AZURE AUTOMATION INVADES YOUR DATA

CENTREKIERAN JACOBSEN

READIFY

WHO AMI I

• TECHNICAL LEAD AT READIFY• INTERNAL AND CUSTOMER INFRASTRUCTURE• BIG FAN OF AUTOMATION

AGENDA

• AZURE AUTOMATION• AZURE WORKER LIMITATIONS• HYBRID WORKERS, GROUPS, LIMITATIONS• AZURE AUTOMATION AUTHORING TOOLKIT• WEB HOOKS

AUTOMATION CAN MEAN MANY THINGS

• CLOUD SERVICE AUTOMATION• INFRASTRUCTURE AUTOMATION• PROCESS AUTOMATION

AZURE AUTOMATION

• MANAGED SERVICE• AZURE AND CLOUD FOCUS• BACKED BY POWERSHELL• DR, HA, PROVISIONING, MONITORING, PATCHING, BACKUPS• HIGHLY AVAILABLE

CONCEPTS

• ACCOUNT• RUNBOOKS• ASSETS• JOBS• WORKERS

DEMONAVIGATING AZURE AUTOMATION

AZURE WORKER LIMITATIONS

• LIMITED TO SPECIFYING WHICH AZURE REGION• NO CONTROL OVER IP ADDRESS

• TRACEABILITY• FIREWALLS

• LIMITED CONTROL OVER MAKE UP OF AZURE WORKER

HYBRID WORKERS

• RUNBOOKS RUNNING WITHIN YOUR DC• REQUIRE OPERATIONS MANAGEMENT SUITE WITH AUTOMATION

SOLUTION/PLUGIN• SUPPORT SCRIPT, WORKFLOW AND GRAPHICAL RUNBOOKS• NO INBOUND FIREWALL REQUIREMENTS

DEMOYOUR FIRST HYBRID JOB

HYBRID WORKER GROUPS

• COLLECTIONS OF WORKERS• RUNBOOKS ARE EXECUTED AGAINST GROUPS• IDEAL FOR PROVIDING HA• SHARE “RUN AS” PERMISSIONS

DEMORUNNING A RUNBOOK ACROSS MULTIPLE WORKERS

& CONFIGURING “RUN AS”

HYBRID WORKER LIMITATIONS

• MODULE DEPLOYMENT• EXECUTION CONTEXT• NO SIMPLE FILE OR EVENT TRIGGERS• NO PRIORITISATION OF WORKERS IN A GROUP• DOCUMENTATION

AZURE AUTOMATION AUTHORING TOOLKIT

• MANAGE AZURE AUTOMATION ACCOUNTS FROM ISE• CREATE, EDIT AND MODIFY RUNBOOKS AND ASSETS• AVAILABLE FROM THE POWERSHELL GALLERY HTTPS://

WWW.POWERSHELLGALLERY.COM/PACKAGES/AZUREAUTOMATIONAUTHORINGTOOLKIT

DEMOUSING THE AZURE AUTOMATION AUTHORING TOOLKIT

WEB HOOKS

• START JOBS FROM HTTP REQUESTS• IDEA FOR APPLICATION AND 3RD PARTY INTEGRATION• GREAT FOR STARTING JOBS IF AZURE CMDLETS ARE NOT INSTALLED• RUNBOOKS MAY NEED MODIFICATIONS TO RUN FROM WEBHOOKS

DEMOINTEGRATING WEB HOOKS

LINKS

• BLOG: HTTP://POSHSECURITY.COM • TWITTER: @KJACOBSEN• RUNBOOKS FROM THIS PRESENTATION: HTTPS://

GITHUB.COM/POSHSECURITY/POSHSECURITYAZUREAUTOMATION • HYBRID WORKERS:

HTTPS://AZURE.MICROSOFT.COM/EN-US/DOCUMENTATION/ARTICLES/AUTOMATION-HYBRID-RUNBOOK-WORKER/#

• WEB HOOKS: HTTP://BLOG.CORETECH.DK/JGS/AZURE-AUTOMATION-USING-WEBHOOKS-PART-1-INPUT-DATA/

• AZURE AUTOMATION AUTHORING TOOLKIT: HTTPS://WWW.POWERSHELLGALLERY.COM/PACKAGES/AZUREAUTOMATIONAUTHORINGTOOLKIT