A Word on DSC Push Configuration
Due to space constraints in this book, I’ll simply give you the barebones, “need-to-know” information regarding setting up a DSC pull server. Let’s do that in a stepwise fashion, covering the highest-level steps:
- Download and install the xPSDesiredStateConfiguration custom DSC resource from the TechNet Script Center or by using OneGet.
- Create and deploy your pull server configuration script. The recipe I recommend for your config script comes to us courtesy of the Windows PowerShell team directly: http://bit.ly/1ARl7pc.
- Create and deploy an LCM configuration script. You can find an excellent example at Pwrshell.net (http://bit.ly/1ARmlAJ).
These settings are important because we change the configuration mode from push to pull and we specify the URL of the pull server’s web service. We also specify how long the client waits before updating its DSC policies.
The communication between the node and the web service occurs over HTTP or HTTPS, depending on your authentication requirements. That’s an important point, actually; you want to do what you can to ensure that your nodes are pulling configuration from legitimate DSC pull servers. It would be a very bad day indeed if a malicious individual stood up a bogus pull server and borked up your DSC client nodes in the absence of Secure Sockets Layer / Transport Layer Security (SSL/TLS) server authentication.