Infrastructure complexity and increasing efficiency requirements are creating new challenges for IT departments. At the same time, new compliance requirements have been introduced that demand the traceability of IT tasks. Despite increasing specialization, IT budgets are usually not increased. The key to these new challenges is to automate and delegate recurring and routine tasks with PowerShell into IT operations, which are still in their infancy in many ways.
The demands of SLAs, ever shorter response times and higher quality as well as the desire for greater efficiency in IT operations can only be met by IT teams in the future with the help of automation and delegation. This is the only way to create scope for business-driven IT projects.
Source: IDC newsletter “Optimization drives digital transformation” 2017
Automation languages have been available for years in both Windows and Linux environments. PowerShell is the ideal scripting language. However, a script language itself does not provide an organizational and technical framework for the controlled execution of a script, which makes automation and delegation safe and easy to implement.
For example, there is currently only one interactive command line interface that allows commands to be entered manually and scripts executed in the context of the user. If the shell is closed, all entered command lines and results are deleted and cannot be restored. Another problem is the assignment of rights. High system rights, which cannot or should not be assigned to every employee, are typically required to execute a script. A common approach to PowerShell is that the scripts are distributed among all administrators and stored in their personal folders, so there is no common library for scripts. The scripts are individually modified, run as administrators without rules and security policies on the console, and then closed.
In total, this approach results in three problem areas that prevent intelligent, secure, and easy automation and delegation with PowerShell:
The goals of efficiency and productivity through automation and delegation clash with the actual capabilities of the command line, orderly business processes, and service management requirements of ITIL.
Reproducibility, security of execution and traceability cannot be fully realized in practice due to the dispersion of scripts, their individual application and executability as well as security and compliance guidelines.
The goals of collaboration, development and distribution of skills and responsibility for scripts and processes collide with PowerShell’s lack of team support.
With ScriptRunner, you can resolve these problem areas and achieve intelligent, secure, and easy automation and delegation with PowerShell. Below are 10 good reasons for ScriptRunner that show why the platform is an optimal solution.
1. A comprehensive solution for PowerShell
ScriptRunner solves these and many other problems in ONE product and is suitable as a central platform for a multitude of application cases. ScriptRunner has been specifically designed and developed to meet the needs and requirements of PowerShell. With ScriptRunner many needs can be covered at the same time.
ScriptRunner is a comprehensive PowerShell automation and delegation solution that provides a secure and controlled environment. All scripts, policies, and settings are managed, configured, and controlled from a central point. Administrators and users can only perform actions according to their role. All actions performed and their results can be transparently traced. Connectors allow seamless, cross-system integration into automated or automatable procedures and processes.
ScriptRunner offers the following advantages:
Fastest entry into PowerShell
Secure runtime environment for PowerShell
Simple automation and delegation for recurring tasks
Fast creation and delegation of executable script actions via graphical user interface of the Delegate App
Secure delegation of tasks through complete decoupling of rights and roles
Fast and secure automation through integration of third-party systems such as monitoring, helpdesk and workflows with service catalogs, etc.
Transparency through central execution and monitoring
Complete traceability of all processes
The possibilities with ScriptRunner in the context of automation and delegation go even further. There are three simplified levels:
Interaction level for administrators, service desk and end users
Process control level e.g. through workflow and orchestration systems
Execution level for the actual interaction with the infrastructure
At the execution level, scripts and actions are controlled and executed by ScriptRunner as an automation platform, ensuring that results are ready and traceable. In addition, other systems such as monitoring systems or applications can be directly integrated at this level by the ScriptRunner connectors.
The browser-based Delegate App as well as the ISE App enable direct and fast interaction with the ScriptRunner platform. The Delegate App allows scripts to be executed role-based via the generic graphical user interface. The ISE App supports administrators in the development of scripts. In addition, service management applications, service and user portals and workflow systems can address and control all functions of the ScriptRunner platform. ScriptRunner communicates with these systems via a simple interface, making it easy to overcome the complexity caused, among other things, by different responsibilities and priorities.
2. Quick start into automation
To facilitate automation, the level of transformation or implementation can be determined, from “no automation” to “medium level automation” to “fully automated”. A study by IDC from 2017 shows that only 20% of all IT environments work fully automated, primarily with large cloud providers. The analysis also shows which possibilities and potentials can be tapped in the automation of IT operations.
Source: IDC newsletter “Optimization drives digital transformation” 2017
However, this knowledge alone is not enough. The decisive questions revolve around the right strategy, a practicable concept and pragmatic implementation that delivers
fast results and high benefits for the focal points in the company;
manageable investments with a return on investment of less than one year if possible;
reduced complexity and manageable demands on team and infrastructure;
a sustainable solution.
Two strategies, two very different results
There are two fundamentally different approaches to designing an automation strategy:
The top-down approach focuses on solutions and products for the full automation of the entire IT infrastructure and its processes. This approach is driven to a large extent by visions and often leaves operational requirements and framework conditions completely out of the equation. In practice, this regularly leads to very large and complex projects, the discussions and results of which take place primarily at meta level. This is also illustrated very well in the step-by-step model shown above. Automation projects with top-down strategies address the two upper stages of transformation in a comprehensible way and far too often without having already mastered the previous stages.
Top-down strategies show regularly:
Few and very late results for the actual operational concerns from day-to-day operations
Very high costs, due to the high complexity and the large scope
Lack of agility in the case of generally poor cost/benefit ratios
Very long terms, due to the extensive prerequisites to be created and the extensive sub-projects to be ramped up
Additional high workloads of the IT teams as well as new, broad skills and a lot of specialist know-how
High risk potential in case of missed targets or failure of the project
For successful automation of the entire IT infrastructure, it is essential to implement all stages of transformation in IT operations in the necessary sequence.
The bottom-up approach is based on the operational requirements and focal points of IT operations and focuses on rapid improvements with an agile approach. At the same time, however, the sustainability of the solutions and products should not be affected. With bottom-up strategies, the decision is made for a pragmatic approach, simpler platforms, more manageable projects as well as significantly lower costs that are distributed over the course of the transformation.
Bottom-up strategies are primarily distinguished by their high level of detail:
Fast results in day-to-day operations
Distributed and lower costs, significantly reduced complexity and a manageable scope in the individual stages of automation
High agility with very good cost-benefit ratios
Short project durations with few prerequisites in independent subprojects
Manageable workloads and gradual development of skills and experience
Manageable risk during implementation and in sub-projects
Fully automated IT infrastructure step by step
Fast results, low costs, low risks
ScriptRunner was designed and developed as an automation platform for PowerShell and a bottom-up solution. This strength also allows ScriptRunner to be used as an integrated component in existing automation environments where there is a lack of agility, practical orientation and pragmatic solutions for day-to-day IT operations.
ScriptRunner is an excellent foundation for step-by-step automation (see also illustration under reason 1). Based on automatable tasks and processes on the operational-technical execution level, further relevant systems such as monitoring, service applications, workflows and orchestration solutions can be included or built into the automation step by step. This agile, fast and pragmatic method enables cost savings and fast results in day-to-day business. ScriptRunner provides a measurable benefit and high value contribution at every level of automation to achieve full automation of the IT infrastructure
The easiest and quickest way to implement the ScriptRunner platform is during business operations according to our proven concepts and best practices. This does not require a separate, time-consuming and resource-intensive project. The commissioning as well as the first automation can be implemented within a few hours.
To enable optimal use of ScriptRunner and even faster results in day-to-day business, ScriptRunner Action Packs are available: The product- and topic-oriented packages cover many typical use cases and routine activities from day-to-day business and are designed for use with ScriptRunner.
ScriptRunner Action Packs offer the possibility to use PowerShell scripts for use cases and routine activities immediately with a graphical user interface and automation interfaces and to customize them if necessary. This simplifies the entry into automation with PowerShell and immediately generates measurable added value. With the option of automatic updating, the scripts are always kept up to date.
For a smooth introduction of ScriptRunner our Professional Services and Workshops are available in addition to the Action Packs. All services and workshops are led by experienced PowerShell experts and users and individually adapted to customer requirements. In addition to installation, setup and integration, we also offer the creation and customization of scripts.
By using standardized connectors, numerous third-party systems can be quickly and easily integrated with ScriptRunner to complete automation solutions:
Task and Event Automation
Service Management and Service Automation
Orchestration and Workflow Automation
3. Secure delegation of tasks
Many simple routine tasks are performed exclusively by admins could be delegated to other employees. However, this is often prevented by the necessary rights restrictions, as not all employees can or should be given the same access. The use of traditional admin tools for employee service desk is therefore ruled out in very many cases.
A number of advantages can be gained if recurring and delegable tasks can be mapped in PowerShell scripts and used quickly and easily by service staff and/or other administrators with a simple tool. In this sense, users should not be confronted with the complexity of a command line shell, but should be able to work as usual with a graphical user interface.
Advantages of a simple and secure delegation with PowerShell scripts and ScriptRunner:
Use Case focused implementation of individual IT tasks and topics; atomized administration and delegation
No complex administration tools and their setup necessary for Service Desk
No administrative rights on the systems necessary for employees in Service Desk
Role-based delegation of IT tasks
Reduction of complexity and security-relevant problem areas
Delegation with ScriptRunner
Admins and DevOps develop scripts in a team, supported by the integrated PowerShell ISE app.
Admins define all settings via the admin app, e.g. the configuration of execution policies and assignments.
With the Delegate App a user starts a delegated action in his role by means of a graphical generic interface. A configurable, interactive feedback shows the user the status and result of the execution.
ScriptRunner executes the action with the necessary administrative rights in a controlled manner.
ScriptRunner logs the results completely and centrally.
When delegating actions with ScriptRunner, roles and rights are completely decoupled, resulting in a high level of security! The traceability of the delegation with ScriptRunner is guaranteed, because the result is completely logged and therefore cannot be manipulated.
ScriptRunner Delegate App
The Delegate App allows the execution of delegated actions with scripts by Helpdesk and Support staff. The masks for necessary entries are created automatically and the entries are checked. A configurable, interactive feedback shows the user the status and result of the execution.
Delegation within a team
ScriptRunner facilitates delegation within a team by allowing scripts to be prepared and delegated to teammates. This reduces complexity and specialization and creates new possibilities for employee substitution during absences. Scripts can be executed easily and securely via a graphical user interface without scripting knowledge and the necessary rights.
Delegation between admin teams
In addition to delegation within a team, ScriptRunner can also be used to delegate scripts between admin teams. This possibility comes into play when cross-team activities are interdependent. If one team provides corresponding actions to the other via delegation, reaction times can be shortened and the effectiveness of team interactions can be noticeably increased. In addition, dependencies between different admin teams can be greatly reduced or completely eliminated.
Delegation to Service Desk
With ScriptRunner, service desk employees can perform a variety of tasks that were previously impossible due to the lack of script usage options. This is because complex administrative interfaces are often deliberately not made available to the service desk due to their high complexity and employees’ lack of expertise in handling scripts.
With the ScriptRunner Delegate App Service Desk, employees can safely execute scripts via a simple graphical user interface without requiring scripting knowledge and administrative access rights to the systems. This makes support processes more efficient by allowing service desks to quickly perform actions such as deactivating users, resetting passwords and many other everyday tasks without compromising security.
4. Simplicity, security and control
ScriptRunner enables easy, secure, and controlled automation with PowerShell. The automation with PowerShell can be very clearly designed and implemented with ScriptRunner, supported by the bottom-up approach.
A high level of security is ensured by completely decoupling roles and rights for all automated tasks and processes. What’s more, all actions are reproducible with ScriptRunner and a high process security is offered. Only authorized and authenticated persons are authorized to execute tasks and the integrated systems authenticate each other.
In order to achieve controlled and transparent automation, all executed actions must be traceable at all times and down to the smallest detail. ScriptRunner therefore fully logs the results of the automation processes. This gives you complete control over the automation and ensures full traceability of all processes. With ScriptRunner, automation scripts are run in a controlled manner and in the assigned security context.
Partial and full automation with ScriptRunner and PowerShell
It often makes sense to start with a limited automation where the controlled script sequence must be released by an employee. Once you have gained confidence and experience in automation, you can upgrade to full automation. Employees no longer have to intervene in the automation process anymore, all processes run fully automatically.
Automation with ScriptRunner using the example of Monitoring Event Automation
Monitoring systems use sensors to monitor IT landscapes, register alarms and threshold violations and report these to the user. Without the use of SR, the monitoring system strikes, the user receives a message, logs on to the system, searches for the explicit problem and then fixes it. Without automation, messages triggered by the same event are often processed manually by admins. For these reproducible cases an automation with ScriptRunner is the best solution.
In a monitored system, the monitoring system acts as a sensor and ScriptRunner displays the actuator that triggers the sensor. The actuator scripts and connectors for ScriptRunner are included and can be used immediately.
This is how automation with ScriptRunner works
A source system or a workflow generates an event.
The integrated third-party system triggers the event
The integrated system uses the connector to call an action.
ScriptRunner executes the action with the necessary administrative rights in a controlled manner and logs it completely.
The results of the executed action are delivered by ScriptRunner to the integrated third-party system.
Wide range of automation solutions with ScriptRunner
The possibilities of automation with ScriptRunner are not only limited to monitoring systems. The standardized connectors enable fast and easy integration of many different third-party systems into the ScriptRunner environment:
Monitoring: e.g. PRTG, Server-Eye, Icinga
Workflow systems: e.g. Matrix42 Workflows, Automic, Sharepoint etc.
Service Management: e.g. Matrix42 Service Store, ServiceNow etc.
Applications: e.g. Office365, Microsoft Azure, Citrix, VMware, Oracle, and many others
5. Shorter response times and reduced complexity
The Service Level Agreements (SLAs) precisely describe guaranteed performance characteristics such as response times and processing speed. With lengthy and complex processes, however, it is difficult if not impossible to meet the SLAs 100 percent of the time. By simplifying processes and shortening the processing chains for tickets and messages, complexity can be reduced, making it easier to meet the specified response times.
Reduce response time by delegating PowerShell scripts
The following scenario represents a classic situation in an IT department without delegation with ScriptRunner:
A user calls the service desk and asks for help. The service desk employee understands the problem, but cannot solve it himself. Because of the role and rights concept, he does not have the authorization to perform the required action. He therefore contacts the administrator team, which has the necessary rights. For more complex processes, other actors are involved. For example, the user reports to First Level Support, who contacts Second Level Support, which ultimately depends on the support of Third Level Support. This long processing chain leads to very long response times and poor service quality.
When PowerShell scripts are delegated with ScriptRunner, roles and rights are completely decoupled, which is why service desk employees can easily perform actions using the graphical interface without having to have administrative rights. This allows, for example, tasks to be delegated from Second Level Support to First Level Support. Work processes are minimized, ensuring fast response times and high service quality.
In an optimal support process, actions can also be delegated directly to the user, reducing the processing chain to one link. Instead of long waiting times, users can easily execute the actions themselves via a generic graphical interface without having any scripting knowledge. Such a support process can be easily implemented with the help of ScriptRunner.
Reduce response time by automating with PowerShell scripts
The following scenario shows a typical monitoring process of IT landscape without automation with PowerShell and ScriptRunner:
Monitoring systems use sensors to monitor and register alarms and threshold violations, which they then report to the administrator. When the monitoring system is triggered, the administrator or monitoring team receives a message. An administrator then logs on to the reported system, searches for the specific problem and fixes it. The response time therefore depends on the respective administrator and number of incoming messages. An inexperienced employee who has to process many alarms in a short period of time will find it very difficult to comply with the specified response times.
In addition, experience in IT operations shows that many alarms and threshold violations can be traced back to the same events. An automatic correction would therefore be very advantageous for these cases.
ScriptRunner enables both partial and full automation with PowerShell
In the case of partial automation, the automated process is still explicitly released by an employee. The fact that only a release action by the administrator is required already significantly improves efficiency, reproducibility and security. In the example of monitoring automation, this would mean that the administrator receives an alarm and can start a suitable action in ScriptRunner in the Monitoring Console to solve the problem and display the result.
With fully automated monitoring, no employee has to intervene in the automation process. The integrated monitoring system calls an action via the ScriptRunner Connector. ScriptRunner executes this action in a controlled manner with the necessary administrative rights. In this case, the response times only depend on the speed of the infrastructure involved.
Reduction of reaction time through automation and delegation with ScriptRunner
6. Sustainable increase in efficiency and reduction of operating costs
The efforts required for day-to-administration tasks and routine activities are still very high in many companies. This has been shown by many investigations and studies of renowned companies (see also the beginning of our series). The data reflects the perceived reality of most administrators. To some extent, IT operations still resemble the procedures of an upscale manufactory. A sustainable increase in efficiency is not only urgently required, but also possible.
Many different factors impede efficient work in IT departments. Some are just a few examples:
Too many routine tasks are performed manually by administrators, although they could also be performed by employees in the service desk. For security reasons and because of complex administration interfaces, delegation is avoided here.
A high level of complexity in the system landscape requires specialists, but these are not sufficiently available. Administrators have to be multifunctional all-rounders, but have too little time to familiarize themselves with special topics due to routine activities.
Many similar manual tasks are performed by different administrators. Due to their basic concept, the graphical administration tools cannot force similar processing. Everyone clicks differently, and at times not correctly. The result: high susceptibility to errors with very low reproducibility and even less traceability.
The susceptibility to errors necessarily leads to increased post-processing efforts. Due to the lack of prerequisites for reliable reproducibility, small operating errors can have fatal consequences, which can only be eliminated with enormous effort.
The organization of IT operations in companies is a major challenge. Compliance with SLAs, IT process standards and various regulations have led to very complex processes with too many switching points. The upshot of these factors is inefficiency and lack of transparency, although an improvement in these parameters was actually intended.
Delegation and automation of routine activities
How much specialist knowledge is required for the recurring creation and management of users, groups, mailboxes and the assignment, modification and deletion of rights to various data and applications in daily operations?
These routine tasks can be performed by employees in the service desk and self-service. If you have the right prerequisites!
This is quite simple. The mentioned routine tasks are mapped in PowerShell scripts, e.g. in the ScriptRunner Action Packs. A set of rules is configured for the execution of the scripts. A simple graphical browser application then allows the user to use the script.
The figure shows the input mask for a user creation by a service desk employee in practice with a script from the ScriptRunner Action Pack for Active Directory. Only the first and last name as well as the department have to be entered. All other information is automatically generated according to the rules and stored in the AD. By adapting configurations or scripts, company-specific requirements can be integrated in the shortest possible time.
The creation of a new user is thus greatly simplified and can be delegated from the IT department to other areas of the company, such as HR.
Creating a new user with ScriptRunner
In addition to partially automated delegation, many activities can also be completely digitized and automated. Thus, individual tasks can be triggered and monitored automatically with a workflow. The actual execution of the individual tasks in the IT infrastructure is controlled by ScriptRunner using PowerShell scripts. Or an actuator network can be set up and controlled by ScriptRunner as an effective automation solution for sensor-based monitoring by monitoring systems. All these possibilities and measures allow efficiency to increase in leaps and bounds.
Shared specialist know-how
Companies often use a large number of systems that require more and more specialist knowledge. However, it is neither possible to find enough specialists nor to deploy them efficiently in the long term. Therefore, all administrators are required to constantly renew and expand their knowledge.
In practice, different administrators have different domains of expertise and focus on a selection of topics. But what happens in the event of incidents and escalations in absentia? How can one anchor the external expertise so that it can be leveraged for activities and tasks in IT operations?
Here, too, ScriptRunner can fully exploit its advantages with the PowerShell scripts. Special tasks and processes that require specialist knowledge can be mapped in scripts. The targeted and secure execution of these scripts is controlled by ScriptRunner. With the delegation functions and the simple web interface, other administrators in the team can also perform these tasks. By separating access rights for the action and the execution of the script, administrative access can also be effectively restricted.
Task templates instead of freestyle
Graphical management interfaces for IT infrastructure and applications tend to be unsuitable for reproducible execution of tasks and processes. This is, for example, the result of the infamous concept of Click, Copy & Paste. There are no restrictions or guidelines on how to click on the mouse and keyboard for free design.
Scripts are a real alternative for ensuring efficient reproducibility. A specific administrative process is anchored in a script. This is executed again and again in the same way if all users use the same script in the same way in the form of task templates. These templates include not only the PowerShell script and the necessary input forms, but also the execution of the entire task including generation of reports. This is exactly what ScriptRunner ensures at all times.
Reduced rework for troubleshooting
Carelessness can quickly lead to mistakes. Especially with recurring routine activities, errors creep in with increasing frequency. The elimination of errors and the associated side effects requires additional manual effort. Valuable time is lost; in the worst case, there is a risk of lost working time at the end user. It is often difficult to trace the causes and the course of events, which is a prerequisite for any subsequent improvement.
Central, guideline-based automation of routine tasks can prevent errors to a considerable extent as well as the associated efforts to eliminate them. The PowerShell Script Policies in ScriptRunner provide features to reduce error susceptibility. Controlled delegation of tasks also helps.
Simplified processes and responsibilities
Complex processes and diverse responsibilities in IT operations are part of day-to-day business. With delegation and increased automation, it is possible to simplify and streamline processes. The efficiency gain is significantly higher than the implementation effort – especially if a bottom-up strategy is pursued. This strategy deliberately addresses individual pain points and tasks. PowerShell scripts in combination with ScriptRunner follow exactly this approach. Step by step, tasks are implemented script by script. The ScriptRunner Action Packs already deliver a variety of cases out-of-the-box. Setting up and delegating tasks with these packages only takes a few minutes. Each additional task in ScriptRunner immediately leads to the desired effects in efficiency, reproducibility, security, traceability and control.
Increased efficiency with ScriptRunner
By using ScriptRunner, the efficiency in IT departments can be significantly increased. Employees have more hours available for relevant projects. With the help of ScriptRunner, workloads for recurring tasks can be reduced through automation and delegation.
With the help of automation and delegation with ScriptRunner, a much larger number of standard tasks can be executed in less time than before. The increase in efficiency is also reflected in the fact that more systems can be managed by the same team. This means that IT teams in operation are prepared for the introduction of additional new systems, in turn freeing up a significant amount of time to drive innovation forward.
Reduction of operating costs with ScriptRunner
Increasing efficiency also reduces operating costs in IT operations. The calculation of these costs can be based above all on variables for calculating the working time volume per task and activity:
Minutes or hours to complete a task
Set-up times for interruptions and reworking
Relocation of effort to lower-pay areas
Sample calculation of savings potentials
According to experience, ScriptRunner can save 2-4 hours per admin per month and another 3-5 hours by delegating tasks with the help of ScriptRunner. This potential is significantly increased if more PowerShell scripts and associated automation possibilities are used.
Fast return with multiple cases
For an IT team with 10 administrators and more than €50 full costs per hour, the potential cost reduction from the start is between €3,000 and €5,000. If you consider the license costs, internal implementation costs and the running costs for ScriptRunner, the deployment pays off within 9 to 12 months after implementation at the latest.
Efficiency gains with ScriptRunner
7. High reproducibility of recurring tasks
Unfortunately, the level of reproducibility and comparability of recurring administrative tasks is still too low. This can be learned from studies, but even more from the experiences reported by administrators and discussions with IT teams. Reproducibility in IT operations is not only achieved by working with process instructions and IT management tools.
Unfortunately, PowerShell and PowerShell scripts in their original form do nothing to improve this state.
There are 5 reasons for this, among others:
PowerShell as command language and PowerShell scripts per se allow an extreme variety of solutions. This advantage of very high flexibility turns into a disadvantage in terms of reproducibility when there is no strict control over the use of PowerShell.
The central storage of scripts on a shared network drive does not prevent every administrator from creating and using a personal and customized version. This thoroughly human behavior is already known from Office and document templates.
The different execution of PowerShell scripts by different IT systems very often makes it necessary to adapt the scripts to ensure they can be executed on the respective system, although it involves the same Use Case. It is natively not possible to use the same PowerShell script through various ways from different systems in the same way.
For the execution of PowerShell scripts, corresponding administrative rights on the respective systems are necessary. In order to remain capable of action, many administrator accounts are granted a whole range of rights. This can quickly become a major security problem if accounts are compromised the user’s knowledge.
The same applies to graphical management tools. In addition, these tools are used in the infamous Click, Copy & Paste. Unfortunately, the latter is also not a sufficient prerequisite for reproducibility in the narrower sense.
Why is the reproducibility difficult and at the same time to create?
To achieve a high degree of reproducibility, also in IT operations, and to safeguard it over the long term, it is worth looking outside the box. If we look at the processes involved in the manufacture of physical goods, we can see that the following conditions must be met:
Processes, procedures and tasks must be separable into (many) sensible individual steps.
A high level of detailed knowledge is required for the individual steps and their dependencies.
It depends on a continuous and gradual approach with continuous improvement
Constant control and transparency over the quality of the individual steps and the overall product reduce the number of rejects.
Deviations must be traceable and the causes must be made transparent.
Starting with the individual steps with the greatest current pain points, effective improvements can be achieved quickly and without excessive complexity.
PowerShell deployment control
The system only provides an interactive command line interface for PowerShell, where commands can be entered manually or scripts can be executed interactively in the context of the user of the shell. If the shell is closed, all entered command lines and the resulting results are lost irrevocably. Logging, which can be switched on, is hardly a help, since it has to be evaluated manually again. The free operation with the Command Line Interface is therefore no solution for reproducibility.
Instead, the execution of PowerShell scripts should be bound to effective script policies and also to one or more centrally monitored execution instances. This concept separates the execution of PowerShell scripts from the task to be performed by the user. A script is always executed in the same context, with the same security settings, the same method, and the same parameter set – regardless of whether it was triggered manually, time-controlled, or event-driven.
Reproducibility through central processes
Centrality is the key
For the reproducible use of PowerShell scripts by different administrators and the Service Desk, it is necessary to centrally organize and manage the PowerShell scripts including change history, including the guidelines for their execution. On which system is which script executed, with which default settings and rights? Who is allowed to initiate the execution? Which entries and choices are allowed?
All these factors and parameters are provided, controlled and monitored by a central ScriptRunner platform. Each PowerShell script controlled by ScriptRunner increases the reproducibility of a task, while reducing error susceptibility and complexity and increasing security and efficiency. The central reporting and easy evaluation of the results create the necessary transparency for the quality of the scripts and their use. Deviations can be quickly identified via specific integrated views and used for continuous improvement.
8. Reduce risk and prevent follow-up work
Mistakenly running scripts on the wrong systems or with the wrong permissions is a typical side effect of using PowerShell without an effective frame. Complex rework, system failures, and broken SLAs can result. The gaps in PowerShell that cause these risks can be effectively closed with ScriptRunner.
In addition, there are other risks (not exhaustive) associated with native use of PowerShell:
Interactive use on the command line requires corresponding rights for the user who is to execute the script. Therefore, PowerShell is often only used by specialists. This also prevents delegation of tasks to other administrators and helpdesks.
Administrators and PowerShell users use different scripts, usually their own, for the same task or use case. Thus, reproducibility in execution is impossible. Without a central management of the scripts other results arise with the same target system. This results in a sometimes laborious and time-consuming traceability.
Many of the PowerShell scripts have a very high functionality and therefore complexity. The smallest error in the application or execution can lead to a large damage. This can result in downtime, time-consuming troubleshooting and troubleshooting.
For the scripts no execution guidelines can be defined per se with native PowerShell. Unchecked flexibility faces significant security issues.
Credential authentication is the most common form of access identifier in PowerShell. Because this is security-critical, sensitive access information with administrative privileges, security must be a top priority. However, the most common methods for dealing with credentials have considerable gaps.
Channel and eliminate risk
Central management and reporting
For the reproducible use of PowerShell scripts by different administrators and the service desk, it is necessary to centrally organize and manage the PowerShell scripts including change history. The execution of scripts should be centrally monitored and controlled, while guidelines provide the framework.
The central ScriptRunner platform provides the necessary functions, controls and monitors the use of all scripts. All scripts, guidelines and necessary settings are centrally managed, configured and rule-controlled.
In order to achieve a controlled and transparent automation with PowerShell, all executed actions must be traceable at any time and down to the smallest detail. ScriptRunner fully logs the results of script execution. This gives the administrator complete control and complete traceability of all delegated and automated processes.
Execution guidelines with high functionality
ScriptRunner can be used to set specific policies for performing actions. On which system is which script executed, with which default settings and rights? Who is allowed to trigger the execution? What input and choices are allowed?
Many risks can be significantly reduced by using these execution guidelines, since all actions always run in the same way according to defined guidelines. Admins use the Admin app to configure policies and assignments. With ScriptRunner the PowerShell scripts always run in a controlled manner in the assigned security context. Furthermore, all actions are reproducible and a high level of process security is ensured.
Roles and rights
The complete decoupling of roles and rights for all tasks and processes eliminates and reduces access risks. Only authorized and authenticated individuals are authorized to perform tasks and the integrated systems authenticate each other.
Separation of roles and rights
Using PS Credential Objects with ScriptRunner
With ScriptRunner credentials can be safely stored. Under the menu item “User Accounts” all privileged accounts are managed which ScriptRunner should use to execute actions on other systems. The assignment can be made at the level of a target system, an action and a bulk container.
If additional credentials are required in a PowerShell script, for example to execute scripts via Jumphost (PowerShell’s double hop problem), a credential must be defined in the script. If PowerShell is used natively, information about the privileged account is fully visible. If such a script falls into the wrong hands, there is an immediate high risk of attack.
With ScriptRunner these risks are eliminated because only credential variables are available in the script. There is no reference to the username or password used! This information is only introduced into the PowerShell process during ScriptRunner runtime. The assignment of which credentials should be used is defined in the execution policy for the action.
Configuration of additional credentials
Secure handling of privileged accounts and credentials
In all cases, it is no longer necessary to enter a user name or password interactively. This eliminates the need to share administrative account information with service desk users so they can perform a PowerShell action.
The advantages of ScriptRunner in handling privileged accounts and PowerShell credentials at a glance:
Credentials or Privileged Accounts are securely stored
Secure delegation of PowerShell actions now possible at all
There are no references to usernames, passwords or credentials used in the script.
No interactive input is necessary for the execution of scripts.
ScriptRunner creates important prerequisites for a high level of security in automation and delegation with PowerShell scripts.
9. More freedom for innovations and projects
According to a study by Dimension Data and IDC, IT departments spend more than 30 percent of their time responding to service requests and resolving issues. Only 15 percent of their time is used to develop digital innovations – with a downward trend.
There are many reasons for this, but some can be identified:
More and more systems and applications to manage
Related to this is the explosive growth in data to be managed
The associated complexity in the IT landscape
More and more specialization and detailed expertise required
Mechanization, partial or full automation
A closer look at the IT operations in many companies reveals parallels to the first industrialization. Although many activities are performed with the help of computer-aided administration tools, they are still carried out manually. Essentially, therefore, they actually resemble mechanical processes.
According to the interviewees of the above-mentioned study, a very large potential exists, especially with regard to automation in IT:
9 percent stated that their infrastructure is not automated at all
A further 13 percent rated their infrastructure as slightly automated
32 percent currently said only partial automation was implemented
Save time through automation and delegation
Practical experience shows that automating administrative tasks significantly eases the daily workload of IT teams. This also leads to faster response times in service management and processes, while increasing reproducibility and transparency of the latter.
The upshot: Potential error sources are reduced and the quality of IT operations is reinforced. Employees thus have noticeably more time at their disposal to implement projects and drive innovations forward. In addition, capacities that are lost today for troubleshooting, troubleshooting, reworking, routine activities or monitoring can finally be used again for new projects.
The path to automation often passes through the stations of delegation and partial automation until it ends in full automation. In the first step of delegation, the execution of the IT task itself is automated, the triggering and application is delegated to the service desk or to the departments themselves. In a partial automation, for example, the steps of recognition (monitoring with sensors) and correction (actuators, scripts) of errors and states are automated. The release or the transition between both steps is still done manually; for example, with a “Fix now” button. In the last step to full automation, manual release is omitted. The subsystems communicate directly, manual intervention only takes place in exceptional cases. ScriptRunner offers numerous interfaces to third-party systems for the creation of fully automated processes.
Source: EME Research Report – Data Center Automation in the Age of Cloud
From routine to delegation and automation with Action Packs
Delegation, partial and full automation are the central areas of application for ScriptRunner. Many recurring tasks, such as routine onboarding processes, overlap in most IT teams. With ScriptRunner Action Packs, delegation and automation are even faster and easier to implement for precisely these tasks. The product- and topic-oriented packages contain PowerShell scripts that cover typical use cases and routine tasks in day-to-day business. The user can access a collection of use cases from various areas such as Active Directory, Office 365 and Exchange and many more. All scripts are created according to Microsoft’s best practices for PowerShell Scripting, are publicly available and can be used immediately with ScriptRunner.
The ScriptRunner Action Packs offer a relief for PowerShell beginners, developers and admins. In addition to valuable time, training costs in PowerShell and scripting are also reduced because not every script has to be completely rewritten. The time and cost savings can be invested in projects to drive digital innovation.
With ScriptRunner, IT operations are freed up by automating and delegating routine tasks using PowerShell scripts. This significantly reduces the IT department’s workload and allows the time saved to be invested in improvement and innovation projects.
10. Fast implementation in day-to-day operations without project requirements
The introduction of new software often poses great challenges for those affected in the company. Projects are launched and employees are released to enable a smooth project flow. But the reality is often quite different. For many IT teams, lack of results, ongoing delays and failed projects seem to be part of everyday life.
According to a Europe-wide study by the Economist Intelligence Unit (EIU) economic research institute on behalf of BTO provider Mercury, only 49% of all technology projects succeed as planned. This is due to several factors:
Solutions are overloaded with requirements, a particularly high risk with top-down approaches.
The more complex a planned solution is, the more complex the project becomes.
Due to a lack of project experience, goals are poorly defined and employees are not properly planned.
If an employee must manage the introduction of a new software alongside his daily tasks, he will give it low priority and delay the introduction at best. In the worst case, the project will fail at this early hurdle.
That is why we have developed ScriptRunner for a bottom-up approach that can be easily and quickly implemented. This provides fast results to operational hot spots and at the same time provides the opportunity to expand the solution step by step on a daily basis.
The goal of ScriptRunner is to minimize the risks of a software implementation so that no separate project is needed.
Installation, setup and integration of ScriptRunner
The implementation of ScriptRunner takes place according to our Best Practice. This starts in the customer environment, where the software is installed and configured in a two-hour remote session. In addition, the first PowerShell scripts are put into operation or ready-made templates from our Action Packs are used. Afterwards there is the possibility to test further scripts with ScriptRunner during a test period and to map individual deployment scenarios.
Thanks to the already implemented Use Cases, ScriptRunner can be transferred directly into the operational business, without the need for a complex project an additional effort.
Reaching your goal together with ScriptRunner Professional Services
If a company decides to use ScriptRunner, we are happy to help with the first steps. Together we install, configure and integrate the ScriptRunner platform into the company’s system environment and make it accessible to the users.
The ScriptRunner Action Packs shorten the introduction to PowerShell automation. The product- and topic-oriented packages contain PowerShell scripts that cover typical use cases and routine tasks in day-to-day business in the areas of Active Directory, Exchange, Office 365, Windows Server and Client, VMware, Citrix and many more.
We also support the integration of third-party systems with our connectors.
ScriptRunner implementation is demonstrably fast and can be carried out directly in day-to-day operations without any additional project effort. Companies can thus benefit from its potentials and capabilities from the very first script. The Action Packs also make it easier to get started in automation with PowerShell.
https://www.scriptrunner.com/wp-content/uploads/2020/12/xmas-fun-powershell.jpg10001000Bruno Buyckhttps://www.scriptrunner.com/wp-content/uploads/2018/05/ScriptRunner_Logo_RGB-300x45.pngBruno Buyck2020-12-23 10:00:412021-01-07 16:26:55X-mas Fun with PowerShell and ScriptRunnerScriptRunner Software GmbH
https://www.scriptrunner.com/wp-content/uploads/2020/12/citrix-virtual-desktops_Zeichenfläche-1.png10001000Guy Leechhttps://www.scriptrunner.com/wp-content/uploads/2018/05/ScriptRunner_Logo_RGB-300x45.pngGuy Leech2020-12-07 17:01:102021-01-07 16:32:42An Introduction to PowerShell in Citrix Virtual Apps and Desktops