Bringing Azure Automation to Your On-Premises Environment

Microsoft’s Azure Preview Portal offers a number of additional automation features as compared to the standard management portal. The most interesting to me of these Preview Portal features is the ability to provision Hybrid Runbook Workers (“HRW”) that allow your automation tasks to span both Azure and on-premises systems. For some environments, Azure Automation could even be a replacement for on-premises System Center Orchestrator, depending on how heavily used your on-premises automation environment is. In this post, I’ll explain the specifics of HRWs in Azure and how you can go about setting this up in your environment.

This worker is an on-premises machine that receives the actual automation “scripts” (called “runbooks” in Azure Automation) and automation schedules (called “jobs” in Azure Automation) from your Azure tenancy, and runs them locally – it’s the connector that bridges your on-premises and Azure environments. You can provision multiple HRWs if you want, and they are segmented in to Hybrid Runbook Worker Groups – while you can’t select which exact HRW a job will run on, you can select which group it runs on. Groups can contain a single HRW (which is a bit of a backwards way to specify the exact HRW that a task will run on) but the idea is to have multiple HRWs per group for load balancing and/or high availability purposes.

To get started, follow the steps below. All these steps should be performed from the “Standard Portal”, at https://manage.windowsazure.com.

  1. If you don’t have one already, create a new Automation Account.
    1. There is a “Free” tier that allows 500 minutes of automation runtime per month. If you find yourself hitting this limit, it can be converted to the “Basic” pay-as-you-go tier at any time. The “Basic” tier charges at $.002/minute, so even if you had a runbook going around the clock, it’s only going to be about $87/month.
  2. Create an Operational Insights workspace.
    1. There is a “Free” tier that allows 500MB/day of data analysis. If you find yourself hitting this limit, it can be converted to the “Basic” or “Premium” pay-as-you-go tiers at any time.
  3. Configure your Operational Insights workspace.
    1. It’s a little buried – you can visit https://opinsights.azure.com, or click “Visit your Operational Insights account” from the Quick Start of your Operational Insights workspace:

Azure - Get Started

  1. The Quick Start will suggest a number of solutions to add – you can add as many as you like, but the important one for this task is “Automation”.
  2. Install the Microsoft Management Agent on the machine you’ll be using as your HRW
    1. There are a number of ways to do this – the easiest way is to visit the “Connected Sources” page of your Operational Insights workspace, and click “Install Agent” under the “Attach Servers Directly” heading:

Azure Settings

    1. Ensure “Connect the agent to Microsoft Azure Operational Insights” is selected during the install – it’s not by default.
    2. When prompted, supply the workspace ID and primary key from the Operational Insights workspace you want to join – blacked out in the screenshot above.
  1. Reload the “Connected Sources” view and ensure a new servers shows connected:

azure 4

  1. Run a few PowerShell commands to turn the server in to an HRW:
    1. You may have to wait a few minutes after agent installation for the below commands to become available. Check for a series of event ID 1201 entries in the “Operations Manager” log in Event Viewer to validate that the content is being downloaded.
    2. Import-Module “C:\Program Files\Microsoft Monitoring Agent\Agent\AzureAutomationFiles\HybridRegistration\HybridRegistration.psd1”
    3. Add-HybridRunbookWorker –Name <String> -EndPoint <Url> -Token <String>
      1. Name: The name of the new HRW Group this HRW will join, which will be created automatically. Future HRWs may be joined to an existing HRW Group simply by supplying the existing HRW Group name.
      2. Endpoint: The URL of the Agent Service, which you can most easily get from the preview portal on the “Manage Keys” blade of your Automation Account settings (easiest done from the Preview Portal, circled in the screenshot below).
      3. Token: The “Primary Access Key” from the same “Manage Keys” blade.

azure 3

Now you should see the HRW show up in your preview portal (https://portal.azure.com):

Azure 1

The last step is to try out the new functionality. Once a runbook is uploaded, saved, and published, the runbook can be started, and you’ll get the option of running it on Azure, or on the HRW:

Azure 2

The best part: all of this is enabled through outbound HTTPS from your HRW to Azure. No network connectivity or local toolset is required. Now, even without having a tool like Microsoft Orchestrator on-premises, and even without a persistent VPN connection from your local or on-premises network to your Azure environment, you can use the automation engine in Azure to perform tasks on local systems. The runbooks you develop can be used in both Azure and on-premises, and you even get a graphical runbook editor as part of the preview portal from which to design your runbooks. Note that depending on what machine you selected as your HRW, you may need to add a few PowerShell snap-ins, so that you’ve got the full management functionality that you need, depending on what your runbooks are doing.

With this new functionality, Azure has provided a powerful tool that allows you to easily leverage resources that may be idle on your own network to provide increased performance for these automated tasks. And as you saw in the blog, this is quick and pretty easy to setup. With per-minute automation runtime costs so low, is anyone else doing the math on the cost of such a solution vs. the cost and maintenance of on-premises Orchestrator in simple environments? In my next post, I’ll try to tackle that analysis and see if there’s a break point where one or the other makes more sense for you.

Your email address will not be published. Required fields are marked *

Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons