This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| Desired State Configuration | |
|---|---|
| Name | Desired State Configuration |
| Developer | Microsoft |
| Initial release | 2013 |
| Repository | PowerShell |
| License | Proprietary |
| Website | Microsoft Docs |
Desired State Configuration is a management platform for declarative configuration and automation introduced by Microsoft as part of Windows PowerShell ecosystem. It enables administrators to define a target state for systems and enforce that state across servers, workstations, and cloud instances using composable resources and push/pull delivery models. DSC integrates with orchestration offerings and third-party tools to support configuration drift remediation, compliance auditing, and repeatable provisioning in enterprise environments.
DSC was announced by Jeffrey Snover and released alongside Windows PowerShell 4.0 to extend Windows Server management capabilities. It abstracts configuration intent into declarative artifacts that can be versioned with Git and integrated into pipelines such as Azure DevOps, Jenkins, and TeamCity. The system supports both Windows and cross-platform targets using PowerShell Core on Linux distributions and can interoperate with Microsoft Azure services like Azure Automation, Azure Resource Manager, and Azure Policy. DSC's design aligns with configuration management paradigms pioneered by tools such as Puppet (software), Chef (company), Ansible (software), and SaltStack.
Core components include the Local Configuration Manager (LCM), configuration documents, configuration nodes, and resources. The LCM runs on each target node and is implemented as part of Windows Management Framework; it interfaces with the Windows Management Instrumentation stack and Common Information Model (CIM) providers. Configurations are authored as PowerShell data and compiled into Managed Object Format (MOF) files consumable by the LCM. The DSC Pull Server pattern can be implemented with Windows Server roles or via services such as Azure Automation, and integrates with identity services like Active Directory and Azure Active Directory. Community and commercial resource modules are distributed via the PowerShell Gallery and package ecosystems such as NuGet and Chocolatey.
Resources encapsulate tasks like installing roles, managing files, or configuring services and are organized in modules. Microsoft-provided resources include roles for Internet Information Services, SQL Server integrations, and Hyper-V configuration; third-party and community modules address platforms like nginx, Docker, and Kubernetes. DSC configurations are authored in PowerShell script syntax and can leverage Desired State Configuration resources such as File, Service, Package, Environment, and Registry for Windows-specific state. Advanced scripting patterns incorporate PowerShell DSC custom resources, composite resources, and scripts that call into APIs from System Center Configuration Manager (SCCM), VMware, and cloud SDKs.
A typical workflow composes source control, build, and deployment stages: author configuration in Visual Studio Code with extensions, commit to GitHub, execute CI using Azure Pipelines or GitLab CI/CD, and publish MOF artifacts to a DSC Pull Server. Push mode uses PowerShell Remoting or WinRM to apply configurations directly; pull mode has nodes poll a server. Integration points include System Center products, Azure Automation State Configuration, and orchestration with Terraform and Pulumi (software). Auditing and reporting integrate with Log Analytics, Splunk, and Elastic Stack for telemetry and compliance dashboards.
DSC supports signed modules and configuration packages using certificate-based authentication and integrates with PKI infrastructures such as Active Directory Certificate Services and Azure Key Vault for secret management. Role-based access and change control are implemented through Azure RBAC, Group Policy, and source control practices using GitHub Enterprise or Azure Repos. DSC's enforcement model aids compliance frameworks like NIST SP 800-53, CIS Controls, and ISO/IEC 27001 by codifying secure baselines for Microsoft Exchange Server, SharePoint, and cloud instances. Auditing trails can be forwarded to Windows Event Forwarding and SIEM platforms for incident response with tools like Microsoft Defender for Identity and Azure Sentinel.
Enterprises use DSC for configuration drift remediation across Windows Server 2016, Windows Server 2019, and hybrid cloud infrastructures combining Microsoft Azure and on-premises datacenters running VMware vSphere and Hyper-V. Cloud-native teams employ DSC with Azure Resource Manager templates for infrastructure-as-code patterns and with Azure Automation for state configuration at scale. Industries adopting DSC include finance institutions using SAP integrations, healthcare providers running SQL Server, and government agencies aligning with FedRAMP controls. Vendors such as Cisco Systems, Hewlett Packard Enterprise, and Dell Technologies provide guidance and modules for hardware and firmware configuration.
Critics point to DSC's Windows-centric origins despite cross-platform efforts, complexity of authoring MOF-driven configurations, and a steeper learning curve compared to declarative YAML or JSON used by Kubernetes and CloudFormation. Some organizations find the ecosystem of modules uneven in quality compared to continuous configuration tools like Chef or Puppet Labs offerings. Operational limitations include challenges with state drift detection at scale, dependency management for composite resources, and integration gaps with emerging GitOps workflows popularized by Argo CD and Flux. Additionally, licensing and support expectations around Microsoft tooling can affect adoption versus open-source alternatives.
Category:Configuration management