In the first part of this series, I talked about the importance of automation, and simplification of automation, for the systems administrator of 2018. Adopting technologies that can automate common, labour-intensive tasks but do not contribute to a huge increase in complexity is, I believe, vital. By allowing administrators to quickly and easily configure processes that reliably perform manual tasks, you remove both the overhead of time to create them and the potential for human error.
In that article I mentioned that automation driven by software is much more desirable than scripting it, simply because it is easier to maintain and hand over. However, in the same vein as how the Advanced Driving course teaches you there may be situations where breaking the speed limit or not using indicators is actually valid, I’m now going to come out and state that scripting is very much a vital component of your automation methodology. Or rather, scripting integration.
Every enterprise is different. Every set of applications, business processes, users, departments – each enterprise is different, and their needs are. Whilst you can meet many of these needs through a software package, it is unlikely that it will cover every eventuality that you may come across. It is easy to write into software like Adaxes integration with Office 365, for instance, because the software is very widely used. But what if an enterprise is using Google Apps instead? What if you want to write a record to an SQL database as part of your on-boarding process for users? What if you want to create an Azure VM for new users? The list can go on and on – as mentioned earlier, every enterprise has different requirements.
The choice you have in these situations is fairly binary. You can revert to type and instigate a manual process for the “non-standard” parts of your automation, but this reintroduces the problems of human error and resource constraints. You could simply write some form of script to do it, but then this involves maintenance and overhead. However, the “middle ground” choice is the best – you adopt an automation tool that has full scripting integration, allowing you to use the conditions and triggers from within your software to call out to custom scripts. This lets you create specific detailed processes for your environment, but at the same time allowing these scripts to be targeted and deployed by people without the detailed knowledge of scripting.
In my opinion, it is fairly obvious that the language of choice for this integration should be PowerShell. PowerShell cmdlets are almost ubiquitous these days, allowing integration with all aspects of not just the Windows operating system but any Windows-based infrastructure components or software. Third-party vendors like Citrix, VMware, Ivanti and the like also feature PowerShell cmdlets, and with the advent of Windows 10, you can even run bash scripts from PowerShell. Add to this the capability to call out to other executables within the filesystem, and you should have pretty much all of your bases covered with PowerShell integration. Needless to say, Adaxes features full integration with this particular language. For more details, see Adaxes SDK.
But integration on its own is not simply enough, unless you are already a PowerShell master. What many administrators (who are often dabblers in PowerShell rather than skilled coders) find incredibly useful, both from a time and learning perspective, is an active community that provides examples and snippets. Having these “templates” available not only gives administrators a solid starting point for requirements they may have, but it also “showcases” possibilities within PowerShell that they may not have considered previously. Adaxes features a whole library of examples that have already been tested and verified, allowing administrators to dive straight in and start configuring custom actions that can greatly extend the range of the automation available to them.
Additionally, the PowerShell integration can greatly extend the auditing and reporting capabilities available through Adaxes, which is much more important these days. With the advent of the European General Data Protection Regulations (GDPR), auditing data and data usage has come much more to the fore than it ever was previously. Ensuring the security of your enterprise is therefore more important than ever before – because if someone breaches your environment, the financial penalties are much more severe. Closing security loopholes such as unused accounts is now something that must be taken much more seriously. By using the PowerShell integration to produce reports and audits (which can be manipulated by external applications), it is much easier to keep an eye on security risks and reduce the exposure you have to breaches of data.
As an example, using templates provided from the website, it was very easy for us to create a PowerShell script that supplemented the user provisioning process discussed in the first article. In this case, it involved creating and populating a record within the business’ HR system when a new user was created who was a permanent employee. After user creation, the username was checked (to ensure it didn’t begin with a ‘c-’ string, which denotes a contractor). If it matched the pattern for a permanent employee, then the script would be run that connected to the HR database using the correct connection strings and created and updated the HR record as necessary. In turn, this record creation would activate automated processes within the HR system. So not only are we saving time and resource within the IT department, we are now extending this seamlessly to other business units, and all through templates that can be downloaded and implemented quickly and with a minimum of fuss.
So, in summary, automation scripting integration is the next key part of streamlining your business processes for 2018. By using PowerShell integration in this way, we can extend the reach of the Adaxes automation capabilities into other infrastructure components and other departments within the enterprise. Templates reduce the requirements on your administrators to be highly skilled scripters and meshing this together with the triggers and conditions available within the Adaxes software allow you to deploy and manage them in a much more robust fashion. Using scripts to automate custom areas of your enterprise solutions doesn’t have to mean a huge uptick in maintenance and skills.
James is a consultant from the UK, specializing mainly in end-user computing, Active Directory and client-side monitoring. When not implementing projects for his company HTG, he can often be found blogging, writing technical articles and speaking at conferences and user groups.