Feeds:
Posts
Comments

Posts Tagged ‘System Center’

A while ago I wrote a post about integration between SharePoint 2010 and System Center Orchestrator, and the solution has been successfully used so far in my company. Since then, we moved to SharePoint 2013 and Microsoft released their new runbook engine – “Service Management Automation” (SMA) that integrated with the Windows Azure Pack (WAP). So, after we deployed WAP I was looking for an option to integrate between our SharePoint and the new runbook engine but found that the existing solutions are the same as they were for the Orchestrator – implemented by an infinity loop that queries a SharePoint list every specific interval. As I explained in my previous post this implementation is not efficient as it executes a lot of unnecessary queries and includes a delay of up to the interval time till the runbook kicks off. So I decided to adapt my previous solution to the new SMA engine. The attached solution uses SharePoint BDC to expose the SMA runbooks as an external list. The list contains a column called “InitValue” and by updating its value, the selected runbook will be triggered and the new value will be provided as the runbook’s first parameter. This external list allows users to create a SharePoint workflow (using SharePoint designer) that will execute a SMA runbook by using the “Update List Item” action, picking the desired runbook from the list and setting the parameter’s value. To send more than one parameter you can pass the current record Id as a parameter and then query the record’s values from the runbook. The solution also allows the administrator to filter the runbooks that are exposed by the external list, to include only runbooks that are tagged with a specific name.

Required Ingredients:

  1. SMA server with at least one runbooks that accepts zero or one parameter
  2. SharePoint 2013 with the BCD service and the Security storage service enabled and attached to your web application.
  3. The “SMA BDC connector” (download link at the bottom of this post)

Deployment:

  1. Deploy the provided WSP File. You can accomplish that by executing the following cmdlets on the SharePoint server:
    Add-SPSolution {extract path}\SmaBdcConnector.wsp
    Install-SPSolution -Identity SmaBdcConnector.wsp -GACDeployment
  2. On the Business Data Connectivity Service set the object permissions of the new “Runbook” type and give the end users the Execute permission.
  3. Create a new Secure Storage Target Application with the following configurations:
    1. Name: “C60.SmaBdcConnector”
    2. Type: “Group Restricted”Secure Storage Target Application
    3. On the fields definition page, add the last 2 fields:
      Name Type Mask
      Windows User Name Windows User Name False
      Windows Password Windows Password True
      URL Generic False
      Tag Filter Key False

      BDC Fields

    4. On the permission page, set the Members to the end users group. I used “Everyone”BDC Permissions
  4. Choose the new store application and click “Set credential”:
    1. Username/Password – user that has permission to execute the SMA’s runbooks. The username should include the domain (Domain\username). You can grant a user the required permission by adding it to the local group “SMA Administration Group” on the SMA server.
    2. URL of the SMA services. The format is (if deployed with the default port): https://{SMA Server}:9090/00000000-0000-0000-0000-000000000000
    3. Optional – to filter the runbooks list for only a specific tag, type in the “Tag Filter” field the required tag name.BDC Set Credentials Fields
  5. Create an External List based on the “SmaBdcModel” External content type.
  6. Edit one of the workflows on the list, set the value of the “InitValue” field to the value of the first parameter.
  7. Check that the runbook was executed.

Download the WSP file and source (15.2 MB)

Advertisements

Read Full Post »

So I needed to automate some configuration tasks on a Cisco ASA firewall, and thought it will be an easy task since it has an SSH interface. But after a couple of failed tries and some searching on the web, I realized that I could not use the standard SSH command mode to access the ASA and that the only working and reliable solution out there (that I found) was on this post: “How to automate scripted commands to a Cisco ASA via ssh“. However,  it relies on the “Expect” Linux command, and in my case, I preferred to execute the script directly from the System Center Orchestrator machine, which is windows based. Some blogs mentioned the windows Plink.exe command as an option too, this solution worked but it did not allow to do validations and extra logic during the script execution, as the script is sent to the device in one block. I also found this PowerShell module “SSH from PowerShell using the SSH.NET library”  that sounded promising at first, but  works with the standard SSH command and when trying to use it, I was not able to connect to my ASA firewall.
Finally, I decided to develop my own PowerShell module base on the SSH.Net library, but unlike the above module, I will be using only the SSH shell stream to interact with the device. The tricky part of working with shell stream is that there is no notification when a command execution is completed. One way to overcome this is by checking for available data on the output stream. Most of the commands’ script are easy to handle because it is valid to assume that the command execution is completed as soon as there is something in the output stream. The problem is that this assumption is not true for long-running commands that report their progress during the execution. To support this kind of commands I needed to add support for specifying a timeout before assuming the command was completed and also allow to specify a regular expression to ignore progress messages when waiting for the command output. The module also handle cleaning extra BS(\u0008) characters from the output stream. That noise characters usually appeared when executing a long command.
Proof of concept – script to create a new network object:

Import-Module SshShell

$elevatedPrompt = "#.$"
$configPrompt = "\(config\)#.$"
$objectPrompt = "object\)#.$"

$s = New-SshSession -SshHost $asaIP -User $user -Password $password
Send-SshCommand $s "enable" -Expect "Password:"
Send-SshCommand $s "$elevatedPassword" -Expect $elevatedPrompt

Send-SshCommand $s "show run object id $objectId" -Expect $elevatedPrompt

if ($s.LastResult -match "does not exist") {
	Send-SshCommand $s "conf t" -Expect $configPrompt
	Send-SshCommand $s "object network $objectId" -Expect $objectPrompt
	Send-SshCommand $s "description $description" -Expect $objectPrompt
	Send-SshCommand $s "host $hostIP" -Expect $objectPrompt
	Send-SshCommand $s "end" -Expect $elevatedPrompt
	Send-SshCommand $s "write mem" -Expect "[OK]" -WaitUnlimitedOn "configuration\.\.\.|Cryptochecksum|copied"
}

Close-SshSession $s

Notes:

  • These PowerShell variables are prepopulated with values and have self-explanatory names: $asaIP, $user, $password, $elevatedPassword, $objectId, $description, $hostIP.
  • The value of the “Expect” parameter is a regular expression. If the result of the command doesn’t match that expression an exception will be thrown.
  • To access the result of the Send-SshCommand cmdlet you can either use the cmdlet output or use one of the session variable properties: LastResult, LastResultLine or AllResult.

To deploy the module, just copy the SshShell folder to one of the PSModulePath values (for Orchestrator server copy it to “SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\Modules”) and make sure the dll files are not blocked. The module works with PowerShell 2.0 and require .net framework 3.5.

Download the module and the source

Read Full Post »

Sending email notifications regarding a working item in Service Manager is a common requirement that doesn’t really exist out of the box. Travis had published, a while ago, a plug-in called “SCSM SendEmail”. This plug-in though filling that gap, still was missing some of the common requirements:

  • Supporting only Incident – you cannot send email notifications about a service request.
  • Adding new email template required a new workflow and manual updates to the management pack XML, which means the end user cannot do it alone.
  • There is no way to send notifications to email addresses that do not exist in the SCSM user list. In my environment, for example, I needed to send the notifications to all the email addresses in a specific field of the work item.
  • Does not provide a way to “Set First Response” or change the work item status to “Pending”
  • It has some multi users/messages reliability issues:
    • When you are trying to send the same message content again, even if you are changing the template, it will not send it and there will be no indication that the message was not sent.
    • When you are trying to send a second message while the work item is open in the console, the first message will not be sent and there will be no indication as well.
    • When you are trying to send a second message while the work item is not open in the console and before the previous sending workflow has been started, it will send two emails but both with the content of the second message.

All these issues forced me to develop a custom solution (When I started to work on this, Travis’s project was part of the exchange connector and was not published as an open source).
I built the console task “Send notification” and a supporting workflow, using the “SendEmail Activity” that I showed in my previous post, which solved all of the above problems and also allowed the console user to choose between the affected user and the assigned user as the email recipient.

Send Notification Task

Send Notification Task

Send Notification Dialog Box

Send Notification Dialog Box

 

When you select “Affected Contacts” or “Both” as a recipient the email will be sent to the affected user and to any email address in the “alternate contact” field.
The templates drop-down list shows all the email templates that relate to an incident/service request depending on the current item type, this way any end user, with the right permissions, can simply add more templates and with no delay start using them.
In case the user tries to send a second message before the first one was sent, he will get a popup message to try again in a few seconds.

The solution contains two management packs:
C60.Incident.Notification.mpb –

  • Contains the types’ extension to incident and service request. I’m using the same extension field’s names as in Travis’s solution, adding one extra filed called “MessageToAssignedUser” that sets the notification recipient.
  • Contains the “Send Notification” Console Task and a supported assembly. The package also hides the out of the box “Mark as first response” and “Request User Input” console tasks.
  • Contains empty email templates (the email body will include just the message from the dialog box) for incident and service requests that will be used when the user chooses “No Template” in the templates combo.

C60.Incident.Notification.WF.xml –

  • Contains two workflows (one for incident and one for service request) that do the actual sending. Here is the workflow as shown in the authoring tool:
    Send Notification Workflow

    Send Notification Workflow

    The workflow’s trigger condition is when a work item’s “MessageTemplateId” field is updated from null to a different value. When executed, the workflow checks the “MessageToAssignedUser” field and based on its value sets the notification recipients:

      • True – will send the notification to the assigned user.
      • False – will send the notification to the affected user / contacts.
      • Null – will send the notification to the assigned user and the affected user / contacts.

    After the send email activity, the workflow will clear the “MessageTemplateId” field.

To deploy the solution, just import both packages using the SCSM console and copy the content of the “SCSMExtension” folder to the SCSM folder (%ProgramFiles%\Microsoft System Center 2012\Service Manager). The “SCSMExtension” folder contains an assembly for each workflow and my custom workflow activity assembly.

To open the workflows in the authoring tool you will need to deploy the custom workflow activities as described in my previous post.

The source code and binaries for this article are available here

Read Full Post »

The Problem:
There are many blog posts and discussions about sending email notifications from Service Manager. Although Out-of-the-box, Service Manager has strong capabilities for notifications such as:

  • Template editor that allow the end user to insert relevant entity fields into the mail body
  • The ability to allow the end user to specify events conditions that will trigger specific notification, using a simple wizard.

What is missing is the capability to use this functionality from inside a SCSM Workflow.
There are some solutions provided by Travis (SendEmail) and German (http://scsmsource.blogspot.co.uk/2011/04/work-item-assignmentreassignment.html), however both these solutions do not allow customization to the workflow in the Authoring Tool.
In my SCSM environment I needed the capability to send notifications as part of more complex workflows and was also required to send the notification to external emails not defined in the SCSM users DB.

The Solution:
After learning German’s solution, I noticed that he is using an out-of-the-box workflow (from the ‘WorkflowFoundation’ assembly) to send the notifications. I dug deeper (using reflector), and found that the workflow used an activity called ‘SendNotificationsActivity’ – exactly what I was looking for. Unfortunately, this activity is not compatible with the authoring tool, so to use it, I needed to wrap it with my own custom activity. In doing so, I also added a property that can contain email addresses, separated with semicolon, and these addresses will be added to the email recipients. (Link to the final result + source code can be found at the bottom of this post).

The attached assembly contains the “Send Email Notification” activity and some other useful activities that can help build more advanced workflows. For deployment follow these links: How to Install a Custom Activity Assembly

SCSMCustomActivities

To send an email, drag the “Send Email Notification” activity to the required section on the workflow designer and configure the following properties:

Property’s Name
Description
EmailAddress List of email addresses, separated with semicolon, which will be added to the email recipient.
InstanceId Related object Guid. This object will be used as the template source object.
PrimaryUser1 Primary user’s internal Id (Guid) that will get the email.
PrimaryUserRelationship1 Full Name of the relationship to the instance class, which contains the primary user.
TemplateDispalyName2 Name of the email template that will be used.
TemplateId Email2 template internal Id (Guid)

1 – Either PrimaryUser or PrimaryUserRelationship has to be configured.
2 – Either TemplateDispalyName or TemplateId has to be configured.

Example:

SendEmailNotification Configuration

Similar to the other solutions, this solution is not supported by Microsoft, which means that you might need to do some adjustments in future version of SCSM. Hopefully, these kinds of basic capabilities will be in the product itself in the next version and we will not need such custom solutions.

In the next post I will show you how I used these activities to create improved “SendEmail” solution.
The source code and binaries for this article are available here

Read Full Post »

The problem:
SharePoint workflows, which are based on Microsoft WF, are a great way to automate processes that require human interaction and can be easily managed through SharePoint designer, without any custom development. But when it comes to automating IT processes, Microsoft provides us with another workflows engine called Orchestrator (part of System center). The Orchestrator has a variety of activities and integration packs that make him a powerful tool for implementing IT runbooks.
I needed a solution for users who design SharePoint’s workflows, using the SharePoint designer, to easily create workflows that will include execution of Orchestrator’s runbook. Using the SharePoint OIP (Orchestrator Integration Packs) you can monitor a SharePoint list for a change and execute a runbook as a result (as described here). However, this monitoring approach is based on pooling, so for example, if I’m using the default 30 seconds for pooling interval with the above approach for a task that is usually required once a week, it will generate more than 20,000 unnecessary queries against the SharePoint. Then, when the user will update the list’s item it will take up to 30 seconds before the workflow will start.
And so, it would seem that triggering the runbook from SharePoint will be a much better solution.

(more…)

Read Full Post »

The Problem:
System Center Orchestrator 2012 exposes a data service that enables to query and execute runbooks.  But working directly with the data service is like executing a WCF service by manually composing the SOAP messages. There are no type-safe parameters, no intellisense and you need to type the exact path of the runbook or even worse, specify GUIDs . Developing and testing a code that is involved with runbooks execution quickly becomes a cumbersome and tedious task.

The Solution:
The solutions is a Visual Studio item template.  When you add it to an existing project, it will ask for the Orchestrator server’s details and generate hierarchy of proxy classes that match-up with the Orchestrator server folders’ hierarchy, and within every class there will be methods that will match-up with the runbooks on said folder that accept the runbook’s parameters. In addition, the runbook’s description will be appended to the method’s remark summary, which makes the Visual Studio intellisense more helpful. Every class that contains runbooks also implements an interface named “I{ClassName}” that include these methods for easier testing. After adding this item to your project you will be able to execute a runbook as seen in the following code:

 OrchestratorReference orchestratorReference = new OrchestratorReference();
 Guid jobId = orchestratorReference.Development.Utils.WriteErrorLog(message, activity, runbook);

The OrchestratorReference object can be initialized with the credentials for accessing the Orchestrator web services.Ex:

 OrchestratorReference orchestratorReference = new OrchestratorReference();
 NetworkCredential cred = new NetworkCredential(userName, password, domain);
 orchestratorReference.OrchestratorServiceCredentials = cred;

In case the runbook path’s prefix depends on development environments you can use the “AddReplaceFolderPrefix” method to dynamically replace the path prefix. Ex:

 OrchestratorReference orchestratorReference = new OrchestratorReference();
 orchestratorReference.AddReplaceFolderPrefix(@"\Development\", @"\Production\");

All the runbooks’ functions return the job Id that was created on the Orchestrator server. The execution of the runbooks is asynchronized, to wait for the runbook completion and optionally collect the runbook’s return values, you can use the created job Id with the following methods:
Sync:

 Guid jobId = orchestratorReference.Development.VMManager.VM.GetNextVMName("Test##");
 Dictionary<string, string> result = orchestratorReference.GetJobResult(jobId);
 string nextVMName = result["nextVMName"];

Async:

 public async Task GetNextVMName(string template)
 {
   OrchestratorReference orchestratorReference = new OrchestratorReference();
   Guid jobId =
         orchestratorReference.Development.VMManager.VM.GetNextVMName(template);
   Dictionary<string, string> result =
                     await orchestratorReference.GetJobResultAsync(jobId);
   return result["nextVMName"];
 }

The T4 template, responsible for generating the code, removes any classes/methods duplication and will name classes/methods with Pascal-case and methods parameters with camel-case. It also removes from the class/methods’ name any un-letter prefix characters, so if the folder name includes an index number prefix, this index will be truncate and will be visible only from the class/methods remark’s summary.

Deployment:

  1. Extract the zip file available for download at the bottom of this post.
  2. Execute the “DeployItemTemplate.cmd” file.

Using:

  1. Open Visual Studio 2010.
  2. Click on add -> new item… in a project from which you need to execute a runbook
  3. Choose the “Orchestrator Reference” template from the template list, type in a file name and click OK.
    Orchestrator Reference - add item template
  4. Type the Orchestrator server’s name, port number where the Orchestrator service is listening (default 81) and if SSL is required.
  5. Click on the “Load” button. The wizard will load the folders structure from the Orchestrator service and will enable to specify which folders to include in the new generated class.
    Orchestrator Reference
  6. Click the “Add” button.
  7. Optional – Expand the template file to check the generated cs file.
  8. Happy developing!

Source & Binary

Read Full Post »