Azure Automation and Update Management

Editor's Notes

• #5: What is Azure Automation? Azure automation delivers a cloud-based automation and configuration service that provides consistent management across your Azure and non-Azure environments Common Scenarios Process Automation – Orchestrate processes using graphical, powershell and Python runbooks Configuration Management – Collect inventory, Track changes, Configure desired state Update Management-Assess compliance, Schedule update installation Shared Capabilities- Role based access control, Secure, global store for variables, credentials, certificates, connections, flexible scheduling, shared modules, source control support , auditing, tags
• #6: Schedule tasks - stop VMs or services at night and turn on during the day, weekly or monthly recurring maintenance workflows. Write runbooks - Author PowerShell, PowerShell Workflow, graphical, Python 2 and 3, and DSC runbooks in common languages. Build and deploy resources - Deploy virtual machines across a hybrid environment using runbooks and Azure Resource Manager templates. Integrate into development tools, such as Jenkins and Azure DevOps. Configure VMs - Assess and configure Windows and Linux machines with configurations for the infrastructure and application. Share knowledge - Transfer knowledge into the system on how your organization delivers and maintains workloads. Retrieve inventory - Get a complete inventory of deployed resources for targeting, reporting, and compliance. Find changes - Identify and isolate machine changes that can cause misconfiguration and improve operational compliance. Remediate or escalate them to management systems. Periodic maintenance - to execute tasks that need to be performed at set timed intervals like purging stale or old data, or reindex a SQL database. Respond to alerts - Orchestrate a response when cost-based, system-based, service-based, and/or resource utilization alerts are generated. Hybrid automation - Manage or automate on-premises servers and services like SQL Server, Active Directory, SharePoint Server, etc. Azure resource lifecycle management - for IaaS and PaaS services. Dev/test automation scenarios - Start and start resources, scale resources, etc. Governance related automation - Automatically apply or update tags, locks, etc. Azure Site Recovery - orchestrate pre/post scripts defined in a Site Recovery DR workflow. Windows Virtual Desktop - orchestrate scaling of VMs or start/stop VMs based on utilization.
• #8: #TO READ CONTENT OF PFX FILE $outFile="akumina_v5.txt" $clearBytes = get-content $pfxFilePath -Encoding Byte [System.Convert]::ToBase64String($clearBytes)| Out-File $outFile http://kaushikghosh12.blogspot.com/2016/08/self-signed-certificates-with-microsoft.html
• #9: RSA=Rivest-Shamir-Adleman CSR=Certificate Signing Request file PEM=Privacy-Enhanced Mail (de facto file format for storing and sending ryptographic keys, certificates and other data) PFX=Personal Information Exchange http://kaushikghosh12.blogspot.com/2016/08/self-signed-certificates-with-microsoft.html Difference between makecert and openssl is that makecert does not create CSP of 24 (The value remains 1) where as openssl does when used pvk2pfx with switch –sy 24
• #10: Can be used as a report-only endpoint WMI=Windows Management Instrumentation Push Mode=Configurations are applied via the Start-DSCConfiguration PowerShell command PullMode=Configurations are stored centrally, and the nodes are configured to pole and pull the configurations from the central location
• #15: WSUS-Windows Server Update Service