Windows Desired State Configuration

Directions-Training-Windows-Desired-State-ConfigurationDesired State Configuration (DSC) is a configuration technology, written in PowerShell, which provides a method to define how a given computer should be configured and then ensures that the computer remains in that configured state. Traditionally, this has been accomplished, in part, through scripts written either in VBScript or, more recently, in PowerShell. Using DSC, however, there is no need to write a script, in the traditional sense. Instead, DSC uses a special kind of script that simply describes how the computer should be configured. DSC manages the task of actually performing the configuration on the computer to ensure that it is in compliance with the DSC script.

DSC consists of three main components: Extensions to the Windows PowerShell scripting language, the Local Configuration Manager (LCM) and DSC resources. In short, administrators write DSC scripts using the PowerShell extensions using one or more DSC resources. The DSC script generates a MOF file. MOF, Managed Object Format, is a Windows based file format designed to make changes to WMI settings on a computer. For example, System Center Configuration Manager makes use of MOF files for collecting inventory data. These MOF files are then copied to the target computer and then read by the LCM, which runs the DSC resources specified in the MOF.

Creating DSC files using the PowerShell extensions is fairly straightforward. The DSC file is written using a specialized type of PowerShell function, known as a Configuration element. The basic syntax is as follows:

Configuration [Name] {
Param (

 [string[]][$ComputerName]

 [datatype][Variable name]

)

Import-DSCResource –ModuleName [DSCResoureName]

Node $ComputerName {

}

}

 

The Configuration element contains a list of one or more parameters defined in the Param section, in exactly the same way as in a PowerShell function. Any DSC Resources defined in the DSC file must be imported using the Import-DSCResource command. The Node section defines which computers will receive the configuration data and what configuration will be applied.

The power of DSC is in the DSC Resources. DSC Resources are special PowerShell script modules that check a node’s current configuration and configure the node as specified. A DSC Resource module is written to manage and configure one specific computer resource. For example, there is an xNetworking module that can be used to configure the Windows Firewall, IP Address and DNS ServerAddress on a node. DSC Resources are available in the DSC Resource Kit, a free Microsoft download, at the PowerShell Gallery website and at the community DSC-Hub repository hosted by PowerShell.org.

The third DSC component is the Local Configuration Manager (LCM). The LCM is the engine of Windows PowerShell DSC. The LCM runs on every target node, and is responsible for parsing and enacting configurations that are sent to the node. It is also responsible for determining the refresh mode (push or pull), specifying how often a node pulls and enacts configurations and associating the node with pull servers.

The MOF file generated by the DSC script needs to be transferred to the target computer where the LCM can read the file and perform the configuration instructions contained within it. There are two ways to achieve this. Push method or deploying a Pull Server. The method used is defined in the DSC script. Briefly, the easiest to configure is the Push method but it means you have to transmit configuration files to each target node yourself, keeping track of which configurations go with which nodes. In the Pull method a Pull server is configured which is a website in IIS that uses an OData interface to make DSC configuration files available to target nodes when target nodes ask for them. The LCM on each target node queries the pull server for the current configuration. If it finds a configuration marked for itself the configuration is transmitted to the pull client, where the LCM executes it.

Desired State Configuration has been touted by Microsoft as THE way to initially configure servers and ensure that those servers remain in their intended configured state. Microsoft is continuing to add additional DSC resources and broaden the support for DSC. Currently, DSC can be used to configure both Windows AND Unix computers. More information on DSC can be found in the TechNet article Window PowerShell Desired State Configuration Overview or in the Microsoft Virtual Academy course Getting Started With Windows PowerShell Desired State Configuration.

Leave a Reply