3. Agenda
Today’s webinar will feature:
• Quick Intro to Puppet
• The State of Windows Server
• Scaling PowerShell with Puppet
• Bringing CI/CD workflows to Windows
infrastructure.
• Augmenting Windows tools like SCCM and GPO
with Puppet for greater flexibility and success
3
4. Leading Platform for DevOps and Automation
Experience Founded in 2005
Scale More than 10 million nodes managed
Offices Belfast, London, Portland, Plzen, Seattle, Singapore, Sydney, Tokyo
Ecosystem Deep partnerships with leading datacenter, cloud and container titans
Customers 1,000+ enterprise customers, 75 of the Fortune 100
Community 5,000+ community-contributed modules, 7.5M lines of code
Users 40,000+ organizations using Puppet
Backers
4
5. 30,000+ people contribute to the
State of DevOps report; millions
benefit from the learnings.
It’s one of the longest running
and the largest body of DevOps
knowledge globally.
We are a leader in DevOps…
6. Automation drives performance
6
72%
High performers automate
of config management tasks
Time spent on manual processes
28% 46%
High performers Low performers
Source: State of DevOps Report. Download at puppet.com/state-of-devops-report
7. What DevOps Brings to the Table
7
• Offers new patterns and practices for managing infrastructure
• Encourages consistent, reliable behaviors
• Encourages us to express our infrastructure as code
• Encourages us to be transparent in our processes
• Encourages us to work collaboratively.
8. Modern versions of Windows
Server have greater automation
capabilities than ever before.
9
9. Day One Server Management
A Very, Very Basic Infrastructure Delivery Pipeline
10
SERVER IS
PROVISIONED
SERVER JOINS
ACTIVE DIRECTORY
SERVER IS
CONFIGURED WITH
BASE OS SETTINGS.
SERVER IS
CONFIGURED WITH
BASE SECURITY
SETTINGS.
SERVER IS
CONFIGURED WITH
APPLICATION TEAM
SETTINGS.
SERVER IS
DELIVERED TO
REQUESTOR.
10. Day Two Server Management
11
OS CHANGES SECURITY
CHANGES
APP CONFIG
CHANGES
WINDOWS
UPDATE
MIDDLEWARE
PATCHING
GPO or MANUAL GPO or MANUAL MANUAL
GPO, SCCM OR MANUAL GPO or MANUAL
11. 12
Continuous
Enforcement
Workflow
- OS Changes
- Security Changes
- Middleware
- App Config
SERVER CONFIGURATION IS
APPLIED AND CONTINUOUSLY
ENFORCED.
A CHANGE IS REQUESTED (GIT
PULL REQUEST)
THE IMPACT OF THAT CHANGE
IS ANALYZED ACROSS THE
INFRASTRUCTURE
IF NOTHING FAILS, THE
CHANGE IS DEPLOYED AND
APPLIED
12. 13
On-Demand or
Scheduled Task
Workflow
- Windows Update
- Middleware Patching
- App Config
OPERATOR AUTHENTICATES
WITH PUPPET ENTERPRISE
OPERATOR SCHEDULES OR
EXECUTES TASK
TASK RUNS AND RETURNS
RESULT
AUDIT LOGS AVAILABLE FOR
TASKS RUN AND RESULTS
13. 14
Server Lifecycle
Provision
Build and configure systems quickly and efficiently via self-service.
Integrate with tools like ServiceNow, vRA, Terraform to ensure accurate
configuration post-provisioning.
Maintain and Secure
Analyze and deploy changes.
Continuously enforce configuration and security policies.
Execute changes on demand with RBAC and logging.
Prove compliance.
14. How Puppet Complements Microsoft Native Tools
Problem/Need With Puppet
GPO provides no visibility
beyond individual user —
difficult during audits.
Shareable, version-controlled infrastructure-as-code with RBAC
change deployment process and intentional vs. corrective change
reports.
SCCM makes it difficult to share
across teams; poor visibility.
Day 1: Use SCCM to get system booted and on the network
Day 2: Use Puppet to bring it to desired configuration state.
PowerShell / PowerShell DSC
makes it difficult to share across
teams or reuse code at scale.
• Control change collaboratively with centralized tasks.
• Apply DevOps practices using CI/CD jobs.
• Specify common data once, then override it where default won’t
work using Hiera.
Windows infrastructure makes it
difficult to move to the cloud.
Ability to describe infrastructure as code at scale makes it easier to
port workloads between platforms, regardless of the AD domain.
15. Manage and Secure
16
Tasks
• On demand or
scheduled script or
command execution.
• Use the language of
your choice.
PowerShell friendly.
• Easy lift into an
automation
framework.
Desired
State
• Enforce security
policy regardless of
domain or cloud.
• Get consistent
configuration of
system in dev and
prod across any
cloud or local system.
• Integrates with
PowerShell DSC.
Plans
• On demand or
scheduled
orchestration of
commands, scripts,
tasks, additional
plans or even desired
state.
• Start quick with
YAML, mature into
Puppet language.
16. 17
Tips to Move into Puppet
POWERSHELL INTO TASKS
AND/OR PLANS
TAKE ADVANTAGE OF THE
PUPPET AGENT
EXPORTING GROUP
POLICY
17. ● Cross platform on-demand or
scheduled task execution
● Easily share scripts amongst team
members
● Integrates with Puppet Enterprise
RBAC, logging and a simple
execution interface
● Easily migrate scripts into Bolt Tasks
enabling version control and
collaboration
18. • Step based orchestration of commands,
scripts, tasks, plans and puppet code.
• Easily share workflows among team
members.
• Integrates with Puppet Enterprise RBAC,
logging and a simple execution interface.
• Start quickly with YAML plans or use the
puppet language for more advanced
features.
20. Taking Advantage of the Puppet Agent
21
● Deploy puppet agent to system in ‘noop’ or ‘report only’ mode.
● Identify resources that require management.
● Analyze impact of managing resources.
● Deploy infrastructure code to manage resources.