In this Hands-On-Lab, we have a scenario in which your organization has an ongoing problem with Virtual Machines getting unauthorized changes. This is impacting productivity because it is taking time to get them reconfigured the way they are supposed to be setup. The organization has already reduced the number of employees that have administrative access and is also in the process of setting up policies. These reductions limit what can be changed on the server, but the policy has a lengthy list of additions that will not be implemented fully for a few weeks. Management wants a quick solution in the meantime.
Solution
We will be utilizing DSC to ensure that the Virtual Machine contains the minimal components as defined in the organization’s corporate requirements. This is important because if you have standard configuration/software for Virtual Machines, it helps keep things uniform and makes it easier to troubleshoot in the event of a potential failure.
At the end of this hands-on lab, you will have the following learning outcomes:
– Have an understanding of what DSC is and how to set it up
– Be able to deploy DSC and become knowledgable of the main components of DSC
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Log in to the Azure Portal
Using http://portal.azure.com, log in with the lab’s provided credentials.
- Create Automation Account and add a Powershell file.
Reminder, do not try to create an Azure Run as account.
- Create a resource.
- Search for automation then click Create.
- For the Automation name enter webservers.
- Use the existing resource group and the existing subscription.
- For the Location, choose East US and click Create.
- Download the install.ps1 file from this link https://github.com/GaryMcLeary/70-533-Files/blob/master/iisinstall.ps1
- Within the portal navigate to the location it was downloaded to and save the following as
iisinstall.ps1
. - Configure the
iisinstall.ps1
as follows:
{<br>
node "localhost"<br>
{<br>
WindowsFeature IIS<br>
{<br>
Ensure ="Present"<br>
Name = "Web-Server"<br>
}<br>
}<br>
}<br>
<br> - Go to DSC.
- Go to configuration and click Add.
- Click on the folder and navigate to the folder that has the
iisinstall.ps1
file. - Once uploaded, click on the file and choose the option to compile.
- Add VM to DSC node
- Go to All Resources and click on the Automation Account.
- Click on DSC then on Nodes.
- Click Add.
- Select Virtual Machine to add to the node then click Connect.
- For the Node Configuration name select IISInstall.locahost.
- Leave the Refresh Frequency and Configuration Mode Frequency as the defaults.
- Select Applyandautocorrect for Configuration mode and click the checkbox for reboot node if needed.
- Click OK.
- Test VM to make sure it remains compliant
- Create a new Virtual Machine (Windows Server 2019 Data Center):
- Click on Virtual Machines on the left-hand side in the navigation pane.
- Click Add.
- Click the drop-down box and select the existing resource group.
- Use VM-LAB2 as the Virtual Machine Name.
- Region:use East US
- Image: select Windows Server 2019 Datacenter
- Size: Change it to B2s or B2ms
- Admin username: Admin1234567
- Admin password: Admin1234567
- Click Review and create
- Click Create.
- Add VM to the DSC node:
- Go to the portal at https://portal.azure.com (if you are not already logged in).
- Go to All resources–>web servers–>State Configuration (DSC)–>Nodes tab.
- Click Add.
- Click on Lab-VM2.
- Click Connect.
- For Node configuration name use
iisinstall.localhost
. - For Refresh frequency, leave the value at the default:
30
- For Configuration mode frequency leave value at the default:
15
- For Configuration mode, choose ApplyandAutoCorrect.
- For the checkbox named "Reboot node if needed", make sure that this is checked.
- For action after reboot, make sure that ContinueConfiguration is selected.
- Click OK
- Confirm that after adding the machine, that IIS is installed:
- Log in to Lab-VM2 via Remote Desktop, go to All resources–>Lab-VM2–> you will see the IP address in the overview section.
- Use the IP address from the overview section to connect via RDP (Remote Desktop).
- When prompted for credentials, you should be able to log in using Admin1234567 as the username/password (assuming you used these credentials when setting up Lab-VM2.
- Go to server manager when you log in, you should see IIS on the left underneath File and Storage Services<br>.
- Create a new Virtual Machine (Windows Server 2019 Data Center):