I’m the “PowerShell guru” at work and I really want to get into DSC, but there’s always some basic product issue holding me back.
What worries me is that Microsoft is pushing DSC as an alternative to Group Policy but this is like saying C# is an alternative to Excel. Sure, technically you can sum up tabular data with both but the user experience is not even remotely the same.
Everything I have found in the past related to DSC boiled down to “you can write your own things using this baroque nonstandard system” which doesn’t appeal to me. I’d rather write a script or tick a checkbox in a GPO. The in between space occupied by DSC doesn’t feel like a good fit for anyone.
Worse, DSC was always a half-baked solution made by a tiny team. This new version seems extra underfunded. There’s no documentation to speak of! I can’t even find what operating systems they support, for example.
I want declarative state configuration as a concept, but I don’t think PowerShell DSC can deliver this. The industry has moved on to container images, scale set images, and monolithic executables as produced by dotnet and go.
Yep, DSC is cool, if it fits exactly your use case its very cool, and generally it seems like a huge PITA to manage on any level and nobody uses it but very expert level powershell people doing DoD stuff or similar.
The exact use case is if you have to deploy slightly customized windows installs on a daily basis.
You know you need it when you have a document that details all the steps in setting up windows itself and a couple of common softwares. Then someone ham fists something every once in a while and causes confusion for everyone.
The Alternatives MS provides to Group Policy are SCCM compliance, intune compliance and Settings Catalog via Intune. GP sucks and I think anything else is better, especially with it's weird double negatives in setting descriptions and names.
1. I'm loosely following the development for DSC (v3 or v2-tooling) and never have I heard Steve Lee, Michael Greene or Michael Lombardi advocate DSC as an alternative to GPOs.
2. How do you get to the conclusion that DSC is a non-standard system. What's your point of reference with that statement? I am not aware of any standard out there, but I'd love to be educated. I have the same question about the baroque-statement. Yes, DSC is old, but so are Chef and Puppet.
3. Why do you say DSC is half-baked? It was never intended to be an Alternative to Chef and Puppet, if that is what you're comparing it to. It's intended as a foundation for tools like Chef and Puppet.
3a. You want declarative state as a concept and that is exactly what DSC delivers.
4. The industry has not moved on to container images. These are two separate "movements" and there still is very much a need for bare-metal services. And this is still very prevalent with Microsoft services like AD, Exchange, SharePoint, SQL, or other Software like Veeam, ... I don't understand once more what your point of reference is with this statement.
The only part where I agree is that DSC is underfunded. That is factually true with v2, where in fact it wasn't funded at all for a decade. I believe DSC v3 is backed by Microsoft with a small budget, but it still isn't clear to me what the end goal is.
I think it is a good decision to remove the need to compile into MOF, which simplifies a lot of the process. At the same time I wonder why they would remove the LCM, which complicates the entire process of having state re+applied to a machine when it deviates locally.
And then of course, DSC v3 still doesn't do much if there's no tooling around it. Azure has configuration management based on DSC, but it is a pain to learn and to configure in my experience. I really, really wish Microsoft would have a holistic approach, but my impression is that they don't and just fiddle around individual components, without a clear picture of the desired end result.
What worries me is that Microsoft is pushing DSC as an alternative to Group Policy but this is like saying C# is an alternative to Excel. Sure, technically you can sum up tabular data with both but the user experience is not even remotely the same.
Everything I have found in the past related to DSC boiled down to “you can write your own things using this baroque nonstandard system” which doesn’t appeal to me. I’d rather write a script or tick a checkbox in a GPO. The in between space occupied by DSC doesn’t feel like a good fit for anyone.
Worse, DSC was always a half-baked solution made by a tiny team. This new version seems extra underfunded. There’s no documentation to speak of! I can’t even find what operating systems they support, for example.
I want declarative state configuration as a concept, but I don’t think PowerShell DSC can deliver this. The industry has moved on to container images, scale set images, and monolithic executables as produced by dotnet and go.