Orchestrator Use Cases Appalachian State Illinois

1. Orchestrator Use CasesAppalachian StateIllinois Andrew Sanders Erik Coleman

2. AppState Environment • Single server: • SQL instance • Runbook server • Web console • Runbook Designer • Runbook Designer also on clients Information Technology Services

3. Current Uses • Four Runbooks: • SCCM application requests • Endpoint Protection Remediation • Endpoint Protection Remediation clean-up • Help-desk software process Information Technology Services

4. Endpoint Protection Remediation Information Technology Services

5. Using Orchestrator at Illinois Erik Coleman, Senior Manager, Enterprise Systems ecc@Illinois.edu

6. Current Environment • Single Orchestrator Server: • SQL instance with custom DB • Runbook server • Web console • Runbook Designer • In process of moving SQL DB's to separate server • Custom ASP.NET Web Front End

7. Current Uses • Lync Account Provisioning • Person Accounts • Role-based (non-person) Accounts • Common Area Phones • Add/Delete/Change

8. Lync Account Provisioning Workflow • Need for phone endpoint • Telecom Unit Coordinator (TUC) submits service request • Phone Number Assigned • Submit Ticket to Lync Team • Manual Actions by Lync Team (LCP or PowerShell) • Respond/Close Ticket Use Orchestrator

9. LyncProcessingMain Runbook

10. LyncScripts Child Runbook

11. Anatomy of our Scripts • “Run .NET Script” Activity: • Grab data from SQL table • Initialize Lync and Exchange Remote PS Sessions • Invoke Script as 64-bit • Call local Lync-PowerShell Scripts

12. Typical PowerShell “Wrapper” Code # Function to initialize Lync and Exchange connections Function ConnectSessions { $pass = ConvertTo-SecureString ”{LyncServiceCredential} -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential ("{LyncServiceAccount}",$pass) Import-Module ActiveDirectory $LyncSession = New-PSSession -Name LyncSCORCH –ConnectionURI {LyncConnectionURI} -Credential $cred Import-PSSession $LyncSession $ExchangeSession = New-PSSession -Name ExchangeSCORCH –ConfigurationName Microsoft.Exchange -ConnectionUri {ExchangeConnectionURI} -Authentication Kerberos -Credential $cred Import-PSSession $ExchangeSession }

13. Typical PowerShell “Wrapper” Code # Initialize Remote PowerShell Sessions Invoke-Command –ScriptBlock ${function:ConnectSessions} # Actual script execution: Grab appropriate script from variables and pass args. $scriptPath = {LyncScriptPath}{LyncAddPersonScript} $argumentList = @() $argumentList += ("-Username",$netid) $output = Invoke-Expression "& `"$scriptPath`" $argumentList 2>&1" -ErrorAction Continue Remove-PSSession -Name LyncSCORCH Remove-PSSession -Name ExchangeSCORCH

14. Is Orchestrator Worth the Time? • Activating a Lync Account • O = 3180 minutes (53 man-hours) • T = 8 minutes • Nt= 200/month • T x Nt= 1980 minutes/month saved • Using Orchestrator was “worth it” after 2 months in production

15. Tips and Tricks • Avoid Counters • Some Activities not thread-safe, like Append Line • Junctions are not what they seem • Logging is not centralized (DB, text, and EventLogs) • Edit PowerShell in PowerGUI (or equiv.) • Native PowerShell 2.0 engine is 32-bit only

16. Future Orchestrator Uses • Some things already done with PowerShell • Identity Changes • VM Provisioning

17. Questions?