Windows Pull Server Planning Update – April 2018

Michael

April 19th, 2018

In the next Current Branch release of Windows Server a new feature will be released to provide support for SQL Server as the database platform to support Windows Pull Server for DSC.

This capability will open new scenarios:

High availability

The SQL ecosystem of reporting and analysis tools

If you are a member of Windows Server Insiders you can test this now by downloading a preview build.

If you are unfamiliar with the pull service role for DSC, the documentation page has been updated with details regarding how to setup Windows Pull Server environments using the latest versions of the xDSCWebService resource. The key changes are introduction of properties SQLProvider and SQLConnectionString (link to code). There is no other change to the deployment and configuration process other than using the latest version of the resource and of course, having a SQL instance available. You do not have to pre-stage any tables, the resource handles that on the first request, and both SQL authentication and Windows authentication are supported.

Plans for DSC pull service

Previously I blogged about the plans we have for the DSC platform and committed to providing more information about the direction of DSC as a solution, including pull service.

Following this release of Windows Pull Server, there are no additional plans to release new features to the pull service capability in Windows Server. Support for Windows Pull Server in production environments will continue following the Windows Server support lifecycle. This does not change our plans to further invest in the DSC platform (detailed here).

The focus for new features in DSC pull service will be delivered in Azure Automation DSC.

Azure Automation DSC

The service already offers many features not available in Windows Pull Server including:

All data is encrypted in transit and at rest

Client certificates are created and managed automatically

Secrets store for centrally managing assets such as secrets, variables, and service connections

Centrally manage node LCM configuration

Centrally assign configurations to client nodes

Release configuration changes to “canary groups” for testing before reaching production

Graphical reporting

Status detail at the DSC resource level of granularity

Verbose error messages from client machines for troubleshooting

Integration with Azure Log Analytics for alerting, automated tasks, and a mobile app for reporting and alerting

We are working hard on new capabilities of this service and plan to introduce new features based on User Voice feedback, including:

Managing Configuration Data at scale

Simplify the onboarding experience and the process of authoring, especially for new users of DSC

Integrate the Azure Automation DSC and Change Tracking / Inventory services in to a Azure Configuration Management platform

Integrate Azure Automation DSC with Visual Studio Online

For customers who can leverage a cloud service for managing server nodes, this platform provides the highest degree of scalability and frequency of new features/capabilities.

With the latest licensing update, this service is available to manage server nodes on Azure for no additional charge, and for on-premises nodes the pricing is flexible based on the LCM configuration.

Also, on-premises nodes do not require broadly scoped open Internet access to be managed by Azure Automation DSC. Customers can whitelist only the Azure public IP endpoints We also plan to ship the ability to use http proxy in future releases of Local Configuration Manager.

Community maintained solutions for pull service

We have documented the pull service protocol and encourage continued development of open source implementations of DSC pull service maintained by the community.

There are two open source projects currently implementing pull service in unique approaches:

Tug provides a web service backed by PowerShell scripting so any action can be taken as a result of a request.

Traek is an implementation of pull service in Node.js with intention to host the solution on Kubernetes.

There is no intention at this time to publish the source code for the Windows Pull Server that is shipping in Windows Server.

Using DSC in isolated environments

For customers that require total isolation from public cloud service, there are options available to continue using the existing skillset and custom resources.

The implementation of pull service in Windows Server 2012 R2 and 2016 will continue to be supported

A release pipeline environment working with DSC in push mode, possibly combined with Windows Pull Server to deliver modules and reporting

Contribute to community implementations of pull service protocol such as Tug and Traek

We will continue to work with DSC partners such as Chef, Puppet, and Ansible, who offer a rich ecosystems of tools and can utilize DSC resources

Thank you, Michael Greene Principal Program Manager Microsoft Desired State Configuration @migreene