Remotely pushing DSC configurations

Once you have mastered pushing DSC configuration files locally, you will find that there isn't a lot of difference in pushing them remotely. It follows pretty much the same steps but with the addition of creating a remote session on the target host before pushing. We can either create remote sessions called CimSessions ourselves or allow Start-DSCConfiguration to create them for us in order to pass information and commands to the remote host.

We would create CimSessions ourselves if we wanted to reuse the sessions for multiple attempts, as this would save us time connecting, closing, and reconnecting each time we attempted to push DSC configurations. We would also create CimSessions if we had a nonstandard WinRM setup, for example, HTTPS endpoints or different authentication methods (Kerberos or basic authentication, and so on).

You will definitely create your own CimSessions in a non-domain or workgroup environment, as the account you are using to issue the Start-DSCConfiguration command will be local to the computer you are sitting at and not present on the remote target node. You would also have to configure the authentication methods in order to have local token policies allow remote use of the administrator account. Configuring remote sessions is a huge topic and varies with environments; you should look up the PowerShell documentation for more information about special options when connecting with WinRM and PowerShell remoting. Some places to start are http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/remoting-week-non-domain-remoting.aspx and http://blogs.msdn.com/b/wmi/archive/2009/07/24/powershell-remoting-between-two-workgroup-machines.aspx.

Before continuing with this section, it is helpful to know what PowerShell Remoting and PowerShell CimSessions are. These features are used heavily with the remote use of DSC, so having an understanding of how they work will be the key for you to use it effectively. Explaining PSRemoting is outside the scope of this book, but there are several resources online to follow. A good place to start is on the TechNet site: http://blogs.technet.com/b/heyscriptingguy/archive/2014/01/31/comparing-powershell-pssessions-and-cim-sessions.aspx.

You may not be familiar with CimSessions as much as you are with PSSession, but they both describe remote sessions on a target node. What is important to know for this chapter is that CimSessions cannot execute arbitrary code like a PSSession can; it executes specific CIM methods on a remote target node. Start-DSCConfiguration and other DSC cmdlets are mostly wrappers around CIM methods. This is not a limitation for CimSessions, as working this way takes up fewer system resources on the target node.

You create CimSessions using the New-CimSession cmdlet and storing the result in a variable that you can pass to the Start-DSCConfiguration cmdlet:

[PS]> $cred = Get-Credential
[PS]> $session = New-CimSession -ComputerName "foo" -Credential $cred

As you can see, the New-CimSession cmdlet accepts a computer name and a PSCredential object. We can also create many CimSessions at the same time by passing an array of computer names, as follows:

[PS]> $session = New-CimSession -ComputerName "foo","Bar" -Credential (Get-Credential)

Now that we know how to connect to a target node, we can start setting up the environment.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset