Moving to new authentication method, more in depth documentation

Author: Cameron Battagler

samples/manage/azure-automation-automated-export/AutoExport.ps1

@@ -31,11 +31,12 @@ $retryLimit = 5;
 # The number of minutes you want to wait for an operation to finish before you fail.
 $waitInMinutes = 30;
 
+# Connection Asset Name for Authenticating (Keep as AzureClassicRunAsConnection if you created the default RunAs accounts)
+$connectionAssetName = "AzureClassicRunAsConnection";
+
 $storageKeyVariableName = "STORAGEKEYVARIABLENAME";
 $storageAccountName = "STORAGEACCOUNTNAME";
-$automationCertificateName = "CERTIFICATENAME";
-$subId = "00000000-0000-0000-0000-000000000000";
-$subName = "SUBSCRIPTIONNAME";
+$storageContainerName = "STORAGECONTAINERNAME";
 
 function LogMessage($message)
 {
@@ -147,7 +148,7 @@ function StartExport($dbObj)
 	# Get the storage context.
 	$stgctx = New-AzureStorageContext -StorageAccountName $global:storageAccountName -StorageAccountKey $storageKey;
 	# Start the export. If there is an error, stop the export and set the state to ToDrop.
-	$dbObj.Export = Start-AzureSqlDatabaseExport -SqlConnectionContext $ctx -StorageContext $stgctx -StorageContainerName autoexportcontainer -DatabaseName $dbObj.DatabaseCopyName -BlobName $blobName;
+	$dbObj.Export = Start-AzureSqlDatabaseExport -SqlConnectionContext $ctx -StorageContext $stgctx -StorageContainerName $global:storageContainerName -DatabaseName $dbObj.DatabaseCopyName -BlobName $blobName;
 	# $? is true if the last command succeeded and false if the last command failed. If it is false, go to the ToDrop state.
 	if (-not $? -and $global:retryLimit -ile $dbObj.RetryCount)
 	{
@@ -266,11 +267,25 @@ function ExportProcess
 	}
 }
 
-# Get the certificate to authenticate the subscription
-$cert = Get-AutomationCertificate -Name $global:automationCertificateName;
-# Set the subscription to use
-Set-AzureSubscription -SubscriptionName $global:subName -Certificate $cert -SubscriptionId $global:subID;
-Select-AzureSubscription -Current $global:subName;
+# Authenticate to Azure with certificate
+Write-Verbose "Get connection asset: $connectionAssetName" -Verbose;
+$Conn = Get-AutomationConnection -Name $connectionAssetName;
+if ($Conn -eq $null)
+{
+   throw "Could not retrieve connection asset: $connectionAssetName. Assure that this asset exists in the Automation account.";
+}
+
+$CertificateAssetName = $Conn.CertificateAssetName;
+Write-Verbose "Getting the certificate: $CertificateAssetName" -Verbose;
+$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName;
+if ($AzureCert -eq $null)
+{
+   throw "Could not retrieve certificate asset: $CertificateAssetName. Assure that this asset exists in the Automation account.";
+}
+
+Write-Verbose "Authenticating to Azure with certificate." -Verbose;
+Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert;
+Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID;
 
 $currentIndex = 0;
 for($currentRun = 0; $currentRun -lt ([math]::Ceiling($databaseServerPairs.Length/$batchingLimit)); $currentRun++)

samples/manage/azure-automation-automated-export/README.md

@@ -8,35 +8,18 @@ author: trgrie-msft
 
 Provides the scripts and lists the steps to set up automatically exporting your databases to Azure Storage with Azure Automation.
 
-## Azure Automation Set Up
-
-1. Create and uploade the certificates that you will use to authenticate your connection to azure.
-	- Run powershell as admin.
-	- Run the New-SelfSignedCertificate command: 
-
-
-	`$cert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName <certificateName>`
-
-	- Export the certificate as a .cer file
-
-	`Export-Certificate -Cert "cert:\localmachine\my\$($cert.Thumbprint)" -FilePath <PathAndFileName>.cer`
-
-	- Create a corresponding pfx certificate by taking the thumbprint of the newly created certificate and running these commands:
-
-	`$CertPassword = ConvertTo-SecureString -String <YourPassword> -Force -AsPlainText`
-	
-	`Export-PfxCertificate -Cert "cert:\localmachine\my\$($cert.Thumbprint)" -FilePath <PathAndFileName>.pfx -Password $CertPassword`
-
-	- Upload the .cer file to your subscription [in the old portal](https://manage.windowsazure.com/)
-	- Upload the .pfx file to the certificates under Assets in the automation account that you want to use on Azure. You will use the password you gave in the previous step to authenticate it.
-2. Create new a new credentials asset to authenticate your server with.
-	- Under assets, click on Credentials, and then click on Add a credential.
-	- Name the credential and give the username and password that you will be logging into the server with.
-3. Create a new variable asset to pass the storage key of the Azure storage account you will be using.
-	- Under assets, click on variables and then Add a variable.
-	- Give the value of the storage key and you can make it encrypted so that only Azure Automation can read the variable and it won't show the key in plaintext if someone looks at the variable.
-4. Set Up Log Analytics (OMS) and Alerts
-	- If you don't have Log Analytics set up on your Azure account, follow [these](https://azure.microsoft.com/en-us/documentation/articles/automation-manage-send-joblogs-log-analytics/) instructions for setting it up.
+## Prerequisite Set Up
+
+1. Create and set up your Azure Automation Account
+	- Create an Azure Automation Account by [following the instructions here](https://docs.microsoft.com/en-us/azure/automation/automation-sec-configure-azure-runas-account).
+2. Add Azure Automation Credential assets for your SQL Azure servers
+	- Create your Automation Credential for each of your SQL Azure servers you intend to export by [following the instructions here](https://docs.microsoft.com/en-us/azure/automation/automation-credentials#creating-a-new-credential-asset).
+3. Create the Azure Storage Account to hold your bacpac files
+	- Create the Storage Account by [following the instructions here](https://docs.microsoft.com/en-us/azure/storage/storage-create-storage-account#create-a-storage-account).
+	- Copy your Storage Account access keys by [following the instructions here](https://docs.microsoft.com/en-us/azure/storage/storage-create-storage-account#view-and-copy-storage-access-keys).
+	- Create an Azure Automation string Variable asset for your Storage Account access key by [following the instructions here](https://docs.microsoft.com/en-us/azure/automation/automation-variables#creating-an-automation-variable).
+4. Set Up Log Analytics (OMS) and Alerts (optional for alerting)
+	- If you don't have Log Analytics set up on your Azure account, [follow these](https://docs.microsoft.com/en-us/azure/automation/automation-manage-send-joblogs-log-analytics) instructions for setting it up.
 5. Set Up Log Analytics Alerts
 	- To send yourself an email if an error occurs or one of the jobs fails, you need to set up alerts.
 	- Select your log analytics account that you want to use in the azure portal and click on the OMS Portal box under Management.
@@ -55,9 +38,7 @@ Provides the scripts and lists the steps to set up automatically exporting your
 	- $waitTimeInMinutes: This tells the script how long it can wait for an operation to complete before it fails.
 	- $storageKeyVariableName: This is the AutomationAccount you created the StorageKey variable under (probably the same one you are running the RunBook under) and -Name is the name of the variable.
 	- $storageAccountName: This is the name of the storage account you are exporting to.
-	- $automationCertificateName for Get-AutomationCertificate: This is the name of the certificate you setup to authenticate with Azure.
-	- $subId: The ID of the subscription you are using. This will be used to tell Azure Automation which subscription to use.
-	- $subName: The name of the subscription you are using. This will be used to tell Azure Automation which subscription to use.
+	- $connectionAssetName: Connection Asset Name for Authenticating (Keep as AzureClassicRunAsConnection if you created the default RunAs accounts) 
 2. In AutoExportBlobRetention, here are the values that need to be modified:
 	- -Name for Get-AzureAutomationVariable: This is the AutomationAccount you created the StorageKey variable under (probably the same one you are running the RunBook under) and -Name is the name of the variable.
 	- $storageContainer: This is the name of the storage container where you will be monitoring the exported blobs.