The Microsoft Azure Automation service has just hit general availability and allows administrators to automate tasks using runbooks. Based on PowerShellWorkflows, runbooks differ from standard scripts in that they’re for automation of repeatable and frequently run tasks that are executed in parallel across multiple machines. Runbooks can be stopped, restarted, and even survive server reboots. Don’t worry if you don’t have any PowerShell experience. There are plenty of sample runbooks in the Azure management portal to get you started.
The Azure public cloud uses the same automation infrastructure as System Center 2012 R2 Orchestrator and Windows Azure Pack, allowing the creation, monitoring and provisioning of resources. There are two pricing tiers: free and standard. Find out more information on pricing on the Azure website.
About Azure global assets and high availability
The two key differentiating factors between using Azure Automation and the PowerShell module for Azure from an on premise workstation to automate tasks in the cloud are high availability and global assets. The Service Management Automation (SMA) engine is always available and is subject to a service level agreement. Global assets are variables defined in Azure Automation that can be shared amongst all your runbooks. For example, instead of defining variables in individual runbooks, you refer to global assets, which can be modified centrally if something changes in your Azure environment.
Let’s get started with using Microsoft Azure Automation by diving into the steps you’ll need to follow to setup and configure the service, starting with setting up automation in your Microsoft Azure account.
1. Set up an automation account in your Azure subscription
The first step is to set up an automation account for your subscription. Log in to the Azure management portal and follow the steps below.
In the Azure management portal, scroll down the list of items on the left and click AUTOMATION.
In the grey bar at the bottom of the portal, click CREATE.
In the dialog box, give the new account a name, select a region and click the Finish icon. The new account will take a few seconds to create and will appear under automation in the portal.
Now click your new automation account in the main portal window, and then click ASSETS.
2. Configure authentication
The Azure module should already be imported and ready for use, but before we can use runbooks, we need to add a credential asset to allow the automation engine to authorize to the Azure subscription. The easiest way to achieve this is to use an Active Directory (AD) organization ID (OrgID). This can be any OrgID from an AD associated with your Azure subscription. Azure Automation cannot use Microsoft accounts for authorization.
3. Create a new AD user
I have an Office 365 AD added to my Azure subscription, but you could also use Azure’s own basic or premium Active Directory services. If you don’t already have Active Directory in your Azure subscription, add an existing directory or create a new one using NEW > APP SERVICES > ACTIVE DIRECTORY > DIRECTORY in the management portal.
Once a directory has been added, scroll down the list of items on the left of the portal and click ACTIVE DIRECTORY.
On the right, click the Active Directory you want to use.
Now click USERS, and then ADD USER at the bottom of the portal.
In the ADD USER box, select New user in your organization under TYPE OF USER, enter a username and click the Next icon.
Now type a first name, last name, and display name for the new user. Leave ROLE set to User, and click Next.
On the Get a temporary password screen, click create.
Copy the temporary password from the NEW PASSWORD box and paste it somewhere safe, as we’ll need it in the next steps.
Click the Finish icon.
3. Make the new user an Azure administrator
The new user account should now appear in the main portal window. Make a note of the username as we’ll need it later. Before doing that, we’ll make the new user a co-administrator of the Azure subscription.
In the Azure management portal, scroll down the list of items on the left and click SETTINGS.
On the right of the portal, click ADMINISTRATORS.
In the grey bar at the bottom of the portal, click ADD.
In the ADD A CO-ADMINISTRATOR dialog, enter the username for the account in the EMAIL ADDRESS box, check the relevant Azure subscription and click the Finish icon.
4. Change the AD user’s password
The new Azure administrator should appear in the main portal window after a few seconds. Now we need to log in as the new user in order to assign a permanent password.
Click the user icon in the top right of the management portal and click Sign out.
Log back in to the Azure management portal, by clicking SIGN IN in the web browser window.
On the sign-in page, click Use another account.
Enter the username for the user created in the previous steps and click Continue.
Now enter the temporary password for the account and click Sign in.
On the change password screen, enter the old temporary password, and then type and confirm a new password before clicking submit.
At this point you should be successfully logged in to the Azure management portal. You can choose to continue working under this account, or log out and sign in using your usual Azure administrator account.
5. Create an automation user asset
Before we can use the new account in Azure Automation, we need to set it up as a global asset to be referenced from our runbooks.
In the Azure management portal, scroll down the list of items on the left and click AUTOMATION.
On the right of the portal, click the automation account you plan to use.
Now click ASSETS.
In the grey bar at the bottom of the portal, click ADD SETTING.
In the dialog box, click ADD CREDENTIAL.
On the Define Credential screen, select Windows PowerShell Credential from the drop-down menu, type automation in the NAME field, and click Next.
On the following screen, type the AD username ([email protected]), then confirm the user’s password, and click Finish.
In a few seconds, you should see the new credential asset appear in the main portal window.
6. Add a runbook from the gallery
Now we have authentication configured, we can add a runbook. In this example, we’ll add a pre-created runbook from the Azure gallery.
In the Azure portal window, click NEW > APP SERVICES > AUTOMATION > RUNBOOK > FROM GALLERY.
On the Select a runbook screen, click VM Lifecycle Management on the left.
In the center column, click Azure Automation Workflow to Schedule stopping of all Azure Virtual Machines and click Next.
Take a quick look at the runbook code on the Review runbook definition screen, and then click Next.
On the Enter runbook details screen, accept the default name for the runbook, making sure the correct automation account for your Azure subscription is selected, and click Finish.
7. Configure the runbook for your Azure subscription
After a few seconds, the new runbook will be imported. Before it can be run, we need to make a couple of simple changes to the workflow. Make sure you are in the automation account section of the Azure portal before continuing.
In the main Azure portal window, click RUNBOOKS. Click the newly imported runbook in the list.
Click AUTHOR.
In the code window, select Get-AutomationPSCredential –Name [email protected], click INSERT on the grey bar at the bottom of the portal, and select Setting from the menu in.
In the INSERT SETTING dialog, click Get Windows PowerShell Credential under SETTING ACTION.
Now click automation under SETTING NAME, or the credential asset name you want to use, and click the Finish icon.
In the code window, enter the name of your Azure subscription manually, replacing of Some Subscription Name.
The locations for the code modifications are indicated in the figure above. Additionally, the automation name credential should be as specified when creating the credential asset, it doesn’t necessarily have to be in the [email protected] format and was shown highlighted in a previous image.
Click SAVE in the grey bar at the bottom of the portal, and then click TEST.
Click YES to confirm you want to test the runbook.
In the output pane, you should see the script run with no errors. If any VMs were running, you should also see that they have now stopped.
8. Schedule the runbook
Once you have tested the runbook and made sure it works correctly, publish it and schedule it to run.
Click PUBLISH in the grey bar at the bottom of the portal window.
Click YES to confirm.
CLICK SCHEDULE at the top of the portal.
Click LINK TO A NEW SCHEDULE.
In the dialog box, give the new schedule a name and click Next.
On the Configure Schedule screen, set the desired schedule and click Finish.
The new schedule should appear in the console window, and your runbook executed according to the schedule.