High Resolution Azure Governance Icons

Had a handful of folks reaching out looking for the link from Twitter. Get it below

 

https://gallery.technet.microsoft.com/Azure-Governance-Icons-a2d535ff

By request, this zip file contains five high resolution SVG icons for Azure Governance components, listed below.

  • blueprint.svg
  • governance.svg
  • management-groups.svg
  • policy.svg
  • resource-graph.svg

I suspect these icons will appear in some future release of the icons and stencils from Microsoft, but this will provide an easily accessible source in the interim.

Early chapter preview of ‘Inside OMS’ version 2

There have been many inquiries into if the band would be getting back together for a second version of the very popular “Inside the Microsoft Operations Management Suite“. Version 2 is 16 chapters of the latest and greatest of Microsoft OMS…and it’s coming soon.

  • When? I am happy to report we are well into the authoring process and looking to release version 2 around the end of April 2017.
  • Cost? As with the first release, we will deliver a book well worth paying for…except it will again be free!

While we are only a little over a month from completion, we wanted to take a moment to give you  a sneak peak at a couple of the chapters of what is to come.

The “Inside OMS” Team

I am also happy to introduce that the entire author team are all back for v2:

  • Tao Yang, MVP
  • Stanislav Zhelyazkov, MVP
  • Anders Bengtsson, Principal PFE
  • Pete Zerger, CISSP, MVP

OMS has grown considerably since our first release, and to ensure we meet our quality bar as quickly as possible, we are joined by four technical reviewers and an editor! Joining us in the tech reviewer role are some very talented folks, including:

  • Damian Flynn, MVP
  • Kevin Greene, MVP
  • Lee Berg, MVP
  • Steve Buchannan, MVP

Early Chapter Preview

To hold you over until the final release, we are going to share three chapters early…one at a time. Your first taste is a major update, driven by awesome Aussie, Tao Yang. Below, you will find a draft preview of:

Chapter 6: Extending OMS Using Log Search

This chapter covers key topics within OMS Log Analytics, including:

  • Saved Searches
  • OMS Computer Groups
  • Custom Fields
  • Custom Logs
  • Power BI

I’ve reviewed it myself, and I know you will appreciate the more than 70 pages of in-depth guidance in this chapter alone!

Get the preview. You can download the preview release of chapter 6 HERE.

Two more preview chapters will be coming your way in the next week(ish). Stay tuned!

5 ways to secure your SQL data in Microsoft Azure

Data security in the cloud is of chief concern not only to healthcare and financial services, but anyone with sensitive data of any kind that should only be disclosed to authorized parties. No discussion of enterprise security would be complete without a look at data protection and governance.

For purposes of this discussion, data comes in two forms:

  • Structured. Structured data refers to kinds of data with a high level of organization, such as information stored in a relational database, as in Microsoft SQL Server.
  • Unstructured. Unstructured data refers to data that is not contained in a database or some other type of data structure. Examples include email messages, Word documents, PowerPoint presentations and instant messages.

Important considerations in data protection and governance include data classification and rights management, encryption at-rest and in-flight, as well as management and storage of encryption keys and other secrets related to securing data.

Securing Structured Data In-Flight & In Use

SQL Server 2016 (both SQL in VMs and Azure SQL) introduces some new capabilities to prevent unintentional leakage of data by misconfigured applications or security controls. Key highlights are listed below:

#1 Always Encrypted:

This is a client-side encryption capability, enabling the application to encrypt data so the SQL server (or service if using Azure SQL) can never see the data. This is particularly useful for protecting content such as SIN/SSN, Credit Card, and private health identifiers.

Always_Encrypted

#2 Row-Level Security:

This allows the organization to create policies which only return data rows appropriate for the user executing the query. For example, this allows a hospital to only return health information of patients directly related to a nurse, or a bank teller to only see rows returned which are relevant to their role. For more info, see https://msdn.microsoft.com/en-us/library/dn765131.aspx.

#3 Dynamic Data Masking:

This allows the organization to create policies to mask data in a particular field. For example, an agent at a call center may identify callers by the last few digits of their social security number or credit card number, but those pieces of information should not be fully exposed to the agent. Dynamic Data Masking can be configured on the SQL server to return the application query for the credit card numbers as XXXX-XXXX-XXXX-1234.

Dynamic_Data_Masking

These capabilities help prevent and mitigate accidental exposure of data while it is in-flight or in-use by a front-end application. For more info, see https://msdn.microsoft.com/en-us/library/mt130841.aspx.

Securing Structured Data At-Rest

Protection of SQL data at-rest is a feature that has been around for a long time now, which the SQL Server product team at Microsoft has enhanced in the 2016 release.

#4 SQL Transparent Data Encryption

In order to protect structured data at-rest, Microsoft first introduced SQL Transparent Data Encryption in SQL Server 2008. This technology protects data by performing I/O encryption for SQL database and log files. Traditionally a certificate that SQL Server manages (and is stored locally within the SQL master database) would protect this data encryption key (DEK). In June 2016, Microsoft made a significant enhancement to this capability by making generally available a SQL Server Connector for Azure Key Vault.

AKV

Image credit: Microsoft

This allows organizations to separate SQL and Security Administrator roles, enabling a SQL Administrator to leverage a key managed by the security operators in Azure Key Vault, with a full audit trail should the SQL administrator turn rogue. This connector can also be used for encrypting specific database columns and backups, and is backward compatible all the way back to SQL 2008.

More info at https://msdn.microsoft.com/en-us/library/dn198405.aspx

Detecting SQL Threats

In addition to securing SQL data, we also need to consider protecting data sources from the threats that would lead to breach.

#5 SQL Threat Detection

Running SQL in the cloud brings some additional benefits. For databases running on the Azure SQL service, the new SQL Threat Detection service monitors database activity and access, building profiles to identify anomalous behavior or access. If suspicious activity is detected, security personnel can get immediate notification about the activities as they occur. Each notification provides details of the suspicious activity and recommendations on remediating the threat.

SQL Threat Detection for Azure SQL Database can detect threats such as the following:

  • Potential Vulnerabilities: SQL Threat Detection will detect common misconfigurations in application connectivity to the SQL data, and provide recommendations to the administrators to harden the environment.
  • SQL Injection Attacks: One of the most common approaches to data extraction is to insert a SQL query into an unprotected web form, causing the form to return data that was unintended. SQL Threat Detection can identify if an attacker is attempting to leverage this mechanism to extract data.
  • Anomalous Database Access: If a compromised database administrator account starts to execute queries from an abnormal location, SQL Threat Detection can detect and alert on the potential insider threat or identity compromise, enabling the security personnel to update firewall rules or disable the account.

SQL Threat Detection for Azure SQL Database is a powerful new tool in detecting potential data leakage threats. For more info, see https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection.

I hope you’ve found this short read on some of Microsoft’s capabilities for protecting structured data valuable. Questions or comments? Feel free to leave your thoughts in the comments section at the end of this article.

Switch from dynamic IP to IP Pool in VMM 2016

Recently I migrated a VM from standalone Hyper-V server in 2016 to a Hyper-V cluster managed by Virtual Machine Manager (VMM) 2016. The VM was using DHCP for addressing and I wanted to flip it to get its address from the IP pool assigned to its logical network in VMM. However, even with the VM powered off, I found the setting to flip the VM to use a static IP was grayed out in the UI.

VM_Settings

How to fix? PowerShell, via the VMM cmdlets. Here is a sample script, intended to run on your VMM server.

$vm = Get-ScvirtualMachine -Name “<My VM Name>"

$staticIPPool = Get-SCStaticIPAddressPool -Name "< Name of my IP Pool>"

Grant-SCIPAddress -GrantToObjectType "VirtualNetworkAdapter" -GrantToObjectID$vm.VirtualNetworkAdapters[0].ID -StaticIPAddressPool $staticIPPool

Set-SCVirtualNetworkAdapter -VirtualNetworkAdapter $vm.VirtualNetworkAdapters[0]-IPv4AddressType static

<pre>

Questions or comments? Use the comments section below.

5 TIPS FOR MODERNIZING YOUR PROCESS AUTOMATION STRATEGY

Don’t get me wrong, I love System Center Orchestrator (as you will see here AND here), but it is important to know when it is time to move on. Well my friends, it’s time. Some months ago now, Microsoft publicly announced that their investment in new features Orchestrator had come to an end, and that a cloud-first strategy would be the norm. The Microsoft Operations Management Suite (OMS), together with Azure Automation, is actually the bridge for organizations wishing to modernize their automation strategy,..even organizations not quite ready to go “all-in” with Microsoft Azure.

In this article, I will share five tips to help optimize your journey in modernizing your process automation strategy.

Tip #1: Don’t make big investments in legacy tools

Since Orchestrator is a legacy component, it is probably best not to rush into costly investments in Orchestrator-based solutions that you will only have to rewrite later. However, I am not saying not to use Orchestrator at all. If you find a runbook for free (or cheap) you can download that solves a problem, go ahead! If the development cycle is fairly short, no problem! However, think twice before spending tens of thousands of dollars on Orchestrator-based development or solutions.

“How would you suggest I move forward” you ask? Read on.

Tip #2: Don’t count on the Orchestrator Migration Toolkit to handle everything

The System Center Orchestrator Orchestrator Migration Toolkit will convert some of your runbooks, as well as your custom activities developed with the Orchestrator Integration Toolkit (OIT) to an Azure Automation / Service Management Automation (SMA) friendly format. It also provides a converted set of (most of) the standard activities from Orchestrator.  However, there are some caveats:

  • Some activities cannot be converted. For example, the Map Published Data activity, used heavily by runbook authors everywhere, cannot be converted for Azure Automation and SMA at present.
  • Activities in integration packs not created with the OIT cannot be converted.

What’s more, you may have created custom logging, checkpointing and other workarounds in your Orchestrator runbooks that are native features of Azure Automation, which you will need to write out of converted runbooks. The bottom line here is that at least some runbook redesign and rework is going to be necessary on the road to a simplified, modern process automation strategy. Embrace this reality and use it as a learning opportunity.

Tip #3: Use hybrid to take your first step…

If your organization is not yet in the cloud, walking in the door and singing the praises of an “all-in cloud strategy” may not be the best approach. Your message may not be well-received by the cloud doubters and cloud fearful in your ranks. Some of these concerns may be well-founded and may take time to overcome. This is where OMS can help, by giving you a fantastic compromise…the Hybrid Runbook Worker. Without rehashing everything explained in the hyperlinked article, the key point here is that linking OMS to an Azure Automation subscription enables you to execute Azure Automation runbooks on a server enabled as a Hybrid Runbook Worker inside your datacenter with no additional outside-in firewall ports required!

This is an olive branch with another bonus. With Hybrid Runbook Workers enabled throughout your data centers, you can Azure Automation as your centralized, simplified, global back-end orchestration infrastructure. An Orchestrator instance per-datacenter, and the headaches that come with keeping them all in sync in terms of patches, runbooks and security, are a thing of the past.

Tip #4: Don’t build what Microsoft is going to build for you

This tip is an easy one to follow. Never spend a lot of time and money building or buying a solution Microsoft promises to build for you. Watch the product roadmap for OMS, which includes a long list of Microsoft’s planned feature releases that may eliminate your need to build certain types of automation. The current public roadmap includes a host of great features, including solutions focusing on

  • Office 365
  • Patch Management
  • Remote OS Management
  • Containers
  • Network Performance and Analytics
  • Configuration Management Database

That is just the tip of the iceberg. Since OMS Is cloud-based platform, features come on a rapid release cycle…at a cloud cadence. Talk to your MS account team and focus on closing the gaps MS is not already working to close for you. This likely means you will be able to focus on more organizationally-specific, high ROI scenarios the business side of your org care about.

Talk to your Microsoft account rep for the latest OMS feature roadmap.

Tip #5: Start with a “quick win”

One important point I used to stress with Orchestrator was the need to “start small”, and the same is true with OMS and Azure Automation. To introduce your organization to hybrid automation with OMS and Azure Automation with the Hybrid Runbook Worker (and to ensure they love it), start with a manageable scenario. Find an automation need that you can develop and demonstrate in a proof-of-concept in a short time (nor more than one or two days) to get your colleagues and management stakeholders acquainted…and on board.

Before you start, look at what is already available from the community. There are lots of runbook samples out there demonstrating common scenarios like group maintenance mode in System Center Operations Manager, Active Directory user onboarding, as well as adding computers to collections in System Center Configuration Manager (SCCM). Since Azure Automation supports PowerShell, a freely available PowerShell script may help jumpstart your efforts!

Next Steps

Your first step is to get in the game. Sign up for the free tier of OMS, which includes 500 automation minutes per month. Sign up for a free Azure trial, or sign up for the pay-as-you go option to limit your spend. Watch some of OMS and Azure Automation videos on the MS Channel 9 website. Download some of the many sample runbooks shared in those sessions.

Good luck!

Free E-book: Inside the Microsoft Operations Management Suite

Tao (@MrTaoYang), Stan (@StanZhelyazkov), Anders (http://contoso.se)  and I have been working on a project for the last few weeks. We wanted to bring a learning resource for the MS Operations Management Suite to the community that is complete, comprehensive, concise…and free (as in beer). While we finish final editing passes over the next couple of weeks, we wanted to share an early copy of the book so you can start digging in while we finish our work!

Description: This preview release of “Inside the Microsoft Operations Management Suite” is an end-to-end deep dive into the full range of Microsoft OMS features and functionality, complete with downloadable sample scripts (on Github). The chapter list in this edition is shown below:

  • Chapter 1: Introduction and Onboarding
  • Chapter 2: Searching and Presenting OMS Data
  • Chapter 3: Alert Management
  • Chapter 4: Configuration Assessment and Change Tracking
  • Chapter 5: Working with Performance Data
  • Chapter 6: Process Automation and Desired State Configuration
  • Chapter 7: Backup and Disaster Recovery
  • Chapter 8: Security Configuration and Event Analysis
  • Chapter 9: Analyzing Network Data
  • Chapter 10: Accessing OMS Data Programmatically
  • Chapter 11: Custom MP Authoring
  • Chapter 12: Cross Platform Management and Automation

This early edition is being shared with the community while final edits are being completed. Please send questions, comments or errata you find to insidemscloud@outlook.com.

You can download for free from the TechNet Gallery at:
https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 

 

Centralized Logging Strategy for Azure Automation Hybrid Worker with OMS

Many System Center Orchestrator administrators longed for centralized logging of Orchestrator runbook events and results. With no native centralized logging facility, many administrators used a simple SQL database as a centralized logging repository. While not ideal, this method is functional for a single data center.

Think about the challenges of implementing this strategy on a global basis. You would need either have to configure your Orchestrator runbook servers to log events to a SQL instance in a remote data center, or perhaps configure SQL replication to centralize the events after they were logged locally.

In this article, we will look at establishing a centralized runbook progress and result logging strategy for the Azure Automation Hybrid Runbook Worker using the Microsoft Operations Management Suite (OMS) that is quick, easy and searchable…no SQL database required.

In this post:

  • Hybrid Runbook Worker job logging in the Azure Portal
  • Native Logging on the Hybrid Worker
  • Why custom central logging for the Hybrid Worker?
  • Basic Custom Logging Implementation for Hybrid Worker
  • Logging runbooks events with a child runbook

Let us get down to business.

Hybrid Runbook Worker job logging in the Azure Portal

Enter the Azure Automation Hybrid Runbook Worker (hybrid worker) role, which enables Azure Automation customers to execute (run) runbooks on designated servers in their data centers around the world. The back-end infrastructure is Microsoft Azure, so implementing a global automation infrastructure is much less work than with Orchestrator.

However, the desire for detailed logging of activities on the hybrid runbook worker remains. Certainly the Jobs log (shown below) in Azure Automation shows results, inputs and outputs of runbook jobs. However, it does not provide detailed progress logging of your choosing at key points along the way.

Jobs_Log

With that in mind, the desire / need for centralized progress logging at our discretion remains.

Native runbook event logging on the Hybrid Worker

One bit of good news is that the hybrid worker includes some native logging to the Windows Event Log. You can find the log in the Windows Event Viewer under Applications and Services Logs > Microsoft-Automation > Operational.

More good news. You can easily add this log for collection by OMS in the Settings area on the Data tab. In the ‘Collect events from the following event logs’ window, type “Microsoft-Automation/Operational” and click on the plus sign (+) to add the log for collection. Then check the boxes for all three event levels.

HybWrk_Log_Collection

However, the bad news is, once this data arrives in our OMS subscription, you can see the formatting of the details in this log is less than ideal. Using the search interface, you can retrieve the contents of this log with the following query:

Type=Event EventLog=”Microsoft-Automation/Operational”

The result reveals that in the ParameterXml within the event lies the job status, but only the value (Succeeded, Failed, etc.) rather than a well-formatted name value pair we could use to extract the result into a custom field for better search. As a result, this native logging is not as useful as it could be, but can still serve to reduce the need for automation admins to use the Azure portal.

Moreover, this still does not address our need for ad-hoc progress logging hosted in a central repository.

Why custom central logging for the Hybrid Worker?

Even with the aforementioned logging, the need to log events within a runbook at key junctures remains, and this is where logging to the Windows Event Log with a custom source, with an event description detailing runbook progress or results, with output collected and forwarded to OMS. This gives us central logging without the need for a SQL database.

You can log this data to any local Windows Event Log, even the System log. One approach might be to use a couple of custom sources, such as one for logging runbook progress messages and another reporting the runbook result, both in an easily searchable format in OMS once the data has been collected and uploaded.

Basic Custom Logging Implementation for Hybrid Worker

I will describe a couple of simple approaches you could take for custom logging locally on the hybrid worker.

First, in order to write messages with a custom Windows event log source, the providers must exist. You can create custom event sources with the New-EventLog cmdlet. If you wanted, you could simply create these providers each time you deploy a new hybrid worker.

For runbook progress messages, I will write to the System event log with a source of OMSAutomation-Status. To create this new provider, simply run the following one-liner on the hybrid worker.

New-EventLog -LogName System -Source OMSAutomation-Status

For the final runbook result message, I will again write to the System log with a source of OMSAutomation-Result. To create this new provider, simply run the following one-liner on the hybrid worker.

New-EventLog -LogName System -Source OMSAutomation-Result

This approach ensures I can quickly and easily search runbook messages by event source. Then, any time you want to log a status message within your runbook, you would simply add a Write-EventLog message at the appropriate point in your runbook. Since the System log is already being collected in OMS, you do not have to configure any additional log collection in OMS.

Let’s assume that every time a runbook begins I log a message in the following format from within my PowerShell runbook on hybrid workers:

Write-EventLog -EventId 1 -LogName System -Message "Runbook $RBName is now beginning" -Source OMSAutomation-Status

Then in OMS I can find every message showing a runbook beginning with the following wildcard search:

Type=Event EventLog=System Source=OMSAutomation-Status “*now beginning “

Add | measure count() by Source and you can get a count of how many runbooks have run on hybrid workers.

Type=Event EventLog=System Source=OMSAutomation-Status “*now beginning ” | measure count() by Source

Add the computer name to filter results to a specific hybrid worker, as shown here

Type=Event EventLog=System Source=OMSAutomation-Status “*now beginning ” Computer=”VMBR01.contoso.corp” | measure count() by Source

If I wanted to find ever event where a specific runbook ran, I would simply expand the search based on my message syntax, for example.

Type=Event EventLog=System Source=OMSAutomation-Status “Runbook Hello-World is now beginning”

And finally, a search for all successful completions of a specific runbook

Type=Event EventLog=System Source=OMSAutomation-Result “Runbook Hello-World completed successfully” Computer=”VMBR01.contoso.corp” Source=OMSAutomation-Result

or any runbook, as pictured below

Type=Event EventLog=System Source=OMSAutomation-Result “*successfully” Computer=”VMBR01.contoso.corp” Source=OMSAutomation-Result

JobResult

As you can see, logging inline from within your runbook is simple, quick, easy and searchable in OMS!

Logging runbooks events with a child runbook

We could take what some might deem a slightly more elegant approach and instead call a child runbook to log the event. One advantage of this method is that we can accept the event source as an input, and check that the source exists before attempting to write the event. This means there would be no need to create the custom event sources manually. On the downside, this approach might mean slightly longer execution time, resulting in billing for a few more runbook minutes per month versus the simple inline method described above.

Here is a simple, generic and effective Windows event logging script borrowed from my friend Tao Yang. This script accepts event log name, ID, source, type and message as parameters. Before attempting to log the event, it checks for your event source on the hybrid worker. If the source does not exist, it creates the new source, then logs the event.

Param (
 [Parameter(Mandatory=$true)][string]$EventLog,
 [parameter(Mandatory=$true)][int]$EventID,
 [Parameter(Mandatory=$true)][string]$EventSource,
 [Parameter(Mandatory=$true)][string]$EntryType,
 [Parameter(Mandatory=$true)][string]$Message
)

$ExistingEventSource = Get-Eventlog -LogName $EventLog -Source $EventSource -ErrorAction SilentlyContinue
If (!$ExistingEventSource)
{
 #The event source does not exist, create it now
 New-EventLog -LogName $EventLog -Source $EventSource
}
Write-EventLog -LogName $EventLog -source $EventSource -EventId $EventID -EntryType $EntryType -Message $Message

Here is a sample usage of this runbook you can past into your Azure Automation runbooks destined for hybrid workers. This assumes you have added the above sample runbook to your Azure Automation subscription with the name Write-WindowsEvent.

.\Write-WindowsEvent.ps1 -Message 'Test message' -EntryType 'Information' -EventLog 'System' -EventSource OMSAutomation -EventID 50001

Conclusion

As you can see, Azure Automation, the new hybrid worker and OMS open the door to easy and flexible implementation of a global, hybrid runbook automation infrastructure that transcends the limitations of System Center Orchestrator. Get started with your free subscription to OMS at http://microsoft.com/oms.

How to launch an Azure Automation runbook on a Hybrid Worker via PowerShell

With the update in Azure PowerShell 1.0, quite a lot has changed. Working with Azure has been divided into cmdlets for working with Azure 1.0 (Azure Service Management) and Azure 2.0 (Azure Resource Manager). With the GA release of the new Azure portal (https://portal.azure.com) that was called “the preview portal” forever, has arrived. In short, the PowerShell cmdlets for working with Azure Resource Manager include an “Rm” after the “Azure”, such as in New-AzureRmVm, the cmdlet for creating a new VM in Azure IaaS v2…aka Azure Resource Manager.

Azure Automation, when connected to your Operations Management Suite (OMS) subscription, eanbles you to tap into a new Azure Automation feature called a Hybrid Runbook Worker. This allows you to run runbooks on machines located in your data center in order to manage local resources. The runbooks are stored and managed in Azure Automation and then delivered to one or more on-premises machines where they are run.

If you are unfamiliar with any of the above concepts, you can click on the links and read more. If you are familiar and just want to know what the PowerShell is you need to call an Azure Automation runbook and run it on a Hybrid Worker, you will find the script and some explanation below.

Prerequisites

You will need the following in before you get started

  • The latest Azure PowerShell module, which you can install using the Web Platform Installer or the PowerShell Gallery, on the system where you will run the script
  • An Azure AD user with appropriate rights from your Azure subscription. You cannot use a Microsoft (Live) account when authenticating to your Azure subscription.

I am working on a Windows Server 2012 R2 system. I also have the production preview of the Windows Management Framework 5 installed, though this is not required.

Sample Script

In this sample, we will assume you are working with your default Azure subscription. We will build on this example to cover working with multiple Azure subscriptions in a future post.

# Import Azure Modules
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\AzureRM.Profile\AzureRM.Profile.psd1"
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\AzureRM.Automation\AzureRM.Automation.psd1"

# Authenticate with Azure AD credentials
$MyUserName=’username@yourdomain.onmicrosoft.com’
$MyClearTextPassword=’YourPassword’

$SecurePassword=Convertto-SecureString –String $MyClearTextPassword –AsPlainText –force

$cred=New-object System.Management.Automation.PSCredential $MyUserName,$SecurePassword

Login-AzureRmAccount -Credential $cred

#Runbook parameters
$params = @{"Message"="Hello Azure Community!";}

Start-AzureRmAutomationRunbook –AutomationAccountName "contoso-testrba" –Name "Hello-World" `
-ResourceGroupName 'Default-Networking' –Parameters $params -RunOn 'ConfigMgrPool'

A little explanation…

A couple of key areas of the script that deserve explanation.

Authentication
On lines 5 through 13, you will see how we handle credentials. You will need to replace the user name and password with your Azure AD user. In this case, I have hard-coded the credentials so we can riff on this in some other contexts in my next post. If you intend to call this script right out of PowerShell, you may want to prompt for the password each time. You can do that by replacing the code on line 7 above with the following:

$MyClearTextPassword = Read-host "Enter your password:" -AsSecureString

Runbook Name and Parameters

  • The runbook parameters are presented on line 16 in name / value pairs, separated by semicolons (a hash table). In this case, I am launching a runbook named “Hello-World” that has one parameter called “Message”, which accepts a text string. You can see this pictured in the image below. If you have a runbook with multiple parameters, simply provide additional name / value pairs separated by semicolons.

AA_HybridWorker

  • On line 18, notice the -AutomationAccountName parameter where you specify the name of the Azure Automation account associated with this runbook, as well as the -Name parameter where you specify the name of the runbook.
  • On line 19, you will need to update the -ResourceGroupName parameter with the name of the Azure resource group containing the Azure Automation account.
  • Finally, the name of your Azure Automation Hybrid Worker group is specified in the -RunOn parameter. If you want to know where to find your available Hybrid Worker groups, you can see the GUI version of this in the image above from the Azure portal.

Once you execute the runbook, the output if it runs successfully will be roughly as follows:

AA_HybridWorker2

In the Azure portal, go to the Jobs area of your Azure Automation account where you can see detailed job results:

AA_HybridWorker3

In our next installment, we will do something interesting with this script you can use in your environment…today!

Veeam Management Pack v8 for VMware and Hyper-V

Veeam have released version 8 of their management pack for System Center 2012 R2 Operations Manager. Veeam is great for comprehensive monitoring of both Hyper-V and VMware deployments. In mixed Hyper-V and VMware mixed environments, the Veeam pack also offers a very consistent view of fabric health across the two platforms, providing a unified monitoring experience for heterogeneous environments. Most importantly, I find the Veeam pack delivers actionable alerts and data visualizations, enabling quick incident response instead of hours of digging for root cause.

I encourage any System Center administrator looking for a comprehensive virtualization monitoring approach to check it out.

New in Veeam Management Pack v8

  • Support for VMware vSphere v6
  • Enhanced Hyper-V Support
  • Veeam Morning Coffee Dashboard & Report
  • Hybrid Cloud planning for Microsoft Azure and VMware vCloud Air
  • Detailed snapshot and checkpoint tracking
  • Visibility for Veeam Backup & Replication

Get the What’s New Guide or download the Free Trial.

 

Inside System Center Podcast #4 – Windows 10 Launch Episode (Show Notes)

With the imminent release of Windows 10, Dan and Pete take some time out to discuss what Windows 10 release, coming July 29th, and a range of topics including availability, deployment training, and device experience. They also manage to fit in some Surface 4 and Windows Phone hardware news. Links to all the resources discussed (and some we didn’t get to) below!

New Show Updates

To get updates on the latest episodes of Inside System Center and Inside the Microsoft Cloud, follow on twitter (@insidemscloud@insidepodcast) or like us on Facebook at http://facebook.com/insidepodcastnetwork.

Episode Links

Audio editionavailable shortly!

Video edition – https://youtu.be/hrwDGDaVXs8

Launch

Deployment Timing

Deployment Training

Updates (auto-updates, WUFP, etc.)

Devices, Device Experience and Wallpapers

Surface 4

 

Flagship Phones

Device Experience

Download Windows 10 Official “Hero” Wallpaper

Here is the official Windows 10 Hero wallpaper, as well as the popular Ninja Cat editions!