platform Installer

Admin SiteAdmin Auth SiteAdmin APIPowershell APITenant API

(2) SMA Powershell Module via SCORCH Media(3) Web Service / Runbook Workers via SCORCH Media(4) Update to current Rollup Pack 2

DEMOSMA Deployment

Administration

How…Web-based runbook authoringSMA Powershell ModuleoDATA REST API

What…Powershell workflowsManage runbooks and jobsHistorical job state, output and debug info

SMA Object TypesRunbooksJobsAssets

Connection ObjectsVariablesPS CredentialsSchedules

Output Streams

PowerShell Workflows

About_Powershell_WorkflowsCode looks like a Function

Compiled on the fly into XAML code for WWF, executed by WWF engine

Limited CMDLET support (but we have inline scripts)

Support for selective parallel / sequential executions

Support for checkpoints / resumes

Powershell Workflow AnatomyParameter Block

Get Connection Info

Inline Script

Variable / Parameter Scoping3 Scopes (Workflow, InlineScript, PS Remote Session)$USING passes Variable from WF to InlineScriptPS Remoting not available as native WF action

Has to be invoked within an InlineScriptVariables from root scope to be re-instantiated

Alternative: Use -PSComputerName for InlineScript remoting

Variable / Parameter Scoping

VS.

DEMOCreating Runbooks

Runbook nestingINLINE (Synchronous call of child runbook)

Pro• Parent and child run in the same job

context• Parent waits for completion• Exceptions and output stream from

child directly available to parent• Supports complex input parameters

Con• Parallel execution can be limited• Child runbook must be published

before the parent runbook• Care has to be taken when naming

child runbooks to prevent conflicts with CMDLETs

Runbook nestingEXTERN (Aynchronous call of child runbook via Web Service)

Pro• Parent and child run in different job

context, allows parallel spin offs• Supports calling of runbooks from

other SMA instances

Con• Getting return data from child

runbooks is not straight forward• Input parameters have to be

«primitive» to survive the JSON serialization through web service

External Systems Integration

PS Modules <-> SCORCH IPsSCORCH uses Integration PacksSMA uses PowerShell ModulesImport PS Modules into SMAPortable Modules for complex code

DEMO Practical Example:Hyper-V Replica Management

Current Limitations• Multi Tenancy for SMA Admin Portal• No Access to SMA from Tenant Portal• Delegation for Assets and Runbooks to Tenants and

Admins• Selection of specific Runbook Worker when

executing / calling Runbooks• Limited Schedule Options

Notes from the field

Field Notes: Debugging / LoggingVerbose / Debug / Progress output per runbook

Use Progress / Debug options with caution (DB growth)Use write-verbose instead of write-outputProper use of try {} Catch {} blocksPrefer logging of proper errors instead of "throwing" exceptionsLog to a central location for simplified troubleshootingUse a custom PS Module for Error Logging and call it within RBs

Field Notes: Runbook Authoring• Name WFs like CMDLETs, respect approved Verbs

http://msdn.microsoft.com/en-us/library/ms714428(v=vs.85).aspx

• Name WFs with a custom prefix (prevent future conflicts)

• Follow general SCORCH Runbook authoring guidelineshttp://blogs.msdn.com/b/microsoft_press/archive/2013/09/18/free-ebook-system-center-designing-orchestrator-runbooks.aspx

• Use proper tagging, multiple tags can help with grouping

• Use Community SMA Module for external authoring in ISEhttp://blogs.technet.com/b/orchestrator/archive/2014/03/27/authoring-sma-runbooks-in-the-powershell-ise.aspx

Field Notes: Security• Do not assign high privileges to Worker Service

Account

• User SMA connection- / credendial-objects instead

• Use dedicated credentials for different target systems

• Do not use clear text passwords in Runbooks

Useful ResourcesSMA White Paper V1.03http://gallery.technet.microsoft.com/Service-Management-fcd75828

Building Clouds Bloghttp://blogs.technet.com/b/privatecloud

System Center Orchestrator Bloghttp://blogs.technet.com/b/orchestrator

Powershell Workflows introductionhttp://blogs.technet.com/b/heyscriptingguy/archive/2012/12/26/powershell-workflows-the-basics.aspx

WIN A TICKET FOR SCU EUROPE17. – 19. SEPT. 2014BASEL (SWITZERLAND)Question:Within a PS Workflow, non-native Workflow actions can be executed inside an

…………….

THANK YOU!

Michael RüefliCloud Architect @itnetx gmbh (CH)Email: michael.rueefli@itnetx.chBlog: www.miru.chTwitter: @drmiru