Skip to content

Latest commit

 

History

History
86 lines (69 loc) · 4.98 KB

File metadata and controls

86 lines (69 loc) · 4.98 KB

Azure Automation

  • SaaS
  • Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated tasks that are commonly performed in a cloud and enterprise environment
  • Automate processes using runbooks or automate configuration management using Desired State Configuration, in Azure, other cloud services, or on-premises.
  • Schedule processes to be automatically performed at regular intervals
  • Trigger through Azure Portal, Webhooks, PowerShell or Alerts.

Automation sandboxes

  • Runbooks that you run in Azure are executed on Automation sandboxes.
  • They are hosted in Azure PaaS virtual machines.
  • They provide tenant isolation for all aspects of runbook execution – modules, storage, memory, network communication, job streams, etc.
  • This role is managed by the service and is not accessible from your Azure or Azure Automation account for you to control.

Hybrid Runbook Worker (HRW) roles

  • To automate the deployment and management of resources in your local datacenter or other cloud services, after creating an Automation account, you can designate one or more machines to run the Hybrid Runbook Worker (HRW) role.
  • Each HRW requires the Microsoft Management Agent with a connection to a Log Analytics workspace and an Automation account.
  • Log Analytics is used to bootstrap the installation, maintain the Microsoft Management Agent, and monitor the functionality of the HRW
  • The delivery of runbooks and the instruction to run them are performed by Azure Automation.

Automation Account

  • You first create an Automation Account object.
  • It includes following objects to be used with runbooks:
    • Certificates
      • Contains a certificate used for authentication from a runbook or DSC configuration or add them.
    • Connections
      • Contains authentication and configuration information required to connect to an external service or application from a runbook or DSC configuration.
    • Credentials
      • It is a PSCredential object
      • It contains security credentials such as a username and password required to authenticate from a runbook or DSC configuration.
    • Integration modules
      • They are PowerShell modules included
      • Make use of cmdlets within runbooks and DSC configurations.
    • Schedules
      • Schedules start or stop a runbook at a specified time, including recurring frequencies.
    • Variables
      • Contain values that are available from a runbook or DSC configuration.
    • DSC Configurations
      • PowerShell scripts that describes how to configure an operating system feature or setting or install an application on a Windows or Linux computer.
    • Runbooks
      • They are a set of tasks that perform some automated process in Azure Automation based on Windows PowerShell.

Authentication

  • Role-based access control is available with Azure Resource Manager to grant permitted actions to an Azure AD user account and Run As account, and authenticate that service principal.
  • When you create authentication account, it comes with two authentication entities:
    • A Run As account
      • Creates a service principal in Azure Active Directory (Azure AD) and a certificate.
      • Assigns the Contributor role-based access control (RBAC), which manages Resource Manager resources by using runbooks.
    • A Classic Run As account.
      • This account uploads a management certificate, which is used to manage classic resources by using runbooks.
    • You can add your own connection with a certificate or as service principal.
    • For more access to VM you can add extensions to the automation account to e.g. ssh into machine and run a script.

Cross-cloud and regions

  • Azure Automation lives in Azure
    • can run tasks on different platforms
    • but are triggered from Azure Automation.
  • Configured across regions.
  • Allows management and configuration of
    • Azure systems
    • on-premises using Azure Automation Hybrid Worker
    • or systems in AWS, Google Cloud, or any other 3rd party hosting data center using Azure Automation Agent.

Configuration Management

  • Typical flow: You provision/manage infrastructure through bootstrap agents that customizes VMs.
  • You can also use infrastructure automation tools such as Chef and Puppet in Azure:

Chef

  • Automation platform that helps define how your infrastructure is configured, deployed, and managed.
  • Additional components includes:
    • Chef Habitat for application lifecycle automation
    • Chef InSpec helps automate compliance with security and policy requirements.
  • Chef Clients are installed on target machines, with one or more central Chef Servers that store and manage the configurations.

Puppet

  • Handles the application delivery and deployment process.
  • Agents are installed on target machines to allow Puppet Master to run manifests that define the desired configuration of the Azure infrastructure and VMs.
  • Puppet can integrate with other solutions such as Jenkins and GitHub for an improved devops workflow.