In the latest release of Azure Automation,
we introduced the ability to connect into on-premises systems using Hybrid Runbook Workers. With the new Hybrid Runbook Worker feature, you can now manage resources that span across clouds and datacenters, without ever needing to open any outbound ports.
In this post, we will walk you through the basics and some key features of the new Hybrid Runbook Worker functionality. Let us start with introduction to Azure Automation
What is Azure Automation?
In case you are not familiar with us yet, Azure Automation is an IT process automation service for managing your resources anywhere (public, hosted or private cloud). You can use it to automate the creation, monitoring, deployment, and maintenance of resources in your Azure environment. Dev/Ops can use Automation to construct, run, and manage runbooks to integrate, orchestrate, and automate IT processes. Automation runbooks run on the Windows PowerShell Workflow engine
For more details, see https://azure.microsoft.com/en-us/services/automation/
Now, let us talk about the Hybrid Runbook Worker
feature and start with some basic questions - what exactly is a hybrid worker, why I do need it, and how do I use it?
What is a Hybrid Runbook Worker?
The Hybrid Runbook Worker feature
in Azure Automation allows you to run runbooks on machines located in your datacenter in order to manage local resources. The runbooks are stored and managed in Azure Automation and then delivered to one or more on-premises machines where they are run.
Overview of Hybrid Automation
Until the Hybrid feature was available, Azure Automation was used primarily to manage your resources in the cloud since these runbooks execute in the cloud. Now with Hybrid Runbook Workers, you can manage on-premises resources by running the runbooks on the Hybrid Runbook Workers that are located in in your local datacenters.
Runbooks and referenced assets are all stored in Azure automation, and during execution time they get delivered to one or more on-premises machines (designated as Hybrid Runbook Workers) where they are run. The runbooks send the detailed job information to Azure Automation for troubleshooting so that you can monitor all of your job output, no matter what resources you are managing, though a single location. See below
for specific details on how Assets and modules are used on a machine designated as a Hybrid Runbook worker. You don’t need to open any firewall rules, just make sure that this designated Hybrid Runbook Worker has access to Internet
Why use Hybrid Runbook Workers?
- Hybrid workers enable the use of Azure Automation as a single solution for managing your resources, whether they are in public clouds such as Azure, AWS, or other service providers or on-premises solutions such as Microsoft or other non-Microsoft stacks (for example VMWare or OpenStack).
- Using Azure Automation with hybrid workers removes the need to deploy, maintain, and upgrade on-premises automation products such as Service Management Automation, Orchestrator, or others.
How do I use Hybrid Runbook Workers?
Step 1: Identifying the on-premises machine
Here are a few recommendations to take into consideration when you are selecting the on-premises machine:
- Hybrid Runbook Workers run on Windows Server 2012 and above.
- It is recommended to select highly available machine(s) in your environment to be designated as Hybrid Runbook Worker, just like your Service Management Automation (SMA) Runbook worker or System Center Orchestrator (SCO) Runbook Server machine. Hybrid workers can co-exist with SMA or SCO environments.
- Consider using a machine closer in location to your Azure automation region, since once the runbook completes, the entire job data will be sent back to Azure Automation.
Step 2: Installing and configuring a Hybrid Runbook Worker
We use the Operations Management Suite
(OMS) Microsoft Management Agent (MMA) channel and Intelligence pack/solution channel to deliver the Hybrid Runbook Worker bits to the on-premises machines, which you designate as Hybrid Runbook Workers.
Complete details for installing and configuring the Hybrid Runbook Worker can be found at https://azure.microsoft.com/en-us/documentation/articles/automation-hybrid-runbook-worker/
Step 3: Starting runbooks on a Hybrid Runbook Worker
Starting a Runbook in Azure Automation
describes different methods for starting a runbook. Hybrid Runbook Worker adds a Run On
option where you can specify the name of a Hybrid Runbook Worker Group. If a group is specified, then the runbook is retrieved and run by one of the workers in that group. If this option is not specified, then the runbook is run in the Azure cloud as normal.
When you start a runbook in the Azure preview portal, you will be presented with a Run on
option where you can select Azure
or Hybrid Worker
. If you select Hybrid Worker
, then you can select the Hybrid Runbook Worker group from a dropdown.
Hybrid Runbook Worker Groups
Each Hybrid Runbook Worker is a member of a Hybrid Runbook Worker Group that you specify when you install the agent. A Group can include a single Worker, but you can install multiple Workers in a Group for high availability.
When you start a runbook on a Hybrid Runbook Worker, you specify the Group that it will run on, and the job could be executed by any of the workers in the Group. You cannot specify a particular worker currently.
Creating runbooks for Hybrid Runbook Worker
There is no difference in runbooks that run in Azure Automation and those that run on a Hybrid Runbook Worker. However, runbooks written for Hybrid will likely differ from other runbooks since runbooks used with the Hybrid Runbook Worker will typically manage local resources in your data center while runbooks in Azure Automation typically manage resources in the Azure or other cloud. For example, you can use Hybrid Runbook Workers to manage your VMs on Hyper-V or run runbooks migrated from System Center Orchestrator. Another good use is for modules that cannot be installed in Azure Automation. You can install these modules on Hybrid workers and use them in your runbooks. A good example of that is being able to manage VMware with VMware PowerCLI cmdlets.
For details on migrating your Orchestrator Runbooks to Azure Automation, see https://www.microsoft.com/en-us/download/details.aspx?id=47323
Debugging and Troubleshooting:
When the runbook job completes on a Hybrid worker, it sends the detailed status back to Azure Automation where you can view and troubleshoot the job in the same way you troubleshoot jobs run in Azure.
Using Assets from Azure Automation
Automation Assets such as variables, credentials, connections, and certificates can be used in your runbooks that run on Hybrid workers. The assets are stored in Azure Automation and will be automatically delivered to the worker for use in the runbook that references them.
Currently you cannot schedule a runbook on a Hybrid worker. An alternative is to schedule another runbook that runs in the Azure cloud and uses the Start-AzureAutomationRunbook cmdlet to start a runbook on a worker.
Since the primary purpose of the Hybrid Runbook Worker feature is to manage local resources, you will need to install the modules that support these resources. These modules are not automatically deployed to Hybrid workers, so you must install them manually on each worker as of now. However, we are working to automatically deploy those modules to your workers in the near future.
Runbooks will run in the context of the local System account on the Hybrid Runbook Worker, so they must provide their own authentication to resources that they will access. They cannot use the same method that is typically used for runbooks authenticating to Azure resources
since they will be accessing resources outside of Azure.
You can use Credential
assets in your runbooks with cmdlets that allow you to specify credentials so you can authenticate to different resources. The following example shows a portion of a runbook that restarts a computer. It retrieves credentials from a credential asset and the name of the computer from a variable asset and then uses these values with the Restart-Computer cmdlet.
$Cred = Get-AutomationCredential "MyCredential"
$Computer = Get-AutomationVariable "ComputerName"
Restart-Computer -ComputerName $Computer -Credential $Cred
You can also use the InlineScript
activity, which will allow you to run blocks of code on another computer with credentials specified by the PSCredential common parameter
Hybrid connectivity in Azure Automation using Hybrid Runbook Worker is a powerful capability that makes Azure Automation a platform for managing your workloads anywhere (datacenters, private, public and hosted clouds) .
Check out other new features released recently:
In future posts, I’ll fill you in on new capabilities we add to Hybrid Runbook Worker and also example scenarios. Until then, happy automating!
Just getting started with Azure Automation? Learn about the service here
, and follow Azure Automation