By Shiji Sujai, IOD Expert
Daily operations tasks are the necessary evil that can’t be avoided by any cloud management team. I have never been a fan of this element of the daily grind even before cloud arrived on the scene. I remember being assigned to do the daily checks and operations tasks in a few data centers when I started out as a newbie on the infrastructure management team. Once my newcomer enthusiasm wore off, though, I started thinking about escape routes from the mundane work: PowerShell to the rescue!
A few weeks later, I managed to automate the most time-consuming chunks of my tasks, especially the bit where I had to log in to several domain controllers to check the AD replication status. That taken care of, I dedicated myself to understanding the inner workings of an SSL VPN device I had at my disposal. This proved far more productive! I’m sure many other seasoned IT pros out there would agree that “start-it-with-automation” is the way to go.
Why Automate?
When it comes to cloud administration, automation should not be treated as a sophisticated add-on, but as a necessity. Public clouds are swankier versions of your typical on-premises data centers with automation pre-built into their DNA. However, I have witnessed numerous occasions when teams had to do mundane manual work, be it for provisioning, management, or monitoring. For example, the same cloud resources would get provisioned again and again for multiple teams but with different specifications. Often a mediator or a cloud administration team is required between business users and the cloud platform to take care of these nitty gritties.
Automation is often the flagship selling point of cloud. If automation is not being taken advantage of, you’re not getting out of cloud what you could be.
Organizations should explore ways of automating management tasks, be it in public or private cloud environments. In addition to reducing the possibility of human error, time and effort required for repetitive work can be effectively redirected for optimizing your cloud environment for better ROI. Many cloud service providers have native automation tools that can help you survive without the GUI–Azure ARM templates, Azure PowerShell, Azure CLI, Cloud Shell, AWS CloudFormation, AWS CLI, and gcloud CLI to name a new.
Automation in Microsoft Azure
Cloud service providers such as Microsoft Azure have progressively made significant investments in automation tools over the course of time. When I started working in Azure in its nascent stages, automation was mostly done using PowerShell. A few years later, many more automation tools were added to the stack. Let us explore some of them and get you started on your automation journey.
Azure PowerShell
Azure PowerShell was the earliest enabler of automation in Microsoft Azure. When Azure Resource manager architecture was introduced to replace the Azure Classic model, AzureRM module was added in Azure PowerShell to support the new capabilities like tagging, RBAC, and resource groups. Additionally, Azure PowerShell can be readily integrated with CI/CD tools like Azure DevOps and Jenkins to create a build and delivery pipeline for applications/infrastructure. A recent addition to Azure PowerShell–currently in public preview–is the Azure “Az” module. This will eventually replace the AzureRM module. The Az module is backward compatible with AzureRM module. In addition to Windows, Azure PowerShell is also supported in PowerShell Core V6 which can be used in any Linux or Mac OS platforms that support .Net core. It’s quite easy to get started with Azure PowerShell. Here is a good tutorial.
Azure CLI
Azure CLI is another tool that can be used by administrators who swear by black command line interfaces. Azure CLI is supported in multiple platforms and can be used from Windows, Linux, and Mac OS systems. Though Azure CLI supports management of classic model resources (ASM) in Azure, it is recommended as the primary CLI tool for resources using Azure Resource manager. Azure CLI can also be executed from Azure cloud shell or from your local computer to connect to Azure resources. Azure CLI helps administrators create automation scripts in platforms they are most comfortable with. For example, if you are a Linux person, you can go ahead and create bash scripts with Azure CLI commands to manage your Azure cloud environments. Though Azure PowerShell has been around for longer and you might find more readily available scripts from public repositories, Azure CLI is also quickly gaining popularity because of its simplicity and ease of use. Get started with your journey on Azure CLI with this tutorial.
ARM Templates
ARM templates use declarative json format to create or update resources in Azure. Introduced along with the Azure Resource manager model, ARM templates quickly became the default choice of administrators where there is repetitive provisioning or updates to be done in Azure cloud-hosted environments. ARM templates are also used extensively in Infrastructure as Code (IAC) scenarios, where multiple environments say Dev/QA/Prod are to be deployed with the same consistency. The parameters defined in an ARM template can be used to enforce naming conventions or other environment specific settings. ARM templates can be deployed using Azure PowerShell and Azure CLI, thereby enabling integration with automation tool of your choice. In DevOps scenarios, Azure ARM templates are combined with Azure PowerShell task to achieve end to end automation. You could write a PowerShell script to extract current state information of a resource group, for instance, and use it as input for an ARM template deployment in an Azure DevOps release pipeline.
Azure Automation
Azure offers automation as a service for managing configuration and automation across multiple hybrid cloud environments. You can use graphical, PowerShell, or Python runbooks to automate cloud management activities and schedule them to execute in daily, weekly, or monthly basis as per your organization’s requirements. There are a number of readily available runbooks in the marketplace that can be used by customers with few or no changes. You can write your own runbooks using PowerShell or Python and execute them from your automation account. Azure Automation also offers cloud-based configuration management using PowerShell DSC. This service will help monitor and manage configuration drifts of machines deployed in Azure, other public clouds, or any third-party hosting environment, as well as on premise. Hybrid runbook workers are used to connect with other hosting environment to execute the runbooks directly from the connected Azure automation account on Windows or Linux systems. Therefore, Azure automation offers a single pane of automation, where you can view, monitor, and manage your automation components directly from the Azure portal.
Azure Cloud Shell
If you are not able to install any of the command line management tools in your local system, you can leverage the browser-based Azure Cloud Shell, which can be accessed directly from the Azure Portal or at https://shell.azure.com/. Users can choose between bash and PowerShell experiences. Authentication is done using the same credentials used for Azure Portal. AzureRM modules are readily available in Cloud Shell and additional PowerShell modules can be installed using Install-Module command. Cloud Shell also comes pre-built with several Linux and Azure tools, text editors, build tools, as well as source control(git) integration. It also supports multiple languages like .NET core, Go, Java, Node.js and Python.
Keep Calm and Automate!
Cloud environments are quite complex and can often become nightmarish for teams managing multiple environments. Management solutions are not scalable unless automation is built into them from the ground up. I have covered the different automation tools available in Azure, as it is one of the widely used cloud platform by enterprises (and of course because it is my bread and butter ????.) Other cloud platforms such as AWS and GCP provide similar automation tools that can be explored and integrated into the architecture in the planning phase itself. Time spent on cloud automation is always an investment that will give you great returns in future. So, keep calm and automate!