Managing and Maintaining a Microsoft-based Server Infrastructure

  • 7/31/2014
Contents

Objective 1.3: Plan and implement automated remediation

This objective covers how to:

  • Create an update baseline in Virtual Machine Manager
  • Implement a Desired Configuration Management (DCM) baseline
  • Implement Virtual Machine Manager integration with Operations Manager
  • Configure Virtual Machine Manager to move a VM dynamically based on policy
  • Integrate System Center 2012 R2 for automatic remediation into your existing enterprise infrastructure
  • Design and implement a Windows PowerShell Desired State Configuration (DSC) solution

Creating an update baseline in VMM

Update baselines are used to manage updates within a VMM fabric. For example, a virtual machine can be compared to the update baseline and, if found to be out of compliance with that baseline, the virtual machine can be remediated and brought into compliance.

When VMM is configured with a WSUS server and synchronization is complete, two sample update baselines will be created. These samples can be found within the Update Catalog And Baselines area of the Library workspace, shown in Figure 1-6.

FIGURE 1-6

FIGURE 1-6 Sample baselines in VMM

When working with baselines, you can use one of the existing sample baselines or create a new one. This section looks at creating a new baseline in VMM.

An update baseline is created in the Update Baselines area of the Library workspace. Within that area, selecting Baseline from the Create group opens the Update Baseline Wizard. In the Update Baseline Wizard, you first specify a name and optionally a description, as shown in Figure 1-7.

FIGURE 1-7

FIGURE 1-7 Entering a name to create a new baseline

Next, you select the updates that will be included in this baseline. For this example, a single update has been selected, as shown in Figure 1-8, but you could select more updates by clicking Add.

FIGURE 1-8

FIGURE 1-8 Selecting updates for the baseline

Finally, you select the scope to which the baseline will apply. This is accomplished within the Assignment Scope page, shown in Figure 1-9, where All Hosts has been selected.

FIGURE 1-9

FIGURE 1-9 Choosing an assignment scope

Once complete, the summary page will display, and clicking Finish will start the jobs for baseline creation. The newly created baseline will be shown in the VMM console, as depicted in Figure 1-10.

FIGURE 1-10

FIGURE 1-10 The newly created update baseline

You also have the option to create a baseline using Windows PowerShell. The relevant cmdlets include:

  • New-SCBaseline Creates the new baseline and assigns it a name and a description
  • Set-SCBaseline Changes parameters such as the host group and update list to the baseline

When using the Update Baseline Wizard, the final step enables you to view the scripts that will be run as part of the VMM job. The script that was executed to create the Adventure Works Baseline example is shown here:

$baseline = New-SCBaseline -Name "Adventure Works Baseline" -Description ""
$addedUpdateList = @()
$addedUpdateList += Get-SCUpdate -ID "7254a3fc-98db-4ca6-ad3f-3bf095de0bc8"
$scope = Get-SCVMHostGroup -Name "All Hosts" -ID "0e3ba228-a059-46be-aa41-2f5cf0f4b96e"
Set-SCBaseline -Baseline $baseline -AddAssignmentScope $scope -JobGroup
"c1477221-a4a0-4c4f-82ef-e502b46a517f" -RunAsynchronously
Set-SCBaseline -Baseline $baseline -RunAsynchronously -AddUpdates $addedUpdateList -JobGroup
"c1477221-a4a0-4c4f-82ef-e502b46a517f" -StartNow

MORE INFO: Update Baselines

See http://technet.microsoft.com/library/gg675110.aspx for more information on creating update baselines in VMM.

Implementing a Desired Configuration Management (DCM) baseline and automatic remediation

DCM baselines are used in Configuration Manager to ensure compliance for a variety of configuration settings. This section focuses primarily on the exam objective of implementing DCM. DCM provides assessment of managed computers against desired or known-good configurations, for example, whether an update has been applied. This section looks at both the implementing DCM subobjective as well as the automatic remediation subobjective contained within the overall “Implement Automated Remediation” exam objective.

MORE INFO: Understanding DCM

See http://technet.microsoft.com/en-us/library/bb680553.aspx for an overview of DCM.

DCM baselines are configured within the Assets and Compliance workspace within Compliance Settings, Configuration Baselines. Clicking Create Configuration Baseline opens the Create Configuration Baseline dialog box. Within the Create Configuration Baseline dialog box, you enter details of the baseline to be created, as shown in Figure 1-11.

FIGURE 1-11

FIGURE 1-11 Creating a desired configuration baseline

A configuration baseline applies one or more configuration items, other configuration baselines, or software updates. The example shown in Figure 1-11 uses a previously defined configuration item, which was added through the Configuration Items page of the Compliance Settings area in Configuration Manager.

Once a configuration baseline is created, it needs to be deployed. This is accomplished by selecting Deploy within the Configuration Baselines area. Clicking Deploy opens the Deploy Configuration Baselines dialog box shown in Figure 1-12. You can select the Remediate Noncompliant Rules When Supported option, select the Generate An Alert option, and specify a schedule for the baseline to be deployed. The deployment will apply to the collection that you select within this dialog box.

FIGURE 1-12

FIGURE 1-12 Preparing to deploy a configuration baseline

In addition to configuring automatic remediation through host groups, you can also configure automatic remediation within a configuration item or within the deployment of a configuration baseline. For example, Figure 1-13 shows the Edit Rule dialog box for a configuration item on the Compliance Rules tab. Note the Remediate Noncompliant Rules When Supported option is selected.

FIGURE 1-13

FIGURE 1-13 Editing a compliance rule of a configuration item

Implementing VMM integration with Operations Manager

Virtual Machine Manager can be integrated with Operations Manager. Integrating VMM and Operations Manager involves configuring both the Operations Manager server and the server running VMM.

EXAM TIP

tip.jpg

Windows PowerShell 2.0 is required for System Center 2012, and Windows PowerShell 3.0 is required for System Center 2012 SP1 and System Center 2012 R2.

The first step in integration is to install the Operations Manager console on the VMM server. This is accomplished by using the Operations Manager Setup Wizard and selecting the Operations Manager console as the component to be installed.

MORE INFO: Installing the Operations Manager Console

See http://technet.microsoft.com/en-us/library/hh298607.aspx for information on installing the Operations Manager console.

The next step in integrating VMM and Operations Manager is to install the agent on the server running VMM and on any virtual machines under its control. Many times this step has already been done as part of the Operations Manager rollout. However, if the Operations Manager agent hasn’t yet been installed, do so as part of the integration implementation.

The Operations Manager agent can be installed manually or through an automated means, such as the native Operations Manager discovery process. Once installed, you should verify that the VMM server and its virtual machines can be seen from within the Operations Manager console.

MORE INFO: Installing the Operations Manager Agent

See http://technet.microsoft.com/en-us/library/hh551142.aspx for more information on methods to install the Operations Manager agent.

The next installation-related step is to import the appropriate management packs into Operations Manager. The necessary management packs include:

  • Windows Server Internet Information Services 2003
  • Windows Server 2008 Internet Information Services 7, including Windows Server 2008 Operating System (Discovery) and the Windows Server Operating System Library, which are prerequisites
  • Windows Server Internet Information Services Library
  • SQL Server Core Library

NOTE: About the Prerequisites

These seemingly outdated prerequisites are still necessary even though the Operations Manager and VMM servers are running Windows Server 2012 with Internet Information Services 8.0.

Integration of VMM and Operations Manager is accomplished from the VMM server, specifically in the Settings workspace of the VMM console. Within the Settings workspace, selecting System Center Settings reveals the Operations Manager Server, as shown in Figure 1-14.

FIGURE 1-14

FIGURE 1-14 Viewing System Center settings

With Operations Manager Server selected, click Properties to start the Add Operations Manager Wizard, shown in Figure 1-15.

FIGURE 1-15

FIGURE 1-15 The Add Operations Manager Wizard

The Connection to Operations Manager page, shown in Figure 1-16, enables you to enter the server name and credentials, and to select the Enable Performance And Resource Optimization (PRO) and Enable Maintenance Mode Integration With Operations Manager options.

FIGURE 1-16

FIGURE 1-16 Adding details of the integration

The Connection to VMM page, shown in Figure 1-17, is where you specify credentials to be used by Operations Manager when connecting to VMM.

FIGURE 1-17

FIGURE 1-17 Specifying Operations Manager credentials

A summary page shows a summary of the configuration about to take place. When you click Finish, a job will begin the integration by installing the VMM management pack on the Operations Manager server.

Like other operations, integrating with Operations Manager can be accomplished through PowerShell. The New-SCOpsMgrConnection cmdlet can be used to add the connection.

MORE INFO: The New-SCOpsMgrConnection cmdlet

See http://technet.microsoft.com/en-us/library/hh801397.aspx for more information on the New-SCOpsMgrConnection cmdlet.

Configuring VMM to move a virtual machine dynamically based on policy

This section provides a brief overview of automated migration of virtual machines using dynamic optimization.

Dynamic optimization enables virtual machines to be migrated between hosts in a host group based on load and other factors. Figure 1-18 shows the Dynamic Optimization page for a host group.

FIGURE 1-18

FIGURE 1-18 Configuring dynamic optimization in Virtual Machine Manager

By default, dynamic optimization rules will be inherited from the parent host group. (This option is not selected in Figure 1-18 to better illustrate the available options.) Dynamic optimization can be configured for manual migrations or automatic, as is depicted in Figure 1-18. Manual migrations are the default option, but when configured for automatic migrations, 10 minutes is the default frequency for dynamic optimization.

MORE INFO: Dynamic Optimization

See http://technet.microsoft.com/en-us/library/gg675109.aspx for more information on dynamic optimization.

Designing and implementing a Windows PowerShell Desired State Configuration solution

Desired State Configuration (DSC) is a new feature found in Windows PowerShell that enables scripting of configuration data. This configuration data can then be shared across servers to ensure consistency and promote ease of administration. For example, with DSC you can create a script that assists in deployment of web servers or other servers within the organization.

EXAM TIP

tip.jpg

DSC is new with Windows Server 2012 R2.

The DSC service enables a server to act as a centralized repository for configuration scripts. When designing a DSC implementation for the enterprise, consider placing the DSC service server geographically close to the computers that will pull from it. Even though the configuration scripts themselves are small, you can store additional resources on the DSC service server, which could place a measurable load on resources.

DSC scripts are defined with the Configuration keyword and frequently written using Windows PowerShell Integrated Scripting Environment (ISE), as shown in Figure 1-19.

FIGURE 1-19

FIGURE 1-19 Creating a DSC script in Windows PowerShell ISE

Once created, the script is run from within the ISE and then enacted from within the ISE command prompt by typing the script name. Doing so creates Microsoft Operations Framework (MOF) files for each node identified in the script. For example, the following script (also shown in Figure 1-19) ensures that there’s a directory called C:\Temp on the server named WINSRV49.

Configuration myConfig
{
    Node "WINSRV49" 
    {
        File myFiles
        {
            Ensure = "Present"
            Type = "Directory"
            DestinationPath = "C:\Temp"
        }
    }
}

The MOF file is placed within a directory with the same name as the configuration script. From there, the desired configuration for a configuration named myConfig would be invoked with the command Start-DscConfiguration -Wait -Verbose -Path .\myConfig.

Once invoked, the command will run and apply the desired configuration to each of the servers (nodes) defined in the Configuration block.

EXAM TIP

tip.jpg

You can also check to ensure that configuration changes are still applied to a given node using the Test-DscConfiguration cmdlet.

Parameters can be used within DSC scripts. Therefore, rather than repeating the same configuration within several hundred node blocks, you could instead use a parameter to define node programmatically, as shown here:

Configuration myConfig
{
    param ($nodeName)
    Node $nodeName
    {
        File myFiles
        {
            Ensure = "Present"
            Type = "Directory"
            DestinationPath = "C:\Temp"
        }
    }
}

MORE INFO: Desired State Configuration

See http://technet.microsoft.com/en-us/library/dn249918.aspx for more information on getting started with DSC.

Thought Experiment: Understanding update baselines

experiment.jpg

In the following thought experiment, apply what you’ve learned about this objective to predict what steps you need to take. You can find answers to these questions in the “Answers” section at the end of this chapter.

The infrastructure at your organization has shown remarkable growth over the past year. Unfortunately, the staff to maintain that infrastructure has not grown. Therefore, you’re looking at ways to automate as many tasks as possible. You’ve been asked to brief the management team on some of the solutions available for automating the infrastructure.

  • Describe update baselines and Desired Configuration Management.

Objective summary

  • Update baselines provide an automated means by which virtual machines in a VMM deployment can have updates deployed automatically.
  • DCM enables advanced configuration settings to be deployed across clients managed by Configuration Manager.
  • System Center can be integrated for automatic remediation of various issues.

Objective review

Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.

  1. Which command creates an update baseline in VMM?

    1. New-SCBaseline
    2. Create-SCBaseline
    3. SCBaseline /new
    4. New-VMMBaseline

  2. Which of the following is not a setting that can be used when creating a configuration management baseline?

    1. Configuration Item
    2. Software Update
    3. Configuration Agent
    4. Configuration Baseline

  3. What’s the default frequency for automatic dynamic optimization?

    1. One day
    2. One hour
    3. 10 minutes
    4. 24 hours
Save to your account

This chapter is from the book