Posted on behalf of Ravi Kiran Chintalapudi, Senior Program Manager, Automation & Integration
In this blog, I will discuss why Automation Assets are available in Service Management Automation (SMA) and how they add value to Windows PowerShell. . For details on how to create and use assets in SMA, please see http://technet.microsoft.com/en-us/library/dn457809.aspx
This blog will cover the following topics:
The Assets page in SMA displays the various resources that are globally available to be used in or associated with a runbook. All Asset management tasks can be completed from this page; management tasks include commands to import an integration module, add a new asset, or delete an asset. Assets include variables, schedules, credentials, and connections.
High-level definition of the Automation assets and settings:
Asset – A dependency one or more runbooks rely on. This could be an integration module, credential, schedule, connection, certificate, or variable.
Setting – An asset that contains one or more pieces of information that are used within a runbook by one or more activities. Credentials, connections, certificates, and variables are settings. The other two asset types – integration modules and schedules, are not.
Variables are values that are available to all runbooks. They can be created, modified, and retrieved from the Windows Azure Pack management portal, using the SMA PowerShell cmdlets, or from within a runbook. They can be used in runbooks to define frequently-used values that span processes, such as directory paths to common files, server names, or other strings. Variable settings store string, Boolean, integer, or date and time information that can then be used in a runbook, they can also be encrypted
Connections define the information required to connect to an external service or application from a runbook. Connections are instances of connection types – connection types define the fields needed to connect into an external system. For example, to connection into Azure, one needs a subscription id and certificate. The Azure connection type defines that this data is needed. A connection type is defined in the integration module for the external system the module connects to, and allows you to specify the fields for a connection of this type, and for each field, the type, whether it is optional, and whether it should be encrypted. The properties for a connection are stored securely in the SMA database and can be accessed in the runbook with the Get-AutomationConnection activity. This information can then be used with the application’s cmdlets to make required connections.
There are two types of credential assets in SMA. A PSCredential credential is a user name and password combination, while a Certificate credential stores a certificate. The properties for either type of credential are stored securely in the SMA database and can be accessed in the runbook with either the Get-AutomationPSCredential or Get-AutomationCertificate activity.
Automation uses schedules to start a runbook automatically. It can be a single date and time for the runbook to run once, or a recurring schedule to start the runbook multiple times.
The following section talks about the challenges you would face if Automation Assets were not available and the benefits that Assets provide when used in runbooks.
Challenge: Without variables, you would need to come up with creative alternatives such as using files, databases or other external mechanisms to exchange or share information between runbooks. This can be challenging because you have to establish your storage mechanisms and communication protocols, which can be complicated and cumbersome.
Automation solution: Automation variables are created to
· Share a value between multiple runbooks.
· Share a value between multiple jobs from the same runbook.
· Manage a value from the management portal for administrators or from the Windows PowerShell cmdlets that are used by runbooks.
Challenge: Automation in Windows Azure Pack provides the ability to integrate with external systems. In order to connect with external systems, users have to find a way to provide all the data necessary; for example, username, password, port numbers, and protocols for connecting to external systems. Some of the challenges are:
· Different systems require different types of data. For example, URLs, port numbers, protocols
· Passing that connection data into the runbook.
o Users can pass the connection data as runbook parameter and problem is that is they have to enter every time that the runbook is executed. This also means the runbook operator has to know the values themselves, which they may not. Other challenge is that they have to provide this data which is not grouped together (pass separate parameters)
o Other option is to provide variable or set of variables for each piece of connection data. This mitigates the first problem of entering the data every time, but still has problems of grouping the data together to make it easy for the runbook author to know which variables to use for each other for this specific connection
· When the data is separate, not referenced globally, and not grouped together, any change in the connection data value, for example when a password is change to comply with security policy, have to be replicated in all the places where that data is used (parameters, variables, multiple runbooks, and so on).
Automation solution: The Connection asset type:
· Groups the connection data necessary to connect to external system into a single object so that it can be accessed by Runbooks easily
· Provides a template describing how a connection for a certain system should look like so that users can use this template when defining the connection to this system. Allows you to change to the connection data in single place without having to replicate the change everywhere (in variables, runbooks, and so on). In other words, connection allows someone who does know this secure information to set it up so that others may use that info without having to hunt for it, potentially in multiple places.
Challenge: A runbook often needs to connect to external systems and that requires credentials. Without the Credentials asset type, you would have to find some other way to pass credentials to runbooks, and you would also have to keep them secure. This might not be a trivial problem to solve by inventing different mechanisms.
Automation solution: Automation provides a unified way and secure way to pass credentials to runbooks.
Challenge: Automation is most useful when there is no manual intervention and it is often desirable to run runbooks on a repeating schedule. Without a Schedule asset type, you would have to run this manually or invent a mechanism to automatically trigger runbooks.
Automation solution: Automation provides the ability to start your runbooks a single time or on a recurring schedule.
In order to provide high availability of workflow execution, the Automaton feature in Windows Azure Pack executes PowerShell code in different PowerShell sessions, in different processes, and even on different machines. It could be both complex and challenging to replace SMA Assets with regular mechanisms available in a pure PowerShell workflow. Use Automation Assets to:
• Centralize the management of assets
• Share assets (variables, connections, and credentials) between jobs. In Windows PowerShell you can do this, but have to invent your own mechanism.
• Securely manage credentials
• Schedule runbooks
• Runbooks are dependent on modules, and modules imported into SMA will be automatically placed on all workers so you don’t have to do this manually.
In these examples, you will find how to access the Automation assets/settings in runbooks. For Windows PowerShell cmdlets to create and manage Automation assets from the SMA PowerShell module, which you can use both in runbooks and in regular PowerShell, please see http://technet.microsoft.com/en-us/library/dn457809.aspx.
The activities in the following table are used to access variables in a runbook.
Retrieves the value of an existing variable.
Creates a new variable or sets the value for an existing variable.
$server = Get-AutomationVariable –Name ‘ServerName’
Set-AutomationVariable –Name ‘ServerName’ –Value $server
The activities in the following table are used to access credentials in a runbook.
Gets a certificate to use in a runbook.
Gets a username/password to use in a runbook
$credential = Get-AutomationPSCredential –Name ‘MyCredential’
$certificate = Get-AutomationCertificate –Name ‘MyCertificate’
Gets a connection to use in a runbook
$connection = Get-AutomationConnection –Name ‘MyConnection’
Do-Something –Connection $connection
How can we test the SMA runbooks in PowerShell ISE? Currently it takes a long time us to test the runbooks because we dont have the same functionality in PowerShell ISE eg. Get-AutomationPSCredential etc. And if I write the workflow in PowerShell ISE, then it actually behaves differently in SMA.