Thoughts on DSC E-Book

PowerShell Help
1

Hi,

Regarding the upcomming E-Book on https://github.com/PowerShellOrg/ebooks/tree/master/DSC.

My comments (in random order, when I say you/your I target Mr Jones, I think :-));

  • DSC resources – As you mention Microsoft has released 2 waves of additional resources for DSC. What are your thoughts about using these resources in production compared to creating your own custom DSC resources. They are marked x for experimental according to Microsoft…
  • Overall strategy/design of a DSC “solution” – I must admit I struggled with how you should create the configuration when you are limited to a single MOF-file. That is until I read a post about Composite resources in January I think. It is super important that people understand how they go about creating their DSC structure. Maybe you could include some general key “design-rules” for the DSC solution.
  • Credentials and security – Take the package resource (built-in). It is not perfectly clear that the credentials you supply is used for accessing the network location you have specified for the SourceFiles and not for the “installation” of the package (since you brought up the productID challenge).
  • Complicated application packages – How or can do you install those with DSC. Say you have an installer that is capable of setting up an application in an scaleout manner, that is you install the application and the database is hosted on another computer and the setup/installer does the initial configuration for the database. Could you use DSC for that? If so an example would be very cool and most helpful.
  • Show how to use multiple dependencies for DependsOn - DependsOn = @("[WindowsFeature]HyperV", "[File]VHDFolder")
  • Why DSC – The argument for DSC – More information and marketing (like this book) is needed to promote the new way of configuring your datacenter and infrastructure. Even with your rants – i like those by the way – there is still people that do not get the full picture of what is slowly happening. Automation is the future, however if you are scoping your book to a wide audience, perhaps you could include an executive summary for the none-technical readers that are wondering what the DSC-fuzz is all about.
  • Monitoring of DSC – Being a System Center guy with focus on SCOM, I would like to monitor DSC with an ManagementPack (monitor both the PUSH/PULL infrastructure and the individual DSC target nodes testing for configuration drift). It maybe of topic for your book, however this may be where compliance comes into play somehow?
  • Azure/Windows Azure Pack – Wouldn’t it be a wonderful to have DSC resource for it?
  • ConfigMgr Desired State vs Powershell DSC – Why use Powershell DSC instead. I do not know if the desired state in ConfMgr is used by organizations,maybe they rely on GPO?
  • Group Policy vs Powershell DSC – Must also admit that I have a love2hate relationship with GPO. Why should enterprises start to replace GPO with DSC? What can you write to convince them that DSC is the bucket of gold they shall find at the end of the rainbow?
  • How to prevent overwriting of the current configuration for a node by accident or pure evil intent. Compliance I guess?

Please feel free to ignore the comments that does not suit your thoughts or the scope of your book. Keep up the good work, we are hungry for more. And look, I never used the c-Word that rimes with mode…

Cheers

Tore Groneng

2

I think the “x” for “Experimental” is more a Microsoft statement of how they won’t provide product support. If you look at our GitHub repo, you’ll see that folks are already adapting those ‘x’ resources to fix bugs and do more. So it’ll likely be a mix.

The Composite Resource is definitely a big deal - that’s why I included a chapter on it in the book. Hopefully that’ll help people start to adopt a design strategy. Honestly, I’m a bit hesitant to make a strong recommendation than that until we see folks using this in production, and learn from those early adopters. Steve’s been fantastic on that count, but I’d like input from more people.

I’m not setting out to document the resources themselves. I agree that such documentation is needed, but I think MS needs to provide that, not me. This book is also not setting out to answer “how do I do ___ with DSC” but rather to discuss how DSC works. The answer to that question will likely evolve over time. it’s possible a second wave of the book would dig deeper into the packages - if someone volunteers to help write all that. I can only do so much for free :).

My personal opinion is that SCCM compliance will eventually become a front-end to DSC. I’ve no idea where MS is thinking, though.

Regarding Azure… sure. It’d be great.

Regarding GPO… meh. DSC right now is for servers; GPO for clients. The two have vastly different situations. Right now, there’s less overlap than you might think. It’s mainly in how they’re targeted. GPO has a life ahead of it, although I could see DSC gradually sneaking in and taking over behind the scenes. The two aren’t actually all that different in how they WORK.

As for overwriting configurations by accident… that’s tooling. MS may or may not provide that tooling. E.g., I could see SCCM wrapping management around configurations, while the base OS doesn’t.

3

BTW - as a short observation, you’re asking all the right questions. There aren’t answers for all of them yet, as it’s early days. Many answers will come from tooling, which MS may provide or expect 3rd parties to provide. “Wait and see.”

4

Thank you for the feedback. Always Nice to hear about your observations and thoughts. I would be very surprised if you would answer my questions :-). It will be interesting to see what MS does in regards to tooling. Personally, I think they will do what they did with Hyper-V. You get a DSC-manager that can run on any server and you have the overall view in for instance SCCM or in something like “System Center DSC”.

Regarding the GPO vs DSC, I was thinking about the servers not clients. Disregard the advantage of targeting in GPO and they are very similar, after all GPO is “just” a bunch of registry settings. If I never have to look at a GPresults report again (love to look at a DSC-report though), I would not mind that at all.

Please contact me up if you think I can help with anything, meanwhile I am looking for prospects/clients that are keen on getting started with DSC. I know they are out there, however I think they are hiding and a little scared of MOF.