Why PowerShell's Desired State Configuration Should Matter to You
Unless you have been locked away in the bowels of your data center, I’m going to assume that you have heard the term, Desired State Configuration, also often referred to as DSC. If you’re thinking that DSC doesn’t apply to you, it’s time to think again. DSC was first introduced with PowerShell 4.0 and with the impending arrival of PowerShell 5.0, DSC is poised to really take off. Perhaps the most important thing you need to know about DSC is that it is not another type of PowerShell scripting.
Why is Desired State Configuration Important?
DSC is based on a number of industry standards aimed at simplifying server configuration. If you have heard of products like Chef and Puppet, DSC isn’t that much different. The advantage for you is that you can use PowerShell to build, manage and deploy your configurations. The current mantra wants us to think configuration, not automation. Here’s what I’m talking about.
For years, many IT pros have relied on a number of scripting tools, such as PowerShell, to automate the process of building, configuring, and deploying new servers. I’ve been at companies where that it is a distinct job position. And there’s no doubt that some of you have become quite proficient at this process. However, the process is really a matter of you configuring the server and often this only requires a single step.
With DSC, we take a page from Star Trek: The Next Generation. In our universe, each server has its own copy of Commander Riker. You, as Captain Picard, assemble your high-level instructions, hand them off the Riker, and tell him to “Make it so!” You don’t care how it gets done. You might not even know how it gets done. All you have to do is give Riker a to-do list like this:
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
- Configure DNS servers
- Install these particular server features
- Configure these services
- Create these local user accounts
And you can trust that Riker will get it done. Even better, you can tell him to periodically check the server and if anything has changed from your directives, fix it. This, in a nutshell, is DSC.
How Desired State Configuration Works
You create a configuration command in a way that’s very similar to how you create a function. Within the configuration, you define different configuration elements. These are referred to as DSC resources. Next, you invoke the configuration for one or more computers, which creates a managed object format (MOF) file. The MOF is then deployed to the server, where a piece of software called the Local Configuration Manager (Riker) looks at the instructions and does all the hard work.
The LCM also has a copy of the resources that tells it, often using PowerShell, how to achieve a certain task. You can configure an entire server without having to know nearly any PowerShell. All you need to know are the resources and how to use them, and that’s not too difficult to learn. Although you can use the PowerShell language to help create some very complex configurations on-the-fly, so certainly the more PowerShell you know, the more I think you’ll get out of DSC.
DSC: A Valuable Career Asset for the IT Pro
In the long run, IT pros with the PowerShell skills to create DSC resources will also get much further in their careers. Although many DSC resources come from Microsoft and members of the PowerShell community, you can write your own resources to fill your own needs or your organization’s needs. Have a custom application that needs to be configured per server? You can create your own resource. It’s simply a special type of PowerShell module.
DSC will let you build and configure your servers not just once, but continually. As I mentioned, you can have DSC monitor the server, and if there’s a change from the desired state, it can remediate the problem. This means no more issues with server configuration drift. Or, should you have a new requirement, you can modify the configuration, create a new MOF and deploy it to the server. Sure, you’ll have some up-front investment in learning PowerShell and setting up your DSC infrastructure, but in the long run, you’ll find it very worthwhile.
This is not to say PowerShell will be nothing but DSC. I think there will still be plenty of need for PowerShell to troubleshoot problems, build reports, and handle other typical management tasks. DSC is aimed at configuration. And this is not a passing fancy. Jeffrey Snover, the mastermind behind PowerShell and now in charge of all things Windows Server, has clearly stated that DSC will play an even larger role in Windows server. A few years ago at the PowerShell Summit in Redmond, WA, we had just about the entire PowerShell team come down to the conference center. Each team member took to the stage, introduced themselves, and explained what they were working on. It seemed that almost everyone was working on some aspect of DSC. If Microsoft thinks DSC is important, then you should think so too and start paying attention.
DSC matters because this is the way Microsoft will have us configuring servers. And by the way, DSC is about more than Windows servers. Right now, you can even perform basic configurations of Linux servers, and I expect that to expand, perhaps even into other non-Windows platforms, Imagine using DSC to configure a network switch. I’m not saying Microsoft is working on that specific feature, but based on the technologies at play with DSC, it isn’t out of the realm of possibility.
Get Started Learning Desired State Configuration Now
If you need to get started learning DSC, check out the free DSC eBook from PowerShell.org. I also have a few DSC courses on Pluralsight.com. And of course, stay in touch with Petri, and I’m sure I’ll be adding more DSC content, especially as it finalizes in PowerShell 5.0.