Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > ServerTemplates > Infinity > ST > Base ServerTemplate for Windows (v14 Infinity) > Base ServerTemplate for Windows (v14 Infinity) - Runbook

Base ServerTemplate for Windows (v14 Infinity) - Runbook

Table of Contents    

Infinity

Leading edge features

   ►  Runbook
  • Reference

 

Common Operational Tasks

Install RightScale Powershell Library

Installs the RightScale Powershell Library, which is a prerequisite before you can run the 'SYS Setup firewall rule' and 'SYS Dump firewall rules' operational scripts.

Join or Leave Active Directory Domain Controller

To connect a remote server to a domain controller that was launched in a cloud using the Microsoft Active Directory ServerTemplate, you must first configure the domain controller to accept ingress communication from the remote server. See the Create a Windows firewall permission steps.

By default, remote servers will connect to the domain controller using tags. However, you may need to connect servers where tags are not available or supported. For example, perhaps the remote server is located in a different cloud/region where it does not have access to the domain controller on the private network or the tag scope of the deployment that contains the domain controller is not set to be account-wide and the remote server is located in a different deployment than the domain controller. In such cases, you can either connect to the primary AD server using an IP address or FQDN.

  1. Make sure the domain controller is configured to accept requests from the remote server. You may need to update the domain controller's firewall permissions accordingly.
  2. If you used a ServerTemplate to launch the remote server, run the following RightScripts as 'Any Scripts' on the running server. If you anticipate performing this action more than once, you may want to edit the ServerTemplate and add these RightScripts to the Operational Scripts list.
    • Execute the SYS Install RightScale Powershell library (v14.x) operational RightScript to satisfy the prerequisites for the subsequent join/leave scripts. Wait for the script to be completed.
    • Run the SYS Join AD domain (v14.x) operational RightScript. Once the script is completed, check the server's tags to verify that it properly joined the correct AD domain.
Input Name Description Example Value
AD_ADMIN_ACCOUNT

This is a login for account with administrative right in Active Directory. Example: Administrator.  

(Note: "Administrator" will be used as a default value for the AD_ADMIN_ACCOUNT input if it's unset at launch time. However, the input must match the value specified for the ADMIN_ACCOUNT_NAME input that was set for the AD servers.) ​

text: Administrator
AD_ADMIN_PASSWORD Specify the new password for the 'administrator' user specified by the AD_ADMIN_ACCOUNT input. It's strongly recommended that you use a credential to hide this value. cred: AD_ADMIN_PASSWORD
AD_CONTROLLER_IP If the remote server is going to connect to the AD domain controller using an IP address, specify the IP address of the AD domain controller that the server will connect to. Make sure the IP address matches the selected interface. (AD_NETWORK_INTERFACE) text: 192.23.45.678
AD_DOMAIN_NAME If the remote server is going to connect to the AD domain controller using a FQDN, specify the FQDN that points to the primary Active Directory controller that the server will join. 

text: ad-primary.example.com

AD_NETWORK_INTERFACE

The interface used for domain communication.

  • private
  • public
text: public

Enable or Disable Windows Firewall

Run the 'SYS Enable Windows Firewall' and 'SYS Disable Windows Firewall' operational scripts to enable or disable Windows firewall settings. Add the script to the "Boot Scripts" list to enable Windows Firewall by default at boot time when a new instance is launched.

Add or Remove Firewall Rule

Run the 'SYS Setup firewall rule' script to creates or remove firewall rule based on the following inputs.

Input Name Description Example Values

FIREWALL_RULE_ACTION

Specify whether you want to enable or disable network access by either creating or removing a firewall rule. 

  • Enable
  • Disable
text: Enable
FIREWALL_RULE_PORT

Number of port or comma-separated list of ports. Each port should be integer value in range 1..65535. Ex: 80

text: 80
FIREWALL_RULE_REMOTE_IP

Specify the IP address or range of IP addresses in CIDR notation with optional inversion flag. This parameter could be of one of the formats below:

  • Individual IP address in dot-decimal notation, ex: 10.10.1.32
  • IP address followed by a slash and decimal number of leading bits in subnet mask. Ex: 92.16.2.0/24
  • IP address followed by a slash and subnet mask in 4-dots decimal format. 92.16.2.0/255.255.255.0
  • Any of the format above with preceding exclamation mark so the whole thing represents inverted set of IP addresses (i.e. all IPs except specified by IP address or range). Ex: !92.16.2.0/24
  • 'Any' keyword, case insensitive.
text: 192.16.2.0/24
FIREWALL_RULE_PROTOCOL

The protocol for the firewall rule. Supported protocols are TCP and UDP.

  • tcp
  • udp
  • both
text: tcp

List all Firewall Rules

Run the 'SYS Dump firewall rules' script to display a list of all firewall rules or only rules created by RightScripts (those which have 'RightScale' prefix in the name). This behavior is controlled by FIREWALL_RULE_DISPLAY_ALL input. If displaying only RightScale rules is selected the script also collects list of all IP addresses that are granted network access to the current instance to simplify a network security audit.

Input Name Description Example Values

FIREWALL_RULE_DISPLAY_ALL

Specify whether you want to display a list of all firewall rules or only the rules created by RightScripts (those which have 'RightScale' prefix in the name).

  • True
  • False (default)
text: True

Configure the Windows Updates Policy

By default, no Windows updates are applied to a running server. However, you can set the following input and run the 'SYS Set Windows Automatic Updates Policy' operational script to define how Windows automatic updates should be applied to an operational Windows server.

Input Name Description Example Values
WINDOWS_AUTOMATIC_UPDATES_POLICY

Define the Windows automatic updates policy. Default is no auto updates.

  • Disable automatic updates
  • Install updates automatically
  • Notify before download
  • Notify before installation
text: Install updates automatically

Configure the Windows Reboot Policy

Some Windows updates require a server to be rebooted in order to complete the installation process. However, you might want to reboot the instance at a more convenient time in order to reduce the amount of site downtime or negative impact to your end users. In such cases, you can set the following input before running either the 'SYS Install All Windows Updates' or 'SYS Install Microsoft update by KB number' operational script to specify whether or not an instance is allowed to reboot after the script is run. Reboot is not allowed by default.

Input Name Description Example Values
WINDOWS_UPDATES_REBOOT_SETTING

Defines whether or not the instance is rebooted after installing a Windows update. 

  • Do Not Allow Reboot
  • Allow Reboot
text: Allow Reboot

Install Windows Updates

Run the 'SYS Install All Windows Updates' operational script to download and install all new Windows updates. Any updates that require a user to accept a EULA are NOT installed. Use the WINDOWS_UPDATES_REBOOT_SETTING input to control whether or not the instance is rebooted after the updates are installed, if required.

Input Name Description Example Values
WINDOWS_UPDATES_REBOOT_SETTING

Defines whether or not the instance is rebooted after installing a Windows update. 

  • Do Not Allow Reboot
  • Allow Reboot
text: Allow Reboot

Install Microsoft Knowledge Base (KB) Article Updates

Set the following input and run the 'SYS Install Microsoft update by KB number' operational script to install a specific KB update.

To apply the KB updates to the running server at boot time, add the script to the end of the "Boot Scripts" list.

Input Name Description Example Values
KB_ARTICLE_NUMBER

Microsoft KB number of update to be installed. Use format KBxxxxxx (x is digit) or just xxxxxx to specify the number. You can either specify a single KB article number or a comma-separated list.

text: 961402
WINDOWS_UPDATES_REBOOT_SETTING

Defines whether or not the instance is rebooted after installing a Windows update. 

  • Do Not Allow Reboot
  • Allow Reboot
text: Allow Reboot

Register with a Windows KMS Server

Set the following inputs and run the 'SYS Activate Windows with KMS server' operational script to activate the instance's license with a Microsoft Key Management Server (KMS). Before you run the script, make sure that the KMS server's firewall settings are configured to accept a request from the instance. 

Input Name Description Example Values
KMS_HOST

Specify the FQDN or IP address of the KMS server with whom the instance will activate its license e.g., kms.mydomain.com

text: kms.example.com

text: 10.567.333.45

KMS_PORT The port number that the instance will use to connect to the KMS server. Default value is 1688 e.g., 1688 text: 1688
You must to post a comment.
Last modified
15:28, 15 May 2014

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.