Monday, February 09, 2015

Another Way to Access Azure VMs with PowerShell

In a blog post over the weekend, I demonstrated how you can access an Azure VM from an on-premises workstation using PowerShell. To summarise this approach: you first need to trust the management certificate provided to the VM by Azure, then use Enter-PSSession using the DNS name of the service, the port opened for PowerShell management endpoint and explicitly requesting SSL. While it took me a bit of time to work all this out (getting the cert downloaded was my biggest initial stumbling block), the approach is fairly simple.

But, like almost everything in PowerShell, it seems, there is yet another way to do this. No sooner had I posted that blog article when I got a tweet:

image

And – the answer was, at that point, no. I'd not noticed that cmdlet! I don't know all of then circa 500 cmdlets (yet)! But it was a nice prod to take a look. Johan's suggestion was a good one as the coding is simpler. Using both methods, you need to create a credential object to pass to the remote machine (specifying the UserID you created when you first created the Azure VM, or some other administrator you have created on the remote Azure system). And you need to trust the certificate the Azure machine presents when negotiating SSL between your client system and the Azure server. Once you have those two done, then you can   enter the PSSession like this:

$PshEP = Get-AzureVm cookhamlo | Get-AzureEndpoint  |
        
Where name -eq 'PowerShell'
Enter-PsSession -ComputerName $VmName -Port $PshEp.Port –Credential
         $VmCred –UseSSL

Using Johan's suggestion, the coding would look like this:

$Azuri = Get-AzureWinRmUri -ServiceName $VmName                   
Enter-PsSession -ConnectionUri $Azuri.AbsoluteUri -Credential $VmCred

Having tried them, both approaches work perfectly fine (assuming you have a valid credential object and trust the remote system's management port certificate).  both approaches work, but it feels like the second approach to be easier.

No comments: