Task automation via scripting languages has existed for a long time where automation needs have been handled with batch, VBScript and more recently PowerShell scripts. For non-Windows administrators bash and similar scripting languages have been of essence. No matter the maturity of an organization’s IT, scripting still forms the backbone of many IT departments, with many businesses silently depending on such scripting knowledge.
This expert knowledge is critical for organizations and is especially invaluable in situations whereby the author of a script leaves the company (sometimes without handover), or when the author’s focus has changed internally – leaving them unable to support others running these scripts. Often, the consumers of these scripts do not really require deep technical backgrounds in writing script. For example, a Helpdesk Analyst may need to run a specific script written by a Level 3 Admin or Engineer to achieve a pre-defined task and doesn’t necessarily need to know the entire code behind it.
This brings our scenario to one of the hidden problems in the IT world that lacks a straightforward answer. There is a need for a solution that can consolidate all the knowledge of these scripts within an organization, without having to understand the technical complexities every time scripts are run by people who may need them. Moreover, System Admins today regularly face security challenges such as lateral movement and living off the land attacks. This means options such as leaving credentials in the scripts, endpoints, or variables are very limited. This restricts the scalability of scripting for many administrators. Since the pandemic, these challenges have become multi-dimensional now that IT departments are supporting a long-term base of remote devices.
Simple Tools, Simple Solutions
What if we could take the complexities and challenges that surround scripting and transform them into ‘simple to use’ human language phrases. Simple tools that could understand the specific format scripts are written in without needing to know the technical details underneath.
1E Tachyon provides a simple to use ‘Google-like’ interface where a simple human language Instruction can be typed and run. In the backend, the Instruction will call out any scripts (if you have provided) and then this is sent to all devices in scope that you have chosen to run the Instruction against. This brings back results of the Instruction (and thereby the script) in real time
1E Tachyon Explorer: Google for your Infrastructure
To help you get started, 1E Tachyon comes with a list of pre-defined instructions which are easy to use as well as regularly released material on the Tachyon Exchange in the form of Product Packs.
In addition, Tachyon provides administrators the ability to write their own instructions using Tachyon’s integrated development environment called TIMS (Tachyon Instruction Management Studio):
1E Tachyon Instruction Management Studio (TIMS)
Based on the Tachyon Agent language, SCALE (Simple Cross-platform Agent Language for Extensibility), an admin can simply import scripts into a Tachyon Instruction as a resource to the Instruction. We refer to this as ‘Instruction Resource’ in 1E Terminology. Irrespective of the type of script (VB, Powershell, bash, etc.), it can be turned into a ‘simple to use’ question such as “Get me the results for X from my entire infrastructure” and get a response in a matter of seconds. Sound too good to be true? It gets better.
The 1E Modules and Methods reference provides a rich library of functions that can be performed faster than most of these scripts. This is because 1E’s SCALE language functions are computationally faster to interpret on the endpoint via the 1E Client. This is when compared to running a WinRM or WMI script, which needs to call its interpreter and then share results. There are other underlying language specific properties that impact script execution, which is a topic for another blogpost (Yes, I plan on writing that soon!). Alternatively, if you do not find a good function match for your hard written scripts, you can simply use the platform as a Task Automation runner for your scripting engine of choice.
Let’s take an example PowerShell script that is provided as a payload to an Instruction in TIMS:
TIMS with a Script as a Payload
- Step 1 is to click on ‘Import Resource’ and attach your script.
- Step 2 is to click the ‘Import snippet to download and execute’ which will automatically write the code to download and use the script for your Instruction as the name implies.
- Step 3 is to then tell the Instruction to run the script as it is using ‘Scripting.Run’ function which is a native SCALE function.
Let’s zoom in a bit further:
When you click on ‘Import resource’ and provide a script, it will show you the following details:
Here you can define the ‘Platform’ to choose the OS…
…and the ‘ResourceType’ to choose the Interpreter that your script is going to call out.
In addition, a SHA-256 hash is generated for your script for a script integrity check. You also have the options to ‘Update this resource’ to update future versions of your script and continue to use the same Instruction.
Once the Instruction Code is added, you will next populate the Instruction properties to the right.
This includes information such as the author, comments, description, instruction type (or question for our purpose) and most importantly the ‘ReadablePayload’ – which is where you put the human language equivalent so that other people can search for this Instruction to show in the Tachyon Explorer.
Here, Scripting.Run – which is a native SCALE function – is used to run a PowerShell script. The PowerShell execution policy is also updated for the script run time and can be reverted – yay Security! You can optionally add parameters to a script and provide those here in case these will be required. Here’s an example of what a script that needs parameters looks like:
You can define a ’Parameter’ with a ‘Hint Text’ that will be shown in Tachyon Explorer to guide a user when using the Instruction. Then add details for ‘Data Type’, ‘Default Values’, etc. as shown in the screen.
When you are all set, test run to check the Instruction, Schema, workflow, and code signing certificate in the TIMS environment. This makes it easier when testing an Instruction on your representative endpoint, before you make the Instruction available to consumers of your script in the wider environment.
Now, you can forget about having to run the scripts for everyone who needs it and focus on more important tasks in your life – OR play golf if that’s your thing!
Which scripts can I automate to a Tachyon Instruction?
There’s no format limit and 1E Nomad makes the size of the script irrelevant as it can handle any content size for distribution of resources.
The script is turned into ‘human readable language’ and the Instruction carrying the script is run in real-time on all endpoints in scope. Pre-requisite checks can be added to ensure the script succeeds, all responses are centrally available, and https communication, script hash, and cert based authentication means the script is run securely. Also, the script is distributed to the endpoints and run in parallel on all endpoints instantly without dependency on any systems in between. This architecture allows the endpoints to respond back directly to the Tachyon Explorer interface. This means the computation speed is the fastest based on your environment and this is highly scalable over any network type such as VPN, LAN, WAN Or Internet based clients.
What if I want the Instruction to be available only to certain specific departments?
1E Tachyon provides full RBAC and Management Groups which will help you provide specific Instructions only for approved people on their scope of devices.
What transport mechanism do you use to transfer the script?
How to decide if it’s better to use an existing script OR re-write it using Tachyon SCALE language?
Most of the native 1E Tachyon functions and modules will beat a traditional script in complexity and speed. You can simply pick running your script as a resource in TIMS and compare it to a native Tachyon function. If you need help, please contact your dedicated Solutions Expert who will help you achieve the outcomes.
Can I performance test my Instruction to be sure of the impact on the endpoint?
Yes, TIMS can be installed on your preferred representative system to performance test the Instructions. Further information here.
Does the 1E Tachyon solution depend on Scripts?
Not at all. 1E Tachyon can fully provide automation and remediation capabilities through its native SQL lite like language called SCALE. So, in case script execution is prohibited in your environment, you are covered with 1E Tachyon.