If you use PowerShell on-premises, chances are good you use PSRemoting (or PowerShell Remoting). It allows you to manage systems using remoting tools like Enter-PSSession
and Invoke-Command
. When you move to Azure, you have similar tooling available when you enable Azure PSRemoting for your VMs.
Enabling Azure PSRemoting
With the Enable-AzureVMPSRemoting
cmdlet, Azure PowerShell configures the pieces necessary for running commands and code against target VMs in Azure, much like you do on-premises. To do this, it performs the following:
- Based on the Operating System, it ensures WinRM (Windows) or SSH (Linux) is setup.
- It ensures Network Security Group rules are in place to allow communication to the target, again based on communications type.
- For Linux VMs, it installs PowerShell core on the target system.
To enable your VMs for PSRemoting in Azure, you would run a command similar to these for windows and Linux VMs:
# Enable Windows VM
PS Azure:\> Enable-AzVMPSRemoting -Name 'vm-win-01' -ResourceGroupName 'azure-cloudshell-demo' -Protocol https -OsType Windows
# Enable Linux VM
PS Azure:\> Enable-AzVMPSRemoting -Name 'vm-lin-01' -ResourceGroupName 'azure-cloudshell-demo' -Protocol ssh -OsType Linux
Now you are ready to get to work!
Working with Remote Systems
Once you've established remoting, you can get to work running commands against your targets. Depending on how you need to do the work, you have a few options.
Invoke-AzVMCommand
This cmdlet is a wrapper around Invoke-Command
that allows you to run commands and script blocks against a remote system. Sometimes called 'Fan Out Remoting,' it allows you to perform 1: Many remoting, allowing you can perform the task, say get the Windows services running on a remote system, on 1 or more systems. This tooling is best used in a situation where you don't need to be providing continuous input such as when you are running commands in the shell.
Here is how you would use Invoke-AzVMCommand
to find the services starting with 'win' on a remote system:
PS Azure:\> Invoke-AzVMCommand -Name 'vm-win-01' -ResourceGroupName 'azure-cloudshell-demo' -ScriptBlock {get-service win*} -Credential (get-credential)
It works the same for Linux VMs:
PS Azure:\> Invoke-AzVMCommand -Name 'vm-lin-01' -ResourceGroupName 'azure-cloudshell-demo' -ScriptBlock {uname -a} -UserName michael -KeyFilePath /home/michael/.ssh/id_rsa
Enter-AzVM
With Enter-AzVm
, the cmdlet Enter-PSSession
is built into a function, so it works properly against target VMs, both Windows and Linux, in Azure. The Enter-AzVM cmdlet starts an interactive session with a single Azure VM. During the session, the commands that you type are run on the Azure VM, just as if you were typing directly on the Azure VM’s PowerShell console. This is perfect for those real-time ad-hoc scenarios.
Here's a typical scenario with Enter-AzVm
to a Windows VM:
PS Azure:\> Enter-AzVM -name 'vm-win-01' -ResourceGroupName 'azure-cloudshell-demo' -Credential (get-credential)
PowerShell credential request
Enter your credentials.
User: **************
Password for user demo-admin: *********************
[vmwin01.westus2.cloudapp.azure.com]: PS C:\Users\demo-admin\Documents> $hostname
[vmwin01.westus2.cloudapp.azure.com]: PS C:\Users\demo-admin\Documents> get-service Win*
Status Name DisplayName
------ ---- -----------
Running WinDefend Windows Defender Antivirus Service
Running WindowsAzureGue... Windows Azure Guest Agent
Running WindowsAzureNet... Windows Azure Network Agent
Running WindowsAzureTel... Windows Azure Telemetry Service
Running WinHttpAutoProx... WinHTTP Web Proxy Auto-Discovery Se...
Running Winmgmt Windows Management Instrumentation
Running WinRM Windows Remote Management (WS-Manag...
[vmwin01.westus2.cloudapp.azure.com]: PS C:\Users\demo-admin\Documents> exit
Azure:/
PS Azure:\>
One important note is that this method relies on your VMs having Public IP addresses and ports open to your VMs; it does not work for private IPs. This means SSH and WinRM are open ports. To resolve that, simply close them down when you when your done with Disable-AzVMPSRemoting
.
PS Azure:\> Disable-AzVMPSRemoting -Name vm-win-02 -ResourceGroupName azure-cloudshell-demo
When executed, the cmdlet will
- Remove the ports from the Network Security Group
- For Windows VMs, Remove PowerShell Remoting from Windows VMs and reset UAC
- For Linux VMS, Restore to original SSH Daemon Config & restart sshd service to pick the config
And that is all you need for connecting with Azure VMs using Powershell in Azure Cloud Shell.
Want to leave more about working with PowerShell in Azure Cloud Shell? Quickstart for PowerShell in Azure Cloud Shell
Don't have Azure and want to try this out? Grab a free subscription
Resources:
Updated Apr 11, 2019
Version 5.0Michael Bender
Microsoft
Joined August 07, 2018
ITOps Talk Blog
Follow this blog board to get notified when there's new activity