Automatic applications deployment - windows

I want to automate applications/roles/features deployment (unattended) on Windows 2012 R2 Infrastructure, this project needs many hours of programming, this is why i'm asking here.
I want to deploy the following applications and roles : Active Directory, DNS, Sql Server 2012, Citrix XenApp Server, Citrix XenDesktop server, Citrix Datacollector, Citrix Licence server, Citrix Storefront server.
So the basic deployment will be on 8 servers (already installed on ESXi, with ip configuration only).
I imagined this scenario :
I will fill a CSV file that contains all of information, and execute Powershell scripts to deploy everything, we can imagine 1 script that will call different scripts for each components (sql, ad, dns, citrix etc..)
I don't want to depend of any tool (sccm, puppet or whatever..), this is the reasons why i want to create it from scratch -> But maybe i'm wrong.
I also read that there is a new feature called Powershell DSC, to simplify application deployment http://blogs.technet.com/b/privatecloud/archive/2013/08/30/introducing-powershell-desired-state-configuration-dsc.aspx
There is a simple example : if you need 4 iis webserver then, execute this code :
Configuration DeployWebServers
{
Node ("test1.domain.com","test2.domain.com","test3.domain.com","test4.domain.com")
{
Windows-Feature IIS
{
Name = "Web-Server"
Ensure = "Present"
}
}
}
DeployWebServers -OutputPath "C:\scripts"
Start-DscConfiguration -path "C:\scripts" -Verbose -Wait -Force
But in my case i'll have only 1 server per application/roles or feature, if i understand well, this feature is interesting only if you need to deploy the same configuration on (x) servers
What's your advice? Should i choose to write powershell script from scratch? Or choose a solution like puppet or chef (much easier), but in this case i'll be dependant of a tool.
The best solution would be to use a sql database -> The final goal of my project is a web application with a database who will execute my powershell scripts to deploy my infrastructure
Of course from this web application, I will populate my database through forms, and my powershell scripts will query this database to get informations (ip address, client name, domain name, password, users...)**
Thank you for your advice.

Chef or Puppet will be the easiest way forward and both tools have been around for long enough for you not to worry about them disappearing off the internents. Both work, pretty much, out of the box and will get you up and running in a considerably lesser time than if you were to design your own system.
Having said that, a benefit of going with a PS solution is it doesn't require any agents installed on destination boxes(connectivity thanks to WinRM). Ultimately you can wrap it up as a Powershell module, hand it out to your sysadmins and retain full control of what's going on under the hood.
A PS solution will give you full control, better understanding of underlying process - but that will at cost of time and other design headaches.
To sum up: if you have the time, the will or a specific use case then go with PS. Otherwise do what the big boys do and save yourself reinventing the wheel - or seventeen.
Disclaimer: I did the PS thing for a previous employer.

If you're looking for a repeatable deployment solution, and you don't might using some light, free, infrastructure, I propose you use Windows ADK 8.1 and MDT 2013 (if you're using Windows Server 2012 R2). You can develop a front end to chose a deployment type. Rather than using a csv file, all the information can be contained within the Task Sequence, and can be configured to trigger tasks on different conditions.
Johan Arwidmark from deploymentresearch.com has developed a great example of this called Hydration Kit, with full Step-by-Step Guide that sets up a Configuration Manager 2012 R2 infrastructure, running on Windows Server 2012 R2 and SQL Server 2012 SP1, in either Hyper-V or VMware. If you ask him nicely, he might allow you to use his work as a base for your project.

Related

What is the 2014 way to centrally deploy agents

I'm getting requests from 'the Field' to make my agent deployment 'easier' but I'm at a loss as to how.
Right now, I provide a user Interface to install and configure the agents.
To deploy the agents, I relied on older Windows technologies, here are the steps I use:
Start dependent services via remote SCM
Copy the agent.MSI via the File Administrative shares
Configure the agent's settings via remote registry calls
Use WMI to remotely silently run the agent.msi
Use the Administrative shares to move the agent.msi to the program folder (for uninstalling later)
To allow all these steps to happen, I need:
1. the firewall to configured correctly
2. the 'installing' user has to have admin access to the remote computer
3. Remote File Admin shares have to be turned on.
4. (I turn on WMI and Remote Registry remotely)
This deployment system was built back in the 2003 days.
Is there some better way now? Maybe a deployment library I can use?
thank you.
The best you can do here is to create a properly behaving .MSI that supports silent installation. It is then up to your user communities to plan their own deployments using the tools of their choice such as SCCM. Much more detail is required in order to give exact suggestions.

How to check the applicability of a Microsoft patch

Environment:
I work in a lab that tests software against multiple domain configurations. I currently have 8 domains with no cross-domain trust. They each have a WSUS server that talks to our primary NOC WSUS Server. Other than talking to the primary WSUS server, there is no communication from one domain to the other. I cannot change GPO settings or install any software that isn't already installed. The domains range from Windows XP with Server 2003 to Windows 7 with Server 2008. Each domain has anywhere between 8-20 servers and 3-5 workstations.
I have a machine that can talk to each of the servers in all of the domains, and can also talk to the primary WSUS server. I primary work with PowerShell, but I'm not opposed to another language if it makes what I'm trying to do easier. I have PowerShell 2.0 installed, but I can easily installed PowerShell 3.0 if needed.
Scenario:
I am charged with checking if patches have been installed on each of the servers. This testing cannot rely on WSUS's built in reporting tools, per requirements I cannot change. I would receive a list of patches, and I need to check each server to see if the patches are installed. Since the patches can be anything from Windows XP to Server 2008, I also need to check if the patch is applicable to the server itself. I have tried to use PoshWSUS to check for applicability, but I cannot get a connection to the Primary WSUS server because of either IIS rules or a Firewall rule. I have search online, and followed several guides, but this WSUS's setup is very customized, and I can only do so much to the server itself.
Example:
I have the following Patches:
KB2604092
KB2676562
KB2686509
I want to check the following server:
DC01: A Windows Server 2008 Domain Controller
I am currently using the following PowerShell command to test if they are installed:
Get-HotFix -ID "KB2604092","KB2676562","KB2686509" -ComputerName DC01
This command shows the following patches are installed:
KB2676562
KB2686509
Leaving the following uninstalled:
KB2604092
This correctly tells me that KB2676562 and KB2686509 are installed, but it doesn't tell me if KB2604092 missing, or not applicable.
What I am stuck on is how to verify that KB2604092 is not applicable to DC01. I can easily search Microsoft's site to verify it is only for Windows Server 2003 or Windows XP, but how can I check it's applicability via a script. I would love to find a way to scrap the Microsoft KB article for the data, but I don't know how to pull the required information from the web page. I assume there has to be a check within WSUS to check applicability, but I don't know where to look for something like that.
Edit:
I forgot to mention, I have no control over what patches are approved, that is done by an outside company.
Well for security patches, Microsoft publishes a a spreadsheet that lists the all security bulletins since 1998. You can download from this page. (Direct link to spreadsheet)
You could then parse that spreadsheet (if you convert it to a CSV file, that would be easy to parse in powershell). It gives you all the information you are asking about.
If you're only interested in whether the update is applicable to the corresponding operating system, IUpdate.ProductTitles should give you the information you need.
There are more complicated cases, such as where an update is applicable only if a certain system component is installed. I don't think there's any way to handle those cases automatically.

Installation with visual studio 2010

I need to create setup file for installation of these:
-Web app
-Win service
-Run some sql scripts.
I wanted to do all in one setup. For example I want to make method like CreateSetup and in that method to create setup file which will contain installation/run of above 3 things.
If you have some links or idea how to do it please share.
Thank you in advance.
If I come across some solution I will post it here for others as well.
It might very well be worth your while to sit down and learn WIX, it seems the preferred method of dealing with more complex setups. I haven't done the tasks outlined here, but I did mange to have an installer that set up an application on a Windows Mobile device.
Looking around a bit, it does seem you can install web applications: http://www.codeproject.com/Articles/115036/Creating-WIX-Installer-for-ASP-NET-Web-Application
And a windows service: http://blog.tentaclesoftware.com/archive/2009/01/01/21.aspx
And run SQL scripts: How to run sql script to create database using Wix
It does appear you could even capture what is required to build a SQL string through the windows installer GUI, and use that to know where to run the SQL script, and set up any needed connection strings.

In what OS should I host subversion?

I have decided to go with Subversion for a source control repository for my personal and side projects and I'm now trying to decide what OS to use. Currently my file server for my home network is Windows 7 beta. I'm wondering if I should wipe it and install Windows Server 2008 instead? Basically I'd like to know if there are things I could take advantage with a server OS that I can't with Windows 7. First thing that comes to mind is accessing subversion remotely with a VPN connection.
I'm a .net developer, but have dabbled in Linux a bit so I'm not completely turned off to the idea of an ubuntu or debian server...
I imagine the installation and configuration process might go off with fewer hitches if installed on Linux, just because of the package management, but that's assuming some experience with the package system of $whatever_distro. If you're comfortable with Windows, Subversion works perfectly well on there. I've set it up on both, but prefer the Linux installation process (easier Apache integration, in my view), but I had pre-existing Linux experience.
If you're familiar with Windows, I bet you'll find the installation and configuration process easier there. As others have said, many of the tools are cross-platform.
You can run a Subversion server on Windows or Linux (or whatever) so it really doesn't matter. Pick whichever one you already have and feel most comfortable with. Since you are a Windows developer I see no real reason to toss Linux into the mix though.
If your goal is to minimize the amount of work you put into the maintenance of subversion, go with the OS you are most comfortable with. Many maintenance scripts, and subversion hooks are written and available in perl and python which are available for both windows and linux.
One advantage to the Windows server OSes over their client counterparts is that the client OSes are limited as to the number of inbound connections. If you are going to be the only person working on the repo, this may not make a difference. However, if there are multiple people, then this would be an issue. XP Pro/Vista Ultimate are limited by Microsoft to 10 inbound connections. I cannot speak for Windows 7.
To make life easy, try VisualSVN Server. For personal projects there's no reason to setup a separate server just for SVN.
Windows 7 will be able to host Subversion with no problems whatsoever..
If your file-server is already setup and working under Windows 7, I'd say stick with that.. Adding SVN is no reason to install a new OS
You don't need a server at all to use subversion.
If you've already got a file server on your home network, and you're doing this only for you and your personal projects, just use a subversion client such as TortoiseSVN and create your repository (or repositories) on your file server via network share (or mapped network drive, etc).
I wouldn't recommend this for multi-user setups (unless each has their own repository), but for a single user this is the simplest option. And using this approach, to answer your question, you wouldn't gain anything by switching to a server OS such as Windows Server 2008.
I'd actually recommend going with a hosted Subversion provider instead of setting up Subversion on Windows or getting a second server for that purpose. I work for ProjectLocker, but if you Google "subversion hosting", you'll see there are a number of providers that offer free or reasonably priced solutions. The advantages:
It's a hosting provider's primary job to keep your code safe, secure, and accessible, so they focus on uptime, backups, and security monitoring so you don't have to
You don't have to learn how to be a system administrator or Subversion administrator; several providers have user interfaces that make it easy to manage users and permissions.
Hosting instead of DIY lets you focus on what you actually care about: writing great software
I suggest you take a look at ProjectLocker and some of the other providers and decide which one is right for you. You may decide that doing it yourself is the best option for you, but for many people in your situation, a hosted solution has met their needs.

Does Visual studio Team Foundation Server really need to be on it's own machine?

So we decided to go with visual studio team foundation server for version control, etc. Getting ready to deploy today and read in installation guide:
"You cannot install Team Foundation Server on a domain controller or a computer that is running other server products such as Exchange Server or Host Integration Server."
That and other comments in the guide lead me to think ms does not want me to install tfs on anything other than a server dedicated soley to hosting tfs (ie don't put it on one of my front-end webservers or backend dc).
I am planning on doing a single-server deployment (mostly for simplicity). Can anyone verify that tfs has to be on a dedicated machine? If so, should I virtualize it and hang it off one of the front end machines?
Thanks all...
Performance is pretty important for TFS - check-ins, for example, should be pretty instantaneous or it can have a dramtic impact on developer productivity.
That said - it doesn't need a lot of horsepower - here's a link to the Server Requirements My current client is going "Virtual" - there should be no reason not to - assuming you know how to "tune" your virtual servers to perform equivilantly to the stated hardware specs.
One of the key things to remember, ALL data in TFS is stored in SQL server, so anything running on the same hardware that can affect SQL Server performance will affect TFS's performance. That is why it's important to have Build Server(s) distributed on another machine. Software builds are VERY "File-System" itensive operations and can have a very negative impact on SQL Server performance - hence why it's important to move that off to another "box"
From my experience this is because of the user membership that comes with a domain controller where creating the necessary TFS groups on the domain controller gives incorrect permissions.
However, there is a workaround:
Installation of the TFS Data Tier
Components on a Domain Controller
Copy the contents of \dt in a temp. directory, e.g. C:\TEMP\dt.
Open the file hcpackage.xml in Notepad or any XML capable editor
Search for the phrase “domain controller”.
Change the first WQL after the first match to
<WQL
namespace="\\.\root\cimv2"
query="SELECT * FROM Win32_ComputerSystem WHERE Domain !=''
AND
DomainRole >3"
action="="
count="1"
/>
You have to change count="0" to count="1".
Restart the setup.

Resources