orchestrator use cases appalachian state illinois andrew sanders erik coleman 1
TRANSCRIPT
Information Technology Services2
AppState Environment
Single server:• SQL instance• Runbook server• Web console• Runbook Designer
Runbook Designer also on clients
Information Technology Services3
Current Uses
Four Runbooks:• SCCM application requests• Endpoint Protection Remediation• Endpoint Protection Remediation clean-up• Help-desk software process
Using Orchestrator at Illinois
Erik Coleman, Senior Manager, Enterprise [email protected]
Current Environment
• Single Orchestrator Server: – SQL instance with custom DB– Runbook server – Web console – Runbook Designer – In process of moving SQL DB's to separate server
• Custom ASP.NET Web Front End
Current Uses
• Lync Account Provisioning– Person Accounts– Role-based (non-person) Accounts– Common Area Phones– Add/Delete/Change
Lync Account Provisioning Workflow
• Need for phone endpoint• Telecom Unit Coordinator (TUC) submits service
request• Phone Number Assigned• Submit Ticket to Lync Team• Manual Actions by Lync Team (LCP or
PowerShell)• Respond/Close Ticket
Use Orchestrator
Anatomy of our Scripts
• “Run .NET Script” Activity:– Grab data from SQL table– Initialize Lync and Exchange Remote PS Sessions– Invoke Script as 64-bit– Call local Lync-PowerShell Scripts
Typical PowerShell “Wrapper” Code
# Function to initialize Lync and Exchange connectionsFunction ConnectSessions{$pass = ConvertTo-SecureString ”{LyncServiceCredential} -AsPlainText -Force$cred = New-Object System.Management.Automation.PSCredential ("{LyncServiceAccount}",$pass)Import-Module ActiveDirectory$LyncSession = New-PSSession -Name LyncSCORCH –ConnectionURI {LyncConnectionURI} -Credential $credImport-PSSession $LyncSession$ExchangeSession = New-PSSession -Name ExchangeSCORCH –ConfigurationName Microsoft.Exchange -ConnectionUri {ExchangeConnectionURI} -Authentication Kerberos -Credential $credImport-PSSession $ExchangeSession}
Typical PowerShell “Wrapper” Code
# Initialize Remote PowerShell SessionsInvoke-Command –ScriptBlock ${function:ConnectSessions}
# Actual script execution: Grab appropriate script from variables and pass args.$scriptPath = {LyncScriptPath}{LyncAddPersonScript}$argumentList = @()$argumentList += ("-Username",$netid)
$output = Invoke-Expression "& `"$scriptPath`" $argumentList 2>&1" -ErrorAction Continue
Remove-PSSession -Name LyncSCORCHRemove-PSSession -Name ExchangeSCORCH
Is Orchestrator Worth the Time?
• Activating a Lync Account• O = 3180 minutes (53 man-hours)• T = 8 minutes• Nt = 200/month
• T x Nt = 1980 minutes/month saved• Using Orchestrator was “worth it” after 2
months in production
Tips and Tricks
• Avoid Counters• Some Activities not thread-safe, like Append
Line• Junctions are not what they seem• Logging is not centralized (DB, text, and
EventLogs)• Edit PowerShell in PowerGUI (or equiv.)• Native PowerShell 2.0 engine is 32-bit only
Future Orchestrator Uses
• Some things already done with PowerShell• Identity Changes• VM Provisioning