Orchestrator Use Cases
Appalachian State
Illinois
Andrew Sanders
Erik Coleman
1
AppState Environment
Single server:
• SQL instance
• Runbook server
• Web console
• Runbook Designer
Runbook Designer also on clients
2
Information Technology Services
Current Uses
Four Runbooks:
• SCCM application requests
• Endpoint Protection Remediation
• Endpoint Protection Remediation clean-up
• Help-desk software process
3
Information Technology Services
Endpoint Protection Remediation
4
Information Technology Services
Using Orchestrator
at Illinois
Erik Coleman, Senior Manager, Enterprise Systems
ecc@Illinois.edu
Current Environment
• Single Orchestrator Server:
– SQL instance with custom DB
– Runbook server
– Web console
– Runbook Designer
– In process of moving SQL DB's to separate server
• Custom ASP.NET Web Front End
Current Uses
• Lync Account Provisioning
– Person Accounts
– Role-based (non-person) Accounts
– Common Area Phones
– Add/Delete/Change
Lync Account Provisioning
Workflow
• Need for phone endpoint
• Telecom Unit Coordinator (TUC) submits
service request
• Phone Number Assigned
• Submit Ticket to Lync Team
• Manual Actions by Lync Team (LCP or
PowerShell)
• Respond/Close Ticket
LyncProcessingMain Runbook
LyncScripts Child Runbook
Anatomy of our Scripts
• “Run .NET Script” Activity:
– Grab data from SQL table
– Initialize Lync and Exchange Remote PS Sessions
– Invoke Script as 64-bit
– Call local Lync-PowerShell Scripts
Typical PowerShell “Wrapper” Code
# Function to initialize Lync and Exchange connections
Function ConnectSessions
{
$pass = ConvertTo-SecureString ”{LyncServiceCredential} -AsPlainText
-Force
$cred = New-Object System.Management.Automation.PSCredential
("{LyncServiceAccount}",$pass)
Import-Module ActiveDirectory
$LyncSession = New-PSSession -Name LyncSCORCH
–ConnectionURI {LyncConnectionURI}
-Credential $cred
Import-PSSession $LyncSession
$ExchangeSession = New-PSSession -Name ExchangeSCORCH
–ConfigurationName Microsoft.Exchange
-ConnectionUri {ExchangeConnectionURI}
-Authentication Kerberos -Credential $cred
Import-PSSession $ExchangeSession
}
Typical PowerShell “Wrapper” Code
# Initialize Remote PowerShell Sessions
Invoke-Command –ScriptBlock
${function:ConnectSessions}
# Actual script execution: Grab appropriate script from
variables and pass args.
$scriptPath = {LyncScriptPath}{LyncAddPersonScript}
$argumentList = @()
$argumentList += ("-Username",$netid)
$output = Invoke-Expression "& `"$scriptPath`"
$argumentList 2>&1" -ErrorAction Continue
Remove-PSSession -Name LyncSCORCH
Remove-PSSession -Name ExchangeSCORCH
Is Orchestrator Worth the Time?
•
•
•
•
•
•
Activating a Lync Account
O = 3180 minutes (53 man-hours)
T = 8 minutes
Nt = 200/month
T x Nt = 1980 minutes/month saved
Using Orchestrator was “worth it” after 2
months in production
Tips and Tricks
• Avoid Counters
• Some Activities not thread-safe, like Append
Line
• Junctions are not what they seem
• Logging is not centralized (DB, text, and
EventLogs)
• Edit PowerShell in PowerGUI (or equiv.)
• Native PowerShell 2.0 engine is 32-bit only
Future Orchestrator Uses
• Some things already done with PowerShell
• Identity Changes
• VM Provisioning
Questions?