Working with the Desired State Configuration Feature (Part 1)

by [Published on 2 Sept. 2014 / Last Updated on 2 Sept. 2014]

This article series explains how you can use the Desired State Configuration feature to ensure that virtual machines on your network are configured in a consistent manner.

If you would like to be notified when Brien Posey releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

Introduction

One of the big side effects to server virtualization has been rampant virtual machine sprawl. Because it has become so ridiculously easy to create virtual machines, organizations find themselves having to manage more virtual machines than they probably ever expected to. The end result of this has been that even smaller organizations find themselves facing management scalability problems that once only existed in large environments.

Needless to say, this trend has resulted in the development of numerous products that are designed to automate virtual machine management and deployment. However, Microsoft has included some large-scale management capabilities natively in the Windows operating system.

Some of these capabilities can be found in the Desired State Configuration feature. The Desired State Configuration feature is an incredibly versatile feature that allows you to make sure that virtual machines are deployed and maintained in a consistent manner.

If you haven’t heard of the Desired State Configuration feature before, it may be because it’s something that not a lot of organizations use. Don’t get me wrong. It’s not that the tool is bad, or anything like that. It’s just that the Desired State Configuration feature is based around PowerShell. There’s a little bit of work involved in getting it running, and the documentation for the tool can be a little bit intimidating. That being the case, many organizations choose to adopt third-party tools rather than delving into PowerShell.

If you can get past the inherent difficulties in working with PowerShell, the Desired State Configuration feature is really a great tool. Quite frankly, I’m really surprised that nobody has developed a graphical front end for it yet.

My goal in writing this article series, is to take some of the mystery out of the Desired State Configuration tool. While it’s true that there is no getting around working in PowerShell, working with the tool does not have to be as difficult as it is often made out to be. My approach to this article series is going to be to break the information down as simply as I possibly can, and walk you through the various steps required to get the Desired State Configuration tool up and running.

What Can the Desired State Configuration Feature Do?

Before you invest a lot of effort into learning how to use the Desired State Configuration Feature, you are probably wondering what it can really do to help your organization. As previously mentioned, the Desired State Configuration Feature is all about providing a level of automated management. The idea is that if you have multiple virtual machines that need to be configured, you can use a PowerShell script to ensure that those virtual machines are configured in a consistent manner. Assuming that the script is properly written, the use of PowerShell takes the potential for human error count of the equation. Furthermore, even though getting the Desired State Configuration feature set up requires a bit of work up front, it often saves a lot of administrative effort in the long run.

So with that said, I think I have generalized enough. Let’s talk about some specific things that you can do with the Desired State Configuration feature.

One of the easiest things that you can do with the Desired State Configuration Feature is to enable or disable individual Windows Server roles or features. As a matter of fact, that’s exactly what I’m going to be demonstrating with the first walk through.

Now admittedly, using a PowerShell script to enable or disable roles or features probably sounds like more effort than it’s worth. After all, you can manually configure roles and features with only a few mouse clicks. So why use a PowerShell script?

Keep in mind that the Desired State Configuration tool was designed to deal with the challenges of managing large-scale environments. With that in mind, yes, using PowerShell to configure an individual server probably is overkill. But what if you needed to configure 100 Web servers? Given that Web servers are directly exposed to Internet traffic (behind a firewall of course), they need to be secure. As such, administrators must be very careful about which roles and features they enable on a Web server. A PowerShell script could be used to make sure that all of the individual Web servers that make up a web application are configured with exactly the right set of roles and features, and that all of the servers are configured in an identical manner.

Just as you can manage roles and features using the Desired State Configuration feature, you can also ensures consistency of other elements as well. For example, you can use the tool to configure things like registry settings, files, and folders.

Okay, as you can see, the Desired State Configuration Tool is really useful for server configuration. However, there is one big question that must be addressed. Why would you use the Desired State Configuration Tool as opposed to some other native tool? After all, it is arguably easier to set up a virtual machine with a desired configuration, run SYSPREP, and then use the SYSPREP image to deploy clones of the virtual machine. So why use the Desired State Configuration Feature?

If your only goal is to automate virtual machine deployment, you probably are better off using some other tool. There are a number of graphical tools that can clone virtual machines without requiring the administrator to delve into PowerShell. However, the Desired State Configuration Feature is useful for more than just virtual machine provisioning.

As a matter of fact, the Desired State Configuration Tool isn’t even really what I would call a virtual machine deployment tool. You would actually have to use some other tool to deploy the virtual machines. The Desired State Configuration Tool simply applies a desired configuration to the virtual machines after they have been deployed.

But I still haven’t answered the question about why you would use this tool, as opposed to something else. Most of the deployment and configuration tools that are available on the market tend to focus solely on virtual machine image management and deployment. One of the things that makes the Desired State Configuration Tool different from most of the third-party tools that I have worked with (although there are exceptions) is that the Desired State Configuration Tool can do configuration monitoring and remediation.

In other words, the Desired State Configuration Tool makes it possible to periodically analyze virtual machines to make sure that they are still running an approved configuration. If configuration drift is discovered, then you can use the Desired State Configuration tool to fix the problem by forcing the virtual machine back into a compliant state.

Conclusion

I have barely even begun to scratch the surface in talking about all of the great things that the Desired State Configuration tool can do. Even so, I would rather show you how the tool works rather than continuing to talk about what it does. That being the case, I want to spend the next article in this series talking about how you can start getting the Desired State Configuration tool ready to use.

If you would like to be notified when Brien Posey releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

Advertisement

Featured Links