Using Azure DSC Server

In that blog post I will demonstrate you a DSC demo configuration and how you can use the Azure DSC server to pull that configuration!

Azure DSC is a good solution to define a server type on code based structure. The functionality isn’t new, there are many other tools available with nearly the same functionality (for example Chef, Puppet,..).

Why it’s interesting to use Microsoft Powershell DSC? For me the answer was really simple. I can use DSC with Powershell and the sample Library is really huge.

There are two options available to deploy DSC configuration:

  • Push method
  • Pull method

The push method requires a manually admin task (push the configuration to the server).

The pull method is much better for my point of view, but it takes more admin effort in the past. The reason for that was a separate DSC server installation.


The DSC pull server was included as a PaaS service in Azure automation. I will explain the service usage in the next steps.

First you have to prepare a development environment. Normally I use VSCode for Powershell development but in that case it’s better to use powershell ISE in combination with the Azure automation ISE addon.

After I’ve finished the installation, there is a new addon available in powershell ISE:


After that I will deploy an Azure automation account:


Great, so we can start with a basic deployment in powershell ISE.

First I have to login into my Azure environment.


Now we can select the Azure subscription and the Azure account.


Prefect! you can see two sections which are important for DSC:

  • Runbooks
  • DSC

Why Runbooks?

If you have more DSC configurations it’s better to define a configuration file with all global DSC build configurations.

That configuration file will be saved as a runbook.

Okay let’s start with a configuration file.

At the DSC section “Create New” and select “Config Data”.


!Important! the config file will be stored at the section “Runbooks”.

I define two configuration options:


No worry, the first configuration option isn’t really the big problem because the DSC configuration will be stored encrypted.

The second option is my default download folder for other software components.

Okay we’ve now defined our global configuration file, we can start with the configuration itself.

Go to the DSC section and “Create New” configuration.


Awesome, we’ve our first DSC configuration available.


Okay our next step is to define, what the configuration should do?

For my demo I define the following:

  • Download and install nodejs from the internet
  • Install and configure the IIS
  • Disable the windows firewall

For that configuration I need one extra powershell DSC module because I want to configure the IIS.

There is a huge repository of DSC modules available and I’ve found the module xWebAdministration which includes my requirements.

So I start to import the module into my Azure automation DSC account.

First go to your Azure portal and login, then select your Azure automation account and go to the section “Modules”


On the top right side you can find “Browse gallery”


Search for the module “xWebAdministration” and click on “Import”. It takes some time to install the module into your Azure automation account.

After that is finish, you can import the module into your configuration.


The second line is for the default DSC configuration modules.

Okay we can start with the first node configurations.

We have to define a “node” section, in my case the section name is “WebServerConfig”.

First of all, it’s important to check, is the default download folder available on the server.


Okay I will explain the configuration in detail:

The option “File” comes from the default DSC module and include the “folder” create option which I need.

You can find more information here.

That configuration has the name “Create_DownloadFolder” we can see that name in the deployment step.

The resource type is “Directory” because I want to create my default download directory.

It’s important to ensure that the folder is “Present”. If you select “Absent“ the folder will be delete if it’s available.

The tricky part is the “DestinationPath”. We’ve define the UNC path at our global configuration file and the syntax to get that information is $node.

Perfect, we have our first configuration in place, go to the next step, download the nodejs file from the internet.

To achieve that we need the following configuration:


That section includes the option “Script”. For more details klick here. The important section here is the “DependsOn”, because bevor we download and install the source files we need the default download folder.

No worry, the hardest part is done, we can go to the webserver installation and configuration.

We need the following configuration settings.


Here is the point where I need the imported module “xWebAdministration” before.

Can you see something? I’ve add a new global setting for the webserver configuration:

  • $node.LogDirectory
  • $node.TraceLogDirectory
  • $node.DefaultApplicationPool

I create a separate section in my demo configuration file:


I need that configuration settings only for my node configuration “WebServerConfig” and that’s the reason why I create a new one.

Okay the configuration is nearly finish, the only thing what I have to do is to deactivate the Windows firewall (no recommendation for that!)


Okay, everything was done, the next step is to compile the configuration into a .mof file.

First I have to save and upload the DSC and the global configuration file.


The next step is to “Compile in Azure”


The compile task ask for a configuration file and it’s time to select our demo configuration file:


Perfect, everything is done, when you can see the following information at the output screen:


Where I can see now the configurations in Azure DSC?

Go to the Azure portal, select you Azure automation account and in that account the section “State configuration (DSC)”


On the right side, you can see

  • Nodes
  • Configurations
  • Compiled configurations
  • Gallery


First check your “Configuration”, you should see your  demo configuration.

At the “Compiled configuration” the name is different, because it’s include the node name.


Awesome, we are now in place to pull that configuration.

There are some options available to add a new node to Azure automation DSC:

  • Azure Portal (for azure ressources only)
  • Powershell Script (Link)
  • Azure ARM template (for azure and azure stack ressources only)

I will show you the portal option, but the best scenario to onboard a new node is via powershell script or better choice with the ARM template.

At the azure portal I’ve select the Add” button and added the Azure vm, who I want to add:


I select the Azure vm and click on “Connect”


Okay, I select my “compiled” configuration “demo.WebServerConfig” and also choose the “Configuration Mode” “ApplyAndAutoCorrect” because I want to ensure that my webserver configuration is always available.

When the connection process is finish, you can see the Azure server at the node section with the state “in progress”


Unbelievable, the installation is running. After a view minutes the state switch to “compliant” and everything was installed.

You can see the steps when you click on the node and select the report “compliant”

image image

Awesome, we have an up and running DSC configuration.

You can find the demo file here.

Cheers and always keep in mind “the future is always here”