Summary: Microsoft senior technical evangelist, Keith Mayer, talks about remoting the cloud with Windows Azure and Windows PowerShell.
Microsoft Scripting Guy, Ed Wilson, is here. Today we have guest blogger, Keith Mayer.
Keith Mayer is a senior technical evangelist at Microsoft focused on Windows infrastructure, data center virtualization, systems management, and the private cloud. Keith has over 20 years of experience as a technical leader of complex IT projects in diverse roles, such as network engineer, IT manager, technical instructor, and consultant. He has consulted and trained thousands of IT professionals worldwide regarding the design and implementation of enterprise technology solutions. You can find Keith online at http://KeithMayer.com.
Windows Azure Infrastructure Services provides the ability to easily provision or migrate storage, virtual machines and virtual networks onto the global Windows Azure cloud platform by using a cost-effective Pay-As-You-Go model.
In my prior Weekend Scripter post, Getting Started with Windows Azure and PowerShell, I provided an introduction to Windows Azure, and we stepped through an initial set of Windows PowerShell snippets for connecting to the cloud and provisioning new resources.
In this post, we’ll continue our journey into the cloud by leveraging Windows PowerShell remoting to configure the operating system and applications running inside our new Windows Azure virtual machine. We’ll step through the following tasks:
- Installing a management certificate
- Establishing a remote Windows PowerShell session to a virtual machine
- Invoking remote Windows PowerShell script blocks to a virtual machine
Note To learn more about the basics of Windows Azure Infrastructure Services, you may also be interested in the our following step-by-step guides. Both are free online study resources that provide hands-on lab exercises for leveraging Windows Azure and building key IT pro cloud scenarios.
- Early Experts Challenge—Cloud Quest: Build a multi-virtual machine Windows Server 2012 virtual network environment in the cloud on Windows Azure
- Windows Azure Cloud Labs: Build key IT pro scenarios in the cloud by using Windows Azure Infrastructure Services
Installing a management certificate
When we provisioned our new virtual machine in the prior post, Windows Azure automatically created two default firewall endpoints that allow selective inbound network traffic from the Internet to manage it:
- Remote Desktop Services
- Windows PowerShell
You can view these default endpoints, and optionally define additional firewall endpoints, by signing in to the Windows Azure Management Portal and navigating to the Endpoints property page of a provisioned virtual machine.
Endpoints Property page of a Windows Azure virtual machine
The Windows PowerShell endpoints permit inbound Windows PowerShell remoting connections to our virtual machine from the public Internet, but these connections require authentication to maintain security. In this case, Windows PowerShell remoting uses certificates to authenticate remote connections.
When our virtual machine was provisioned, a new management certificate was also created in Windows Azure for authenticating this connection. We can see the certificate information associated with our virtual machine by using the following Windows PowerShell script:
$myService = “pslabvm01”
Get-AzureCertificate –ServiceName $myService
After running this script, you’ll see results similar to what I’ve included here:
Get-AzureCertificate cmdlet output
To authenticate to a remote Windows PowerShell session by using this certificate, we’ll need to first install this certificate on our local computer. To simplify the process of downloading and installing this certificate, Michael Walsham has created a Windows PowerShell script that creates a function to perform these steps.
Download this script to continue with the process:
After downloading this script, we’ll run the script to create a new function that we’ll then use to download and install the necessary management certificate for authenticating to a remote Windows PowerShell session.
Tip! To successfully run the next set of commands, confirm that you’ve launched Windows PowerShell by using the Run AsAdministrator option. In addition, because the referenced script was downloaded from the Internet, you may find that you need to adjust your Windows PowerShell policy to permit it to run locally. If needed, you can temporarily change your Windows PowerShell policy to Unrestrictedby running Set-ExecutionPolicy Unrestricted.
. .\InstallWinRMCertAzureVM.ps1
$myService = "pslabvm01"
$myVM = "pslabvm01"
InstallWinRMCertificateForVM -CloudServiceName $myService -Name $myVM
Tip! If you’ve forgotten the names that are assigned to your virtual machine and cloud service, you can use the Get-AzureVM cmdlet to retrieve these names.
If these command lines are successful, you’ll receive a message similar to the following, and then be returned to the Windows PowerShell command prompt:
Establish a remote PowerShell session to a virtual machine
Now that we’ve installed the management certificate needed to authenticate remote Windows PowerShell sessions, we’re ready to test establishing a connection to a virtual machine.
First, we’ll need to know the connection path to establish the remote session. We can identify the appropriate connection path using the Get-AzureWinRMUri cmdlet and store it in a variable for later use:
$uri = Get-AzureWinRMUri –Service $myService –Name $myVM
Next, we’ll need to specify the user name and password credentials for authenticating as the local Windows administrator account to the operating system running inside the virtual machine. We can use the Get-Credential cmdlet to prompt us for this information and store it in another variable for later use:
$cred = Get-Credential
We know where we’re connecting (stored in the $uri variable), and we know the credentials we’re using to authenticate to Windows (stored in the $cred variable), so now we can test the process for connecting to a remote Windows PowerShell session in the virtual machine. We’ll use the Enter-PSSession cmdlet to connect with an interactive remote Windows PowerShell session to test this process:
Enter-PSSession –ConnectionUri $uri –Credential $cred
If all is successful, after a few moments you’ll see a new remote Windows PowerShell command prompt session that is connected to the virtual machine:
From this remote Windows PowerShell session, you can interactively run remote Windows PowerShell script blocks. When you are finished, you can run the Exit command to return to your local Windows PowerShell session:
Exit
Invoke Remote PowerShell script blocks to a virtual machine
We’ve successfully tested the process for establishing Windows PowerShell remoting connections to a virtual machine. To leverage this new remote management capability for configuring the operating system and applications inside the virtual machine, I typically use the Invoke-Command Windows PowerShell cmdlet. Invoke-Command permits us to execute a Windows PowerShell script block in a non-interactive form that is useful when running configuration commands from within a larger script.
To use Invoke-Command, we’ll use the following syntax:
Invoke-Command –ConnectionUri $uri –Credential $cred –ScriptBlock { script block to execute remotely }
For example, to automate the install of the Web Server (IIS) role inside a virtual machine, we could use the following command:
Invoke-Command -ConnectionUri $uri -Credential $cred -ScriptBlock {Add-WindowsFeature Web-Server}
To confirm that the Web Server (IIS) role was successfully installed, we can use a similar command that remotely invokes the Get-WindowsFeaturecmdlet:
Invoke-Command -ConnectionUri $uri -Credential $cred -ScriptBlock {Get-WindowsFeature}
Of course, the script blocks could be much more complex, if needed, to install and configure several roles or applications that are required by the virtual machine. In future posts, we’ll be leveraging this base knowledge to automate the provisioning of complete cloud scenarios.
Congratulations! But keep learning!
You’ve completed the process for configuring and using Windows PowerShell remoting with a cloud-based virtual machine on Windows Azure Infrastructure Services! Now that you’ve walked through the basic steps involved in using Windows PowerShell remoting with Windows Azure Infrastructure Services, leverage these additional resources to continue your learning:
- Early Experts Cloud Quest: Build a multi-virtual machine Windows Server 2012 virtual network environment in the cloud on Windows Azure
- Windows Azure Cloud Labs: Build key IT pro scenarios in the cloud by using Windows Azure Infrastructure Services
- Windows Azure PowerShell Module Tutorials: Complete these advanced tutorials about using the Windows Azure PowerShell Module to manage virtual machines and virtual machine images
~Keith
Thank you, Keith.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy