Azure Automation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15
Video Transcription
00:00
>> Hello Siberians.
00:00
Welcome to Lesson 4.1 of Module 4 of this course
00:00
titled AZ-301: Microsoft Azure Architect Design.
00:00
Here are the learning objectives for this video.
00:00
We'll start out by covering what Azure Automation is.
00:00
That will help our understanding
00:00
of what the service is and what it does.
00:00
We'll then move on to cover
00:00
process automation flow in Azure Automation.
00:00
One of the core capabilities
00:00
of Azure Automation is something
00:00
called process automation,
00:00
which allows us to be able
00:00
to orchestrate repeatable tasks.
00:00
We'll then proceeds to cover
00:00
Azure Automation Hybrid Worker,
00:00
which is a way to extend the functionalities of
00:00
Azure Automation to
00:00
on-premises environment or on-premises datacenters.
00:00
Then finally we'll cover
00:00
Azure Automation DSC to help you to
00:00
understand the capabilities that
00:00
Azure Automation has when it comes to DSC.
00:00
Let's get into this.
00:00
Let's talk about Azure Automation for a while.
00:00
Azure Automation delivers a cloud-based automation
00:00
and configuration service that
00:00
provides consistent management across
00:00
our Azure and non-Azure environment.
00:00
To put that most simply,
00:00
Azure Automation consists of three main feature sets.
00:00
Process automation,
00:00
configuration management, and update management.
00:00
Let's delve into that a bit further.
00:00
The capabilities of Azure Automation.
00:00
Let's take process automation for example.
00:00
Azure Automation provide us the ability to
00:00
automate frequent and time-consuming tasks.
00:00
What that means is that we can
00:00
alter this things called runbooks,
00:00
which are essentially like automation scripts.
00:00
We can alter those with PowerShell
00:00
or with Python and then we can run
00:00
those automation scripts or runbook against
00:00
different resources in Azure or outside Azure.
00:00
Then we go to configuration management.
00:00
This is based on Desired State Configuration,
00:00
which is a service that's been
00:00
around for a while on-premises.
00:00
But beyond that,
00:00
this capability of Azure Automations
00:00
allows us to be able to
00:00
get an inventory about in guest resources or
00:00
resources that are installed on
00:00
different servers either on-premises or on Azure.
00:00
In other words, what is installed on our servers?
00:00
How are they configured?
00:00
Azure Automation allows us to take
00:00
detailed inventory of these.
00:00
But not only that, it provides
00:00
a rich reporting and search capability so that we
00:00
can quickly do compare and contrast
00:00
and we can track changes across different services,
00:00
and demands, and software, and registry,
00:00
and files, and that can help us to
00:00
quickly identify causes of issues.
00:00
Then it also has capabilities for updates management.
00:00
An update management,
00:00
that cuts across Windows and Linux systems.
00:00
It cuts across whether
00:00
the server that we are
00:00
managing the update for is running in Azure,
00:00
whether it's running on-premises
00:00
or whether it's running in other cloud platforms
00:00
>> like Google Cloud Platform or AWS.
00:00
>> What this update management allows us to do is we can
00:00
schedule deployment of updates.
00:00
We can orchestrate the installation of objects.
00:00
We can define maintenance windows,
00:00
and also if an update
00:00
should not be installed on a machine,
00:00
we can exclude that update
00:00
from deployment to those machines.
00:00
It's a nice management tool for managing updates.
00:00
Beyond that, Azure Automation has shared
00:00
resources that we can
00:00
share and we can make use of in a repeatable way.
00:00
For example, Azure automation consists
00:00
of support role-based access control,
00:00
which allows us to be able to control access
00:00
to the account and the resources itself,
00:00
but it also has the ability to
00:00
integrate with SaaS control.
00:00
We can do CICD and automation right across that.
00:00
It allows us to be able to implement schedules
00:00
and be able to use modules and share modules,
00:00
whether it's community modules or
00:00
custom-designed modules and it has a lot of
00:00
that capability of when we create
00:00
the shared resources that then we
00:00
can reuse multiple times.
00:00
It also cut across different environment.
00:00
It's not just limited to
00:00
servers or resources that are running in Azure.
00:00
Azure Automation is designed to work across
00:00
hybrid cloud environment and
00:00
whether it's Windows or Linux it does not matter.
00:00
Let's look in more details at
00:00
process automation as it concerns Azure Automation.
00:00
The first thing we need to do is we need to
00:00
create an Azure Automation account.
00:00
After we create an Azure Automation account,
00:00
then we can alter or we can
00:00
import what are called runbooks,
00:00
which are essentially automation scripts
00:00
within this automation account.
00:00
Those runbooks can either be
00:00
>> PowerShell or Python based.
00:00
>> Then what we can do is we can schedule or manage
00:00
the execution of this runbooks
00:00
against our resources that are running in Azure.
00:00
One of the other advantage is that
00:00
Azure Automation account as
00:00
when it comes to process automation,
00:00
is already shared resources that are available.
00:00
For example, we can create
00:00
certificates for authentication or security,
00:00
we can create connections which may be
00:00
Azure AD identity information or key-value pairs,
00:00
we can create credentials which are
00:00
sensitive information like usernames and password,
00:00
and then we can reuse
00:00
all these information across different runbooks.
00:00
What are some of the common scenarios
00:00
for automation or making use of this service?
00:00
A good example would be to deploy
00:00
VMs across the hybrid environment using runbook.
00:00
We can integrate with tools
00:00
like Jenkins or Azure DevOps to automate
00:00
the building and deployment of resources
00:00
across on-premises or Azure,
00:00
especially phrasing something like also Azure Stack.
00:00
We can configure virtual machines in an automated way.
00:00
Post-deployment configuration,
00:00
it's a good way to implement
00:00
>> Azure Automation to be able to achieve this.
00:00
>> We can use it to monitor
00:00
and identify changes in our machine.
00:00
We talked about one of the capabilities of
00:00
Azure Automation being that capability
00:00
for update management,
00:00
but part of that includes
00:00
a detailed collection on inventory.
00:00
Then we can do protection.
00:00
We can quarantine virtual machine
00:00
if security alert is raised or we can
00:00
automate that to have runbooks that says,
00:00
"If a security alert is detected on a machine,
00:00
it triggers a runbook that can isolate the machine."
00:00
That's a good use case,
00:00
they're security use cases for that.
00:00
Also for governance use cases,
00:00
one of the favorite ones that I've heard of
00:00
is when you spin up a machine or
00:00
a SQL database in Azure that
00:00
can pass an event to Event Grid,
00:00
which triggers an Azure Automation
00:00
runbook that scans the machine and make
00:00
sure that it's configured according to
00:00
the compliance requirement of your organization.
00:00
Now, looking more deeper again
00:00
at that process automation workflow,
00:00
we need to trigger the runbooks
00:00
>> after we've created them.
00:00
>> The different ways
00:00
>> that we can use to trigger a runbook,
00:00
>> we can trigger them from the portal,
00:00
we can trigger them on a schedule,
00:00
we can trigger them using Webhooks,
00:00
we can trigger them using PowerShell or we can even
00:00
do alert triggered runbooks.
00:00
If there's an alert that comes in,
00:00
maybe from another service in
00:00
Azure that triggers a runbook,
00:00
that tries to fix whatever the issue is.
00:00
Then as I mentioned earlier,
00:00
we can run this against our Azure resources.
00:00
But beyond that,
00:00
Azure Automation supports this thing
00:00
>> called Hybrid Worker
00:00
>> that extends the capability of
00:00
Azure Automation to our on-premises datacenters.
00:00
What's this Hybrid Worker thing?
00:00
It's an on-premises server that's run in
00:00
something called Microsoft Management Agent.
00:00
We install this Microsoft
00:00
Management Agent on this on-premises
00:00
server and that will be registered
00:00
against our Azure Automation account.
00:00
This Hybrid Worker will be responsible for
00:00
executing runbooks that are
00:00
downloaded from Azure Automation,
00:00
against our on-premises resources.
00:00
It reports result back
00:00
>> of the execution of the runbooks,
00:00
>> it can report the result back to
00:00
Azure Automation or even into Log Analytics.
00:00
It can be deployed in groups
00:00
for high availability if you want more than one,
00:00
you can have two of them.
00:00
One of the good things about it
00:00
is it does not require you to
00:00
open an additional inbound firewall
00:00
into your environment because it makes
00:00
outbound HTTPS calls and that's
00:00
what's the communication is driven by.
00:00
Let's look a little bit at
00:00
Azure Automation Desired State Configuration.
00:00
For those of you that may be
00:00
familiar with Desired State Configuration,
00:00
essentially you can think of
00:00
Azure Automation Desired State Configuration
00:00
as hosted DSC pull server.
00:00
We have this hosted DSC pull server,
00:00
we don't need to setup a server within our environment.
00:00
We can import our Desired State Configurations
00:00
scripts into this service.
00:00
When we import it into the service,
00:00
we can compound it so that it generates
00:00
the more files and then we can register
00:00
our machines with our on-premises or in
00:00
Azure against this service so that they
00:00
grab their configuration from this service
00:00
>> and then they apply the configuration and it reports
00:00
>> back their compliance status to the service.
00:00
It essentially simplifies that whole DSC process
00:00
of you having to setup your own server,
00:00
it becomes a hosted service essentially.
00:00
This brings me to the end of this lesson.
00:00
Thanks very much for watching,
00:00
and I'll see you in the next lesson.
Up Next