Meetup - Make PowerShell a Real Solution in 5 Steps!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] [Music] is [Music] [Music] [Music] do [Music] [Music] is [Music] me [Music] me all [Music] right me [Music] i just want to be with you right now [Music] [Music] do [Music] [Music] are you leaving me [Music] can you feel me with you [Music] so [Music] do [Music] so [Music] ah i thought you would have been all over that i think i i briefly saw it but i didn't have time to respond fair enough good g'day everyone how you going he's back i'm back all right all right hang on a sec um model obviously it's it's 6 p.m um we'll just i think we just let a few extra people join we've got a few people joining in on the stream as well so um yeah i um evening frank i also wasn't um sure if people think six o'clock is like roll up whatever you want sort of thing g'day frank um hey jordan i've actually got a question for you mate with um sddls um do you know of any way to be able to actually create um acls with um like create an acl as an object and then convert it as a string into a string yeah the dot net functions have got to convert to stdl function so you can call that and you specify what um what components you want and it will give you the sddl for you okay cool cool and you need to go the other way because there's a command line that you can convert from but you can't convert to and i was like so okay that's great yeah you should be able to do both yeah okay all righty just gonna um do you want me to um run the powerpoint or wayne do you want to drive it no i'm right for you to drive it that's fine i saw that you had it open i'm like no michael can have it tonight i just went in there and added some aws news that's all which feels funny feels funny going in there and seeing all the ass and news already out of it i'm like what that's my thing like what what is what is this voodoo yeah so i know at our last meeting two months ago we joked about how the previous meeting to that we were joking that um the more and more cases every time we said oh yeah we'll do a meet-up this month definitely happening and then the orona kicks off i've noticed the last time was scheduled it was really kicking on and uh now there's four six cases just announced in uh queensland so i'm thinking i mean i blame michael i can't hear you hey i've been vaccinated i got my first one and my god my arm the next day was just dead it was shocking still going back for number two oh lucky number two all right okay um actually no wayne are you able to do the share because i can't show the team session as well as do the share unfortunately okay you know come just give me a minute it's a bit wonky so oh apparently i closed it i i was 100 dependent on you give me a second it's like it knows like it's it's like one drive knows you know you're waiting on it it's going to go slow that's to say with printers they know you're in a hurry don't get me started on printers especially in 2008 r2 clusters with with non with num non-supported drivers all right let me see let me see if i can get my infrastructure so i don't know if this is gonna work let me know how this goes yeah that looks fine yeah that looks good okay sweet all righty um do you want me to kick it off wayne um yeah go on wander through the news um all righty so are you recording yes we are recording we're actually streaming live as well so um g'day to everybody in the user group um in the team session as well as g'day to everyone online um welcome to this month's meetup um so um we're just gonna quickly jump through i'm your host uh michael um we are and then obviously we have wayne here um also we have um alex mitchell and pablo who are our facilitators um i'd like to use the word facilitators that's probably i don't even need that i've got my um boom mic on um so anyway um we're proudly sponsored by hudson and they've been since the before the coronavirus came out um they were lending us to their room um obviously things have changed but they're still over i'm a sponsor also a huge thanks to script runner um for uh also paying our meet up costs um i really really really appreciate that and then finally um in sync technology or slash rapid circle so a little bit more news on that so we'll be jumping onto the next slide okay um when you can um do you want to do the news or you want me to do the news i could probably talk about a couple of things you're muted by the way yeah you can do the um sorry i've got to share my screen and mute and unmute you can do the azure news if you like so yeah you added i'm not going to talk about any of these things yeah you want me to okay i'll just quickly go through it um so um tons and tons of new azure features are coming out so azure sphere um that version 21.09 and ga um so one of the key things i kind of wanted to bring up i know it's not um it can be brought up next month but it's just something that you know to have at the back your mind um if you've got ajay's asr implemented tls 1.0 and 1.1 will be deprecated on november the 15th so um you can go ahead and go and update that to a tls 1.2 um azure function runtime version 4 is now in public preview which is supporting a whole bunch of different language and runtime versions on.net 6 you've got in process and isolated processes now there's node python java powershell and some custom handlers um obviously we also have azure ad join vms and now for each ga there's a ga of the run command and aks also microsoft implemented screen capture protection for azure virtual desktop which is pretty interesting stuff so essentially you can deploy azure id um um your azure id uh oh sorry the azure virtual desktops are essentially um you can't capture screens and record stuff so that's pretty cool um so the um azure app service availability zones is now also um in ga now so um that's really good and there's a couple other ones there which is just the azure azure files now supports smb 3.1 so there's a whole bunch of little bits and pieces with that um which it just ships with two additional encryption modes which is just aes 128 gcm and 256 gcm um and psrm which i don't know if there's been really i know that was mentioned beforehand but i just kind of want to reiterate it from the powershell side is that psm is no longer um being developed to actively support it's considered end of life so um make sure you're not using it anymore um and consider moving to biceps that's right um so that's pretty much it for the azure news so um yeah let me try and navigate give me a second there we go uh yeah so there's some pretty big aws news this month as well i didn't actually go back to the previous month so there will be a little gap but they announced the new new zealand region is coming so the next few years they're going to be developing a multi-availability zone region in new zealand which is awesome um elasticsearch has been renamed to amazon open search and this is based on some licensing issue anyone who knows anything about open source licensing knows that they get very hated these debates and that's what caused this name to get renamed this product to get renamed uh if you haven't seen amazon fsx before it's worth looking at it actually blows my mind how good ms amazon fs x is they've announced netapp ontap support now they previously had the best windows server support i've seen in a public cloud windows server file system this is that's what the fs stands for and now they've got netapp on tap as well it is a really good product i'm super excited about that efs elastic file system that is now supports intelligent tiering just like s3 does and cloud formation is getting better better to use slowly which is nice for someone who'd done arm and then tried to do cloud formation uh cloud formation was like not nice but they've now i made it optionally roll back so you used to deploy something you might do 10 deployments or 10 resources as part of a deployment and it would get to the ninth one fail and then just roll all the way back again um so now you can optionally roll back and save yourself some sanity and you can even debug at that ninth deployment and try and find out why it failed and things like that so that there are awesome improvements on the aws side michael yeah um so this was just a bit of an impromptu slide that i've added um into the deck and i just quickly wanted to talk about um the sponsor um of insync so um as of this month nsync slash rapid circle will be um the last time that they will be officially listed as a sponsor um on the meetup group and that's because myself um and alex laurie have resigned from instinct rapid circle so we would no longer be working there so yeah we're looking for a new sponsor i suppose we're meeting in person again yep that's exactly right yep cool cool um so let's quickly talk about what's happening in the next couple of months um so october um basically we will be work oh yeah we've got joshua king he's going to be giving a talk on um yep on chocolaty so joshua king if you're not familiar with he's the microsoft powershell cloud and data center mvp um he recently joined chocolaty so um i'm super excited to see that everyone always got a bit of a soft spot for chocolatey because it's so soft and um and um yeah and so in november we'll be looking at hopefully provided that there's an actual um no lockdowns or anything like that we're going to be trying to actually organize some sort of um social event um whether that's in the city we're still trying to work out what we're going to do there whether it's around my place who knows we will um we'll try and figure that out so that's just a bit of heads up what's happening in the upcoming months um so call for speakers i'm always looking for speakers so if you're interested in a topic any sort of infrastructure topic um whether it's python powershell it can be a language it can be anything to do with infrastructure um you can approach myself or wayne alex or mitchell just please hit me up you can hit me up on twitter if you're watching online um and just basically we can lock you guys in for a talk so yeah but anyway without further ado um the man of the hour um haku is going to be here to uh present on how to make powershell a real solution in five steps over to you okay thanks michael thanks wayne okay well that was quick okay um not prepared yeah thanks for thanks for for having me i think it's the third time um i'm i have to honor to to talk about our little powershell management solution and um so because it's the third time i would really keep the introduction itself pretty short and then what i really want to show you is what we have done since the last time we met which i think was around the same time last year or in october or something and um we did quite a bit um so let me just i will i will start to bore you with a few slides first and then i'm going to go to various systems so i can just really show you around a little bit what what we have what we've actually done so let me just start sharing i still like the fact in teams that when you start sharing the whole control panel is just going out of sight that's really great all right so um just a quick introduction of who we are so i'm from script runner we are based in germany and um we are into powershell management so the goal of what we are doing the in day out is to kind of help people to simplify the way that they develop manage and delegate powershell that that's basically what it is and we've been around for a couple of years started to be more present in the international space two and a half years ago when actually when i joined the company so these are this is part of our team um that is me so you find me on all the usual uh channels on twitter and i can actually i could later on i could at the end i can just paste all my contact data in into the chat and from the picture you might sense that i have a little bit of a weak spot for this little australian rock band [Music] so and we are also um pretty much into really also supporting the powershell community and the microsoft community in general so that's why we are part of of your your use user crew but we we're doing a lot of other stuff and we we also i think we mentioned it before we started um that we we have this powershell cheat sheet which is actually you could say get help for your office wall that can help you when you're with your day-to-day business working with publishing and stuff like that we have other things we have an email uh powershell security ebook um that you know that we also had it's about 140 pages of stuff like that so that's also pretty pretty interesting um i think i even have a paper no that's the wrong one right too many slides it's this one here that you can also and i will paste that link also in the chat later on which is 140 pages long and it covers all the built-in powershell security stuff which i think is also pretty helpful when you're working with with powershell on a day on a daily basis yeah so um powershell management and making life easier with powershell what does that actually mean and um so from our perspective there are kind of two ways to use powershell um so here are two pictures that i try to to show the two to two different ways and how they maybe differentiate from each other so on the left side you can see like okay this is you start using powershell you're writing your scripts and there are i don't know in your emails in a onedrive in folder whatever and because you wrote them you know exactly where to go to if you want to clean up a new vm create a new user creating reports changing permissions or whatever um which is great because that's that's how you start it and it's your scripts and and you know how to run them and you have the permissions and you know what to do and how to do it and which is i think great for for the start when you're using when you start using powershell now on the right side this is uh not surprisingly where a script runner then comes into the picture where the idea is to kind of organize everything around a power shell in a more standardized way so on the left side again we see things like okay the scripts are all over the place we also see um many organizations and funnily enough no matter how small or big they are you typically maybe have two or three maybe five people who are really into powershell but out of that expert circle there are not many people really knowing a lot and and and working with powershell in the data business and that's that's because really we have this this this powershell know how bottleneck yeah and then we have all things around security how to how to handle the credential because if i want to give a script to somebody i would not make this person global admin in my azure subscription or i don't want to train them how powershell works and stuff like that so so it has to be an easy way to do that in in the sense of um not everybody has to be has to become a powershell expert which of course would be great but but i guess would not happen um so it's about the aim is here like thinking about people in in help desk or maybe tune your admins or maybe even even uh help desk users to enable to use script runner and one of the key elements to to achieve that is um turning a powershell script into something that really everybody can use in an automatic way so what we are doing and what i'm going to show you is that you you have what kind of powershell script you you have you put it into script runner you automatically get a web user interface because we are looking into the synopsis we are looking into the parameter descriptions that are hopefully there because they help us to to shape and to to the the the look and feel of that uh of that input form and then if you have parameters like the date chime with automatically translate into a daytime picker and if you have if you're using reg expression reg expression um then we we check this as well um if you have i don't know validation sets or whatever so everything that you have in your script is automatically translated into the web user interface so no need to extra for extra coding and then of course you can control what you actually want to display to these users and that might differ between different groups of users because some might be able to do more things than others that brings us back to this idea of standardization where you say okay i have a particular way how things should happen and i have the parameter values set as i want it and then that's what i do and then i just hide them from the user because they don't they don't have to they cannot change it so they have to care about it so only the thing that really needs the attention of the user is actually being being visible here and that simplifies the way for the users and gives you the control about what is actually happening in the background so what are the default settings that always happens no matter if it's done interactively by user a b or c or maybe it's been done scheduled or maybe triggered by the rest api with which are actually covered this three different ways of how how you can actually organize that you could say okay there's a user doing things you can have housekeeping processes going on schedule and then using the rest api to trick to allow i don't know itsm system workflow systems also trigger scripts or actions as we call them and what in action is i will show you later on um so the idea really is to standardize everything around powershell to centralize everything around powershell which means when we talk about scripts when we talk about um the modules the credentials everything is is managed in a central way and then it becomes as as we just saw i think really accessible for almost everybody um which is a great thing because that really brings the people who are writing powershell scripts onto a totally different level because it's not just being a something that you do in a corner in the dark in the cellar somewhere you're doing some powershell magic and nobody knows actually what's going on there and how you do it and how the company benefits from it so it's turning it into something that actually everybody can use it's also something that helps you in in getting maybe more more relevant in your organization for example and because we're doing this centralization piece um we also have a monitoring possibility to just see what script read at what time who triggered it how long did it take was there an issue stuff like that so we because and we will see that then if you use script runner it's not the user who runs the script the users are triggering the execution but actually script runner is running all the scripts and that's because we centralize all the bits and pieces that's why we have these monitoring possibilities and the integration piece where we can say yeah it's not just a user it could be an sap system or critical service now that we allow to trigger scripts as well and so the way we do that and that comes back to this five-step approach so what we're doing we're centralizing scripts and modules so here you see a little screenshot and i will show you that in the in the system later on of course um so we have the scripts we have the modules um of course you could in the background you could have like git github or whatever and you're synchronizing scripts down to script runner once a script has been tested and it's been moved to the production branch you can do that of course um the second step really is thinking about credentials and the permissions and so credentials means they're stored centrally and they could be even stored in in password service so at the moment we support three of them cyber art pleasant and psychotic which even further centralizes the whole landscape and also allows you to of course use all that great stuff that you can do with power with password service like rotation and stuff like that and make sure script runner is always using the right credential when there is uh when script when there's a script it needs to have a connection to exchange ade azure ad aws or whatnot um so that really helps um also for this from from the central centralizing perspective and then if you look at this this part here where we have script runner it's really we call this exec execution proxy and that's because script runner is the only instance that needs to have access to the scripts to the credentials and to the backend systems where on the other hand if you have the users over here they strictly only talk to script runners so these users over here they don't need to have any permissions or access to your on-premises or cloud or hybrid services or whatever because what you actually do in script runner you decide what kind of use cases what kind of tasks this people should be allowed to trigger and they just do it via the web interface so they know it's easy and they said there's no no no need to make this people become part of your admin groups or whatever they could be just normal domain users and you decide what they are able to do based on the configuration within script runner and then coming back to this this simplifying piece of okay we're translating a script into a into a web user interface and you decide what's actually selectable here what is visible what is not visible and then step by step you can add all kinds of use cases and delegate them to groups to a group of people and the nice thing about if you let's say you have a scenario where okay we have we have two two different groups and one is responsible for let's say a particular um azure subscription and the other one is maybe responsible for others as a subscription or four vms and they should be they should have different possibilities like okay they can spin up vms with uh i don't know four cpus up to 8 cpus the other one should be allowed to to trigger to spin up vms with 18 cpus and more so it's 32 or whatever and if you have this this these different scenarios you don't have to make changes to your underlying scripts they can be exactly the same in both scenarios it's just the management layer on top of it which is script runner this is where you make this where you just make different choices and decide what the users are able to use and what what their what are the defaults in the what other defaults are in the background and then coming back to the integration part so we have as i said we have this interactive approach one is scripts by user we have the scheduled approach of course and then we have this um integration piece where we call them automation connectors they can be triggered from the outside from machines that are allowed to to to connect to script runner and to um tell us what what script to run what are the parameters what other values and then that's been done um via the script runner engine as well all right so with this i would switch to [Music] the first vm to just show you um what that means and also covering the thing that we've done since we talked about what i just covered last year and one of the main changes here is in the past we had three different user interfaces the admin app where you configure everything scripts credentials stuff like that we had a delegate app and we had a self-service end user app and last year we started to build our new portal and then in the beginning the portal looked like this and that's because i'm locked in here as a help desk user normal domain user and this person is allowed to trigger whatever has been delegated to this person and that's why we have this this run app right here and um so what we see here all these tiles represent in the background represent a script with the right credential with uh everything that we need in order to get the job done like in this case creating a new team or in case of azure to create a new vm or starting out of office or creating grading reports like this or whatever the use case might be so this is the this is what the user are seeing when they when they allow to do things that you have delegated to them and um maybe we just start this one here so what you can see here though just some some nice fancy fancy stuff you can work with color schemes you can add logos to it so hopefully user remember like ah okay this is something about azure and then this is something about exchange and stuff like that so uh overall if you're familiar with what we've done in the delegate app in the past it's really much more modern it's much more fun to work with that stuff um you have of course the same possibility to decide what actually this user is allowed to do and again we will show you i will show you that in the configuration piece how that works like okay this user is only is allowed to spin up this vms in this regions and that's the available vm sizes and that's it so everything else that of course comes with the new ac vm um commanded like static ip addresses yes or no ssd hdd whatever that's all in the background it's still there and you can see over here it's all based on this script that we have on the script runner machine to create a new virtual machine and um i could maybe just for the fun of it we are starting to build a ubuntu machine maybe a small one i want to save money and then because i have put everything that is necessary so we saw of course there if they're mandatory parameters of course they have to be they have to be filled and then i can click here on run so what happens now is in the background script runner takes this information this input and starts to run this script together with the things that are also pre-configured in the background and we will take a look at this of course later on as well and so while that is running of course we could take a look at other scenarios here so here i have i have a list of all the available actions and that's because that's how that's the thing that i've actually delegated to this person and of course it could be it could be just four of them or it could be 20 or whatever and they're organized here based on the tab so um it's pretty easy to to navigate if there are people and helpless people are typically this kind of people that have more broader range for a variety of of actions and um so what you also can do is which which also is is new based since we created this portal uh what you can see right here in the url is that if i'm switching between the actions each action has a unique id and this unique id enables us to do things like when i'm switching here to another browser just for the fun of it um to integrate this use case which of as we saw in the background is based on the powershell script and all the different configuration pieces and just integrate that into whatever website we want which means if that would be a self-service portal or i don't know sharepoint website or whatever you could just say okay i take this same use case that is that we just looked at from the portal perspective and i say okay i want this to become part of that you website and we can see the same funny little things that i changed here because i did some changes in the parameter description just to show you know it it becomes available immediately so what happens here is that it is really it's an iframe and because as i said each action has a unique id you can say okay i want this action 158 i want to integrate it into this website and i have a couple of configuration settings like do you want to show the description do we want to show the name and stuff like that so you can set some defaults and then any of these possible use cases that you want to delegate and i mean that's basically one of the major things where companies come to us because the admin says please i don't want to spin up the 20s vm today couldn't that be somebody in helpdesk or maybe even the line of business users to do it and i have the powershell scripts but i would not give it to them i'm just i'm just i just create something in script runner and delegating this stuff to these people and then it's off of my desk and they do it in a in the right way because i have pre-configured that and so it could be i don't know what i have here creating a sql uh database backup or stuff like that so whatever the use case might be you can integrate that into whatever website and that really brings let's say that stuff that way in the background we have this powershell stuff into a world where nobody needs to know even that power should exist because it's really just something that is based on this this web user interface and um sorry um hi i just want to quickly jump in for a sec um are you able to zoom in on the um on your browser uh it's just that the guys via stream are having a little bit of trouble yeah maybe i'm just how's um how's that guys is that good looks fine to me i'm just checking yep okay yeah glenn's happy with it okay perfect perfect all right so um uh yeah going just going back to the use case that we just had where okay somebody created a new vm and you saw this this reported coming back telling the user okay it has been created successfully and um so this was triggered by by this user right here so um and we will take a look at okay what can i do and what can i see as from the admin perspective what happened there and we will be there in a minute so just want to want to finish this one up here and maybe also make this a little bit bigger so the idea of this as we call the portal widgets is really bringing each use case into an environment where the user is just working day in day out and they just do and allow to do whatever is configured in the in the action and that's that's a big change that we saw with with organizations really now thinking about okay is there you know use cases like passive reset creating an out of office for somebody who called in sick and stuff like that could that be something that we can now build with a powershell script in the background and then make it available for hr people because they they only have to maybe select the notification and because it's a daytime parameter we automatically display this this um daytime picker here so it's really pretty pretty easy and so it's nothing that again has to be done by the by the it department or even by the helpdesk people and so that's really where we also uh see that that yeah make powershell something that really can be used in a much broader range and so the question is okay how did we do that so um as as i said it all starts with the scripts now here we are in the admin app that we still have and that that will build still will be around for a couple of months i think but the ultimate goal is to move all the functionality that we have into our new portal and especially for the scripts that's pretty cool news because with the scripts uh with the portal let me just open the portal again too many too many tabs here because uh what you can do for example um with the portal is that because now i'm here i'm logged in now as an administrator right so just now here i'm logged in as tina just normal domain user that's why she only sees these two tiles here i'm looking as an administrator and i have all the stuff that me as an administrator is allowed to do which includes working with scripts and um that is really pretty cool because you cannot not just uh add new ones which of course and or create new ones you could also edit your scripts via the browser um so we could go into the script and i can see it can take a look at the code i can check it out i can make changes to it um i can check it in again hopefully do some some good good comments and i have a change history i can see where it's actually being used and um so that's really something that really helps to work with existing scripts of course um because you can just really use that that user interface but it also is pretty cool to import new scripts where you say okay i want to add new scripts and by the way you will maybe wonder what that right here is within script runner you can have a multi-team configuration you could say i have one script general instance and then i have an exchange team and i have an azure team and i have an ad team working with powershell with that credential with targets and whatnot but i want to make sure that the um the team um i don't know us is not messing around with the scripts and credentials from another region or from another or from another uh platform or whatever so you can cr you can decide who is the owner of that object and object means could be a script it could be credentialed it could be a query or whatever uh or you can make it uh something that belongs to maybe everybody and then you can you can choose the files that you want to the script that you want to add you can decide in which folder structure you want to store them the folder structure is is pretty important because based on the folder names we automatically check the scripts and everything else based on this on these names first you can always change this manually but automatically we just take the information from the name of that of that folders and what you can also do which is pretty cool we have this i think 7 1700 scripts being available on github and you could just choose scripts that from there that you would like to add to your existing configuration um and that's something that also because we have this in the portal now is available here um you can have a preview on the scripts as well and then you can say finish and then descripts okay okay i have the same name okay and just in the same folder okay then maybe i should adjust something different [Music] maybe i choose something different i'm not sure maybe i'll take this one here see and maybe i'll make it ah i think i have to just put it into a different folder i think that was the issue and then this script becomes available so by the way talking about the scripts that we have on github um so since the last time we we added quite a bit of new scripts here for example we have we added a completely new set of scripts for citrix for example um and we added scripts new script for teams because the well the module for themes is kind of changing every day somehow um so you can still go there of course and just download the whole set of scripts um that's still there but you can also as i said you can just import them via the portal and of course if you want to create a new script uh it could be an empty one but uh maybe and we we're going to cover maybe take a look at the queries as well you could say okay i want to create a query script and i want to have this i want to have some some help with it um to say okay um there is a template and again this template comes from our github repo and we're going to change and add new templates here and they're also going to be a way to instead of pointing to our github repo to point your github retro it's not there yet but that's going to come and here as a result what you see here as a structure is that whatever you do whatever information you want to get at the end it should be end up in these two variables in this srx environment result list and result is two because this is the information that i from on one side the user is seeing and on the and on the other hand what you actually what we're actually using when we execute the scripts uh and i will show you that what that means when when we when we look at the queries so what really what that really means here we because we have this functionality now here in the portal you can really really uh do all the stuff directly in the browser in in the latest edition which will come out um by the end of this week i hope we will have and i have another machine where i already did that we you can already for example also delete scripts from here and if this script is used somewhere you get a information like okay it's been used in this action do you want to really do that and stuff like that so just so to see the dependencies and stuff like that um what's also pretty cool is that um if you're making changes oops to your scripts or you have kind of a of a history of of of scripts let me just go for one i made some changes here uh you could take this information and where is it [Music] no all right all right all right what have i done what have i done what i actually wanted to show you is okay maybe i just make let's make some changes here again [Music] check it in um because what you can do is you can you can have a div you can see okay what has been changed since the last check-in um so that also helps you to of course find out okay if you're looking at a script maybe somebody else has modified and something goes wrong and stuff like that so um that's also something that that really helps in how to manage how to manage your your scripts and that's that's again that's something that that we added um with the with the portal which i think is is pretty cool and um coming back to we we just we just started this this action to create a vm in azure i want to go back to to the portal because right here um because i'm the administrator i can take a look at all the things that have been done and here i can even see that there was and there wasn't an error [Music] when i wanted to list the name of my vms but i can see that okay this user tina she started to create a new vm in azure and they can go into the reports and they can see which user started it when was it what was the action what was the actual backend system that we used and what was the credential and i see the parameters and we only saw a few of them in the interface because all the other stuff as i said is pre configured in the background and that's how we always create this particular vm and then you get all the the detailed information here um and so you see all the all the data of all these activities because it's always script runner who executes all that stuff we have that's centralized view on all the activities no matter what the issue are and i understand this one because my vm environment my mba environment is not running that's why connect my server didn't work of course um so for troubleshooting purposes and you can you can you can just say i want to see everything all just the things where things went wrong or um and then of course you can also compare reports you can drill down to particular actions or to particular targets and so the idea really is to have a full view on all the stuff that happens uh with your powershell scripts again no matter if it's triggered by a user if it was a scheduled stuff or if it was something triggered by um the the rest api the automation connectors and um so something something we added on top of this technical dashboard coming back to things that we that we changed that we added is we created a efficiency dashboard so to speak so typically this is more kind of the right the management view like okay why actually what why do we automate what do we what how do we benefit from it and what you can do is for each of these use cases you can decide how much time uh you actually save by doing things uh in an automatic way and then we calculate that based on how often this action run run and you can create uh an hourly wage and then you say okay uh this is the amount of money that we saved by by doing that so this is of course as i said more like the management view of things like okay i can send that every friday or every month to my manager and they're hopefully happy what happens or it gives you an idea that maybe you have created a use case and and delegated that and you were expecting like okay this this this column here should be much much higher and so you could come back and say okay asking okay why maybe that's actually not being used maybe you've delegated it to the wrong people and so to speak or they're not using it or something should be reconfigured and stuff like that so this is another aspect where this actually helps and um so we looked when we started in the beginning we looked at all the scripts right that that we need to start things off then of course we also need all the credentials so that we can that we can create powershell sessions to whatever backend system and there we have two ways one is the credentials are stored locally in the windows connection store or like in this case i have a i have an a credential where it's coming from a pleasant server in this case a local one and what we see here is it's just the id of this of this credential so whenever we need to connect to exchange we're going to ask this blessing server for this id for the credential behind this id so we get this info back also something that we added since last year is really more like complete support for powershell 7 even though i have to say i don't know any customer in my world so to speak who is really using powershell 7 a lot or even a little bit in production so but anyway um you could have of course you have a set keys also being managed in script runner so you can use powershell against linux you see that there is some kind of implementation for the powershell secret management it's not it says experimental so it's not really there yet we want to be able to to use that of course because behind that as we all know can be azure keyboard it can be whatever uh the community is adding to it so that's something that we're working on um so that will be another option but so for for for today it's like okay it's stored locally or it's stored in a windows credential in the in the password world and then you have all this this credentials right here and then of course it's like okay i want to do something in azure so how do i do that the example that we just looked at so here we have target and you can create all kind of targets based on what you can actually do with powershell you can have local execution you can have powershell remoting you can even combine targets into collections which helps especially for many systems where you do housekeeping processes so maybe there's one script that you want on that you want to run on 100 servers and i want to i don't want to pick a 100 service every time i want to do something so i put all this hundred servers into collection and then i'm collecting and then i'm selecting the collection when i want to do something there o65 azure we also added what we call the generic cloud service where you could do things like connecting to aws or google or something like this or any other system now for azure um just coming back to the example from just now um there are of course different ways to to interact and to establish the session um of course it started with having this traditional credential user and password thing that that i've selected here but of course you could have configuration working with service principle or app registrations to doing this because as we all know that's the way it's going to go more and more of course um you we still have support for azure rm here so you could decide okay i want to do things the old way not not not um recommended of course and so what is what this target is doing in the background because we know this isn't this is an azure target and we know how to establish the session to this back-end system in this case azure of course we need to have the ac module but we only have to have it on the script on the machine right because it's only script runner who's executing that so and you could even say okay because maybe you're also you're only doing things with um with azure compute you can say okay i only i only want to load the azure compute module which of course also helps when it comes to establishing the session um style and and loading the modules and the command that's in the background um so that's something that you can that you can control here as well and then having this target means because we here we configure the logistics we know which which subscription to talk to and how we connect so what kind of credential we need in your scripts you don't need to have this logistics information anymore like um loading the module establish the session stuff like that because that's that's that's what scripture takes care of by using this target in every use case that you want and if we're coming back to the example that we just saw in the beginning where i'm just creating a new azure vm we can see how all these different bits and pieces fall together because the azure uh the azure the action is kind of the bracket so to speak that brings all this uh different bits and pieces uh into the right order so to speak and one very good way to to look at this is to use this details view where you can see all the different objects that is that are part of this action so the action says okay i want to create a new vm in azure i have a target which is my azure subscription i have credential which is this account that we have in the background i have additional library scripts which we can also take a look at that helps us to call functions from the main script uh and the functions are and they're just there to create a report for example i have this the script the actual main script um then i have queries i want to have a list of locations i want to have a list of vms that these users are should be allowed to see and then i have delegations so i can see that this action already got delegated to user helpdesk azure team and emir now uh what we can do right here is i can i can click on on edit and i can see okay how this actually looks like in the background so here this is the first view on okay what is what script do we have in the background what kind of parameters do we have here and so this really goes back to this script that we have here so if we are doing it the old fashioned way um if we go into azure compute new acbm and i'm talking about old school i'm still into the ise don't judge me please um so this is the underlying script and then this is where i did this you know this funny little change in the script like okay this is of course stupid thing um i'm i'm storing that i'm saving it and when i'm doing a refresh in the browser i can see immediately that things are changing in the user interface so this is the underlying script um with all the stuff that that happens here and we see for example here we call a function that is part of a library script that that is there to create a nice little html dialog once the vm has been created so coming back to this one uh coming back to this one here um is like okay so these are all the parameters and as as we saw from the user perspective maybe coming back to this one here just to start it again we can see you should see ah yeah this one here we should see we we we have this four parameters here right everything else we don't see but as we can see in the configuration of course things like um okay i have even i even have a predefined resource group name i have configured that i always want to have static ip addresses and stuff like that um that's all configured and then i said okay i hide this from the user because who cares right this is how we want this vms to be created that's how we do it don't show it to the user it's just going to confuse them or whatever and then so that's true for all other parameters that we see here so one two things that we see that i could pick a location i can pick a location here and i could pick azure vm sizes and that's because instead of making this parameters a plain text input field which would look like this right if i'm running it then uh i would just see that um okay i could type in i don't know standard v2 wha whatever so number one the user would have to type it and we have all the type of stuff then maybe somebody would spin up the monster giga godzilla vm and we're gonna pay ten thousand dollars at the end of the month we don't want that right so that's coming back to the point of configuration control management and making sure users are doing the right thing and that's why here we have a query that's very simply because it's a static static query it just shows the available vm sizes and just now we had this dev configuration that's why we saw three vms but as a default i could say okay no the normal user should not be allowed to to spin up vm with 16 cpus or stuff like that because um they should only be allowed to select from two vms and then you're just doing that and i'm just configuring that and so if you have two use cases like okay one should have two vms the other three vms or whatever or other region other regions and just make a duplicate of the action and i'm just plugging in the right query for this group of people and then if that's all correct i'm saying okay now i can start delegating that to my users and um talking about the delegation another thing that we have added which you think i think is is really pretty pretty pretty cool slash important is now i'm switching to another vm here because this is one that directly running in azure that you can now have users that are authentication authenticating based on the azure active directory let me just also make this a little bit bigger so if we talk about how to actually authenticate against script runner um in the past we had ad local id game-based identity-based authentication and now it also can be an azure ad user this is how i have i'm logged in here actually because it's in vm that runs in azure so that's that's one thing that we have added so you can still of course have ad authentication but you can also have azure id authentication to [Music] work with script runner from the administrative perspective but also when it comes to delegating stuff that's what we're looking for looking at right here right so um and in other cases if this if this would be something that should should be that should be uh should run on a schedule base of course you could do this as well with every action you could say this is something i want to do every friday at i don't know five o'clock in the in the afternoon and then you configure this action as being scheduled it still can be done and triggered interactively so if you have a need for run this now you can still do it once you have delegated it to somebody but you can also have it based on a scheduled approach and interesting enough we have many companies coming to us where their first priority is to get rid of all this decentralized windows task scheduler stuff that happens or not happens on all these different machines and they don't have really control about all these things and then the delegation to help us and stuff is also a thing that they're interested in but their pain more is about getting control and a better way to manage all these different scheduled um tasks and and uh actions as we call them in our case um so that's of course something that you can do here as well and the queries here we can see two examples here are one of the most important things really in the whole configuration piece because it gives you the possibility to to make sure the users don't have to type stuff and they can select the right things and you can differentiate between people who are responsible maybe for different environments different regions different subscriptions different tenants and again having the same script still in as an underlying [Music] foundation so to speak and so we have different types of queries and also one thing that i want to show you is later on that there is um i wanted to go to the queries micro what are you doing um we have now in addition to what we had in the past also direct azure type queries which means you could you can do ms craft queries within script runner you could still you could and you can still do it of course based on the script but now to make it even easier you can you can really use uh that the uh ms graph or the resource graph and we'll show you an example later on just just quickly coming back to what we just saw in this use case is okay there was a possibility to decide what kind of um vms are should be available and here you could see okay this is the list of these two vms on the left side that's what the user sees on the right side that's the technical information and in another use case we saw when i'm selecting this um i'm just having a different selection and um a different value and so we always have this what what does the user see and what is happening in the background technically the same is true here with the azure locations again very simple in this case um so these are just the things that the user should be allowed to select now this is a static list because these things don't happen to change every hour but of course there are other other cases where you want to let's say you want to have a list of your existing users in your active directory or you want to have like in this case i have actually a scripted query that comes back with a list of my obviously five mailboxes and by the way i can i can test all these queries just to see if if they're working and so what what what happens here is that because this is a query that might take a little bit because it has to connect to my tenant and then then i have to get back all the information and um i as a user i don't want to wait right so that's why you can create um schedule queries where you can say okay we're running this automatically in the background every two hours and then so when the user opens up this dialog there is already some data there it's maybe not the latest one but there's um you and if you need a quicker refresh you can just do that say okay this should run every every 30 minutes and then here again you have the the the content of the of the current cache uh with the again the information on the left side that's what the user sees and on the right side that's the technical information that's being used when we when we actually execute the scripts and the command lines and and stuff like that and um as i said we added some additional azure functionality here so going back to my vm that i'm running here in azure um i could have a query that is in this case okay it's looking for um for room mailboxes but you get the idea right it's about okay creating a a query that you can use and also new compared to the script runner from last year where you could just have individual values coming back that you can then further use in your script now um the whole json object can be used so if i'm running that here and i'm just testing it hopefully it's going to work yeah okay if i hover over it here i can see okay that's the actual data that comes back and i can work with all the data that get coming back from this query so that gives you much more possibilities and just you know i you need maybe the mail and the display name and some ids and here you have the whole json object that you can use to take this data and use it in your in in your scripts um and here i have a this is just you know a normal user query so to speak but also coming back with the whole json data so everything that that graph is giving me um as we all know it's not everything that is part of that user but it it's still more than just having an individual parameter or parameter value um so this is really something that that helps to to better work with with the data in in azure and especially with the microsoft graph um but you have multiple options you could also uh talk to the resource graph or the data explorer so as i said this all of course you could already do by scripting something and creating a query script and doing that and you can still do that of course um but we just wanted to make it easier and more also making this more accessible for the admin to work with with the ms graph and and the other ways of of creating these queries and to at the end of the day to make it easier for the user to pick and choose the right things and for you to make sure it's it's the it's the right information that they are presented with and um so that that's why we added as another an additional type that's why we edit um as i said this azure type into the list of of possible of possible queries um and yeah so all these queries so the way to use it is really going into the use case going into the action and switching a parameter that is maybe just a a um a string input field into something where you want to make sure okay the user is allowed to um is only allowed to for example like in this case pick from a list or not from a list because i think i'm here so this is an example like okay i would have to know that i have this user angus young here who knows that so that's why going back to the edit mode of course i go here and i say no i want to present i want to use this list of mailboxes here and then now and here we go one you can mix multiple selections and here for example this is another example for the static list static query because behind that we have a template with text also including variables like start and end date to make sure it's the right information if somebody is i don't know out of office or training or sick or whatever uh and then again this is of course something one of the many use cases that customers are then going to delegate and then we're coming back to our um portal and um the way it's being used right here selecting users template date time and whatnot and then running that action and again being true so always if the user does something it's not the user is running the script it is the user is triggering the script right so that's the big difference because the user never ever touches any any powershell stuff or needs to have any access again to this backend systems it's really all managed once the user puts triggers this button and then the things are happening in the background and uh again we can even see in real time if we are now going to the dashboard we could see that there is something you can see the wheel turning here so you can see okay there is something happening and um so you can you could even look at this in real time or of course more often you look at the end of if something went wrong or how long did it take or or you want to make a report about a specific um target or or [Music] or something from from this uh this matter so to speak um yeah um so what else did we do um since since we we looked at it last year so we looked at the the azure authentication we looked at the different kind of queries and now the new portal which is a role-based one we looked at the portal widget and the efficiency dashboard powershell seven um as i said it's there but it's kind of really it's i would say it's kind of waiting there to be used because it's it's uh i would say 99 of the people i talked to still are more or less in the windows powershell world which is okay right but what you can do is depending on if it's supported by powershell 7 and you you have to write data you can switch a windows powershell action into a powershell 7 action and you can switch also a target thing no it wasn't the card it was it was a correct it was the query into using um powershell 7 instead of windows powershell but as i said it is really something that we we've added but it's not really it doesn't see a lot of adoption let's put it let me put it this way um and um just to show you also what we are going to publish um i hope by the end of this week so coming back to this other machine where i just did a blame new installation um and i told you about this this journey that we are on to kind of get rid of the admin app and to put everything into the portal and one thing that we have added now which actually hasn't been in the admin portal but it's really useful is a real-time monitor just to get information about the activities um of um yeah users triggering scripts maybe we can just immediately just try to trigger a few scripts here two actions and then we should see some things happening here hopefully let's look at this one yes okay here's some you can see a running action that's of course okay it's but i hope you get the idea it's like okay there is something happening i can see it i can also see if i have cute actions and cute actions is is something also new and that's this has to do with um how many connections do we want to allow script runner to use when they when they work with o65 for example because obviously there are limitations by the number of of connections that you can that you can use by the way once that's when this still running you can also stop the execution right here and you see also the detailed information about the report which later on is going to be of course stored in the report for the for history reasons so to speak but you can also look at this in real time right here yeah um cute um activities is really when you say okay i have a oops i have a a target and i want to limit the number of connections that script runner should be allowed to use and then let's say this would be novice 65 one and then you can say okay i want to only allow five connections and once that's being reached i want to queue that execution until we have another slot available so this um [Music] script can be executed and if that's if you reach that connection limit and then we start queueing activities then you will see that appearing here in the cute action area which i think is also a pretty cool thing and of course it works also if you have i mean now it's just one machine if you have multiple script render machines um the monitor here will show you the activities from all these machines that are part of your of your configuration and something else that we added um is now you can have the um the help directly integrated into the user interface this is something we're really heavily working on because this is if people looking at our solution and if if they are able to find some weak spots it would be like documentation and we hired a few people uh to become much better there and one of the results we already see here so we're going to have a help into uh right built into the um the interface actually it's it's it's either going online to our help system and if you're offline we can switch to the pdf version of that information and then you can have you can use it as well of course the online one is more up to date because we can we can make changes there and add new stuff on a daily basis at least theoretically all right so these are things that we are um that that we are working on and well the overall idea overall idea really is to yeah take this great powershell technology and to really turn it into something that everybody everybody can use interactively or it helps people who are maybe in the starting point of using powershell and um to yeah take more and more use cases and make them available with powershell and then having these three ways of triggering scripts i think is another great thing um we looked at two already interactive schedule the third one is using our connectors where um you can allow a system like i have a monitoring system running here from padg i am allowing this system to talk to script runner it has to authenticate of course and then based on the authentication we check if this system is allowed to trigger whatever they want to trigger and um and then you have this fully automated approach and connection between yeah whatever system is able to talk rest and even if if we have um if you and we happen to have customers that are have kind of legacy systems not able to talk rest we also have what we call an email inbound connector where the script runner is kind of monitoring an imap mailbox constantly and this is another way of kind of sending us tickets to run scripts with this and this parameter so this is also something that we that we can do in in this use cases if if rest is not possible um and again all these uh activities ending up in the centralized dashboard and gives you the the complete overview about all these powerful activities and that's again coming back to the centralization idea from the beginning is really the key to all that and um so what what we see with our customers they typically start with with doing things with active directory that's kind of the classic right doing id stuff creating users exchange all 65 teams um azure vmware so it's it's because as as jefferson always says in the powershell is this clue between all the systems that's why it is like um the same with the script runner because everything that you can do with powershell you can you can easily make available in script runner and make it a solution that again really you can manage it uh properly you can delegate it properly it's it's it's all been done in a secure way and and that opens up i think really the possibilities to do much much more with with powershell and um things that that are really then once you started to use script runner and the queries and stuff like that things that are really become interesting and helpful is like for example um you could have because we talked about these queries you could have cascading queries where you kind of lead the user step by step like in this case very simple one for ad i'm selecting an ou path once i've done that then i get the groups of this ou and once i have selected that i can see the members of this group and that is really leading the user step by step so and this is just this is very simple because it's just you can you can have a query being being [Music] configured as used in a cascading uh in a cascading way and then what you're doing here you're just saying okay what's the search base of the second query it is based on the result of the or you pass and the third one is based on my second selection which is a dollar group and in another use case it could be i don't know the top one could be your hyper-v server and then your vms and the third one could be the existing snapshots just to enable somebody to um restore to a particular snapshot for example or sharepoint farm sharepoint site and whatever so so this really opens up the great way maybe also for maybe not not complex but more sophisticated use cases to really make sure okay i can make it easy for the user just selecting whatever i want them to be able to select and for me to use that wherever it's necessary and which also um when talking about simplification also means um the way that you manage your scripts i mean we talked about this uh main script so to speak so you want to do something then we have we quickly covered this query script but there are a third um a third way or such type of scripts and that is the the library scripts and so what you can do here is that so in this case because at the end of this this process i wanted to show this nice little html uh page or report i have put this functions into this library scripts and whenever i need that i can just activate this this this option here in each and every action where it makes sense to say okay i want to preload the functions of this script and so if they become available immediately and i just can use them from the main script and i don't have to worry about if the function i don't have to put these functions into the main script over and over again of course so it's again talking about centralization and stuff like that um so this is really another way of um yeah simplifying the the whole concept and the way of how you manage your scripts and again coming back to simplifying and kind of streamlining your main script so then they don't need to be any logistic information in there because that's done by the targets um you you don't have to have your functions in each and every script because that you can put them into library scripts and and so your your main script is really focusing on what you want to get done and the logistics around it are managed centrally um as well and i think that that's that's really a very uh helpful approach um to also yeah maybe kind of we see that with some with some customers kind of changing the way they develop scripts compared to what they did in the past where they maybe put everything into one script and then that's the golden script and we need this and when we make changes oh we don't know how it's going to affect other things so um yeah using this this library scripts and and the functions and that that really can become a way to kind of be more clear about the structure of your scripts and the way you you you managed and you store them and and stuff like that all right um so with this i think from what i wanted to show you today and oh i think that would be that would be it other questions can you guys hear me yes yeah cool all right so um one of the questions that was asked online um was with regards to the code compare is the when the code is stored on the back end is it using git um no so by default that they are stored locally on the script in a box so we have a folder structure where this this um scripts are stored physically um the company the integration with git so to speak uh to compare or to combination with script runner is like um really having a synchronization process where we can say okay we want to take a look at a particular branch every hour for example so what you can do here is you can say okay this is my github repo this is my branch this is my target folder and then we are going to look at this github repo any given time right here to find out if if there is a new script or if there is an updated script so if your way of working with script is like okay everything goes on cicd and code management in git then you would most probably not enable this feature to modify scripts via the portal because that would kind of undermine your whole process so you would say okay script runner is going to be only on the receiving end of the things that that you have organized already in git um if your the way that you develop is is different and you would say okay i can i want to do that kind of locally then you could you would use the portal and you would uh kind of the results of your changes will be reflected in that in the in that photo structure that makes sense oh yeah it was just around the um can you hear me okay yep yep it was just around the um uh web server and database support for script runner i know you were talking about changing that last time we caught up or at least making some changes is there any news on that front um you mean when it comes to the underlying web service or webs web server um that's right yeah i think i think it run last time we spoke i think it ran on iis and it was a back end of sql server is there any changes there or is that still the same um at the moment that's the same but it's a good question because we are in the long run uh we're going to see i would say totally different architecture which will also include support for things like mongodb and stuff like that and which will kind of bring us brings us to scenarios like script runner as a service blah blah blah which i cannot talk about in detail yet because it's a it's a journey but um they're good definitely going to be changes in the architecture that will allow us into getting into this world of you know also containers and and stuff like that we're on the way there yeah awesome all right anything else people fell asleep it's late is it over there in australia at the moment it's only 7 30 at night yeah it's not too bad okay okay just before the news yeah what time is it there where you are um it's 11 11 25. in the morning oh okay almost lunchtime yeah yeah yeah he's gonna say i don't think um well yeah i don't watch the news so certainly most of uh mostly all of the most audiences just read it online so yeah yeah um i think that's about it i don't have any questions that i've been um asked online there was only that one um so i might as well wrap it up there um thank you um every time that you present i just love like it's just so great um and i always love to see all the features that i keep getting added to um the script runner platform and it's just i was saying to wayne earlier just it i'm so glad i actually accidentally double booked it and i was so glad that i was like i joined because i was just thinking um it's just seeing the new features make it's just it's so great like it's just there's so many awesome new things that continue to get added to that platform that just yeah uh-huh yeah really basic one like um being able to query the graph api that's awesome yeah i was i saw that and i just thought that it just it just makes sense like there's so much so many features in there that just makes sense that really and the thing that it just really abstracts away the complexity of running powershell um to um just to yeah simplify the end users experience um yeah anyway yeah i think that that's really one of one of the key aspects really for many many organizations definitely yep all right well i'm gonna wrap it up online um just quickly ask the online audience is there any other questions that you guys want to ask okay one more question in the chat there sorry from peter um if you can read it yeah it regards powershell 7 and linux right so um so as i said so we you for for using powershell with with uh with linux of course what what you would need to create and what you can do with obviously with script runner is you can create um your your credential for the uh with the has this hatch key so you can and then you can of course you create your target using this um as a search credential and then you can use it in your in yours in your in your actions so so it kind of a multi-step approach so we need to have the ssh credential um we need to have the target where you can that you can configure to actually connect to your linux boxes with the with the credential and then um yeah you would you would you would um then configure your action in the sense of okay i will not use windows powershell i will use powershell seven and we actually um we are bringing powershell seven a windows uh powershell seven version with the installation so when you when you install script runner on a box and you don't have powershell server on it um there will be one when and that's the one that we're using when you're when you when you're installing script runner and then you can that's why you can just switch to powershell seven um pretty easily in in the action and the other actions because you said you know 50 of linux and for the other ones you could still keep it in using windows powershell and for the other ones you're using powershell 7 with your linux target together with the ssh credential and so this is how you can kind of mix and match these different environments so to speak excellent thank you yeah thank you you're welcome alrighty i'm going to end it there for tonight um huge thank you to everyone for attending and um yeah we'll hope to see you guys next month anyway bye for now thank you thanks for having me thank you thank you
Info
Channel: Brisbane Infrastructure DevOps User Group
Views: 134
Rating: 5 out of 5
Keywords:
Id: c9VQDvJ9IGQ
Channel Id: undefined
Length: 96min 9sec (5769 seconds)
Published: Tue Sep 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.