Introducing DSC to my company

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of Alex Aymonier Alex Aymonier 2 weeks, 4 days ago.

  • Author
    Posts
  • #65409
    Profile photo of Brian
    Brian
    Participant

    I'm a system engineer that supports vendor and homegrown applications(from an operational perspective). I've been researching DSC for about a month now, and think it might be a good fit for streamlining the overall support the applications. I have a few things I need to figure out before planning a more official roll out.
    1.) Whats the best way to set up a repository for the different versions of the configuration files?
    2.) My organization is very SILO'd with different teams handling patching, AD groups, app packaging, etc. Has anyone figured out how to break down those barriers that prevent a more efficient utilization of DSC? As an example, an OS patch recently caused an outage in production. I'm assuming with DSC I could roll back versions of the config file to quickly fix that issue(Please correct me if I'm wrong).

  • #65446
    Profile photo of Don Jones
    Don Jones
    Keymaster

    1) Nobody's really come up with anything better than a version repo like Git. We tend to not worry about the MOFs, but rather the .PS1 files used to generate the MOFs.

    2) Yeah, fix the organization's culture LOL. And no, DSC isn't a "total snapshot" of the machine, and you ordinarily wouldn't use DSC to manage patch installation anyway. DSC describes how the machine is to be configured – including, for example, ensuring WSUS is turned on to install patches. DSC isn't a "last known good" state, and its ability to uninstall a patch would be deeply limited. Rather, DSC's ultimate goal would be to let you trash the affected machine and rebuild it anew, quickly and automatically, back to the state you wanted.

    If you've not gotten into "The DSC Book," you might; it covers a lot of the design stuff like this and might help shape your thinking.

  • #65466
    Profile photo of Brian
    Brian
    Participant

    Don,

    Thank you for your timely response! I like the idea of version control of the configuration script rather than the mof file.

    I'm assuming if idea of "trashing" and quickly rebuilding would require all configurations/patching/updates to applied through DSC? Otherwise you would have a partially configured/patch server after you do the rebuild.

  • #65529
    Profile photo of Alex Aymonier
    Alex Aymonier
    Participant

    Hi Brian,

    You could look a the custom resource https://github.com/PowerShell/xWindowsUpdate and see if that would help?

  • #65791
    Profile photo of Brian
    Brian
    Participant

    Alex,

    Thank you I'm planning on give that a shot next patch cycle.

  • #65811
    Profile photo of Alex Aymonier
    Alex Aymonier
    Participant

    In your dev environment yeah 😉

You must be logged in to reply to this topic.