We plan to implement an application to run policy checks on a VM based on Policy JSON metadata file. An example policy type may be the "Ping" policy type, which would have the metadata to ping specific addresses from the VM to check the connectivity. The JSON metadata would also include the dependent packages from the powershell gallery and the commands to execute. As the policy types and the corresponding powershell commands are defined in JSON, this will allow for ease of extensibility to add new "policy types".
Does it make sense for the application to install the dependent packages on the fly? Is Powershell DSC a better option in this scenario to install the dependencies from Powershell Gallery?
Just trying to see the best option for this scenario
Traditionally deploying an application means also deploying the dependencies as well.
DSC is fantastic and managing the configuration of a system and you are describing at great use case for it. DSC will update, intall, and\or remove dependent packages when you update the configuration. You could also have DSC mange the Policy JSON file.
That being said You would need to manage the DSC configuration and the JSON file. Allowing your application to install on the fly reduces the number of places you need to manage the configuration. But you must add checks into your application to see if the resource is already installed and should it upgraded if a new version is available.
My vote would be for DSC for better control the versions of the modules\scripts that you would be installing vs on demand installing.
Jonathan – Thanks for your vote and the details! I like the idea of managing the JSON file using the DSC too!
Regarding the need to "manage the configuration in number of places", I think that can be taken care by using a "pull server"