Use PowerShell Remoting to Manage Azure VMs

In my article, Use PowerShell Remoting to Manage SQL Server Efficiently, I talked about managing your servers using PowerShell remoting. I love the speed and efficiency this technology brings to the process of managing servers, so I thought it important to discuss how to use that same technology to manage your Azure virtual machine (VM) servers.

Once you've created an Azure VM (see, Create a New Azure VM with PowerShell), you can use a couple of Azure cmdlets to get the certificate generated for that VM. You'll use that certificate to gain remote access to the VM by installing the certificate in your local certificate store.

To begin, you use the Get-AzureVM cmdlet to get the virtual machine object for our target VM.  That object has a property called VM, which is a Microsoft.WindowsAzure.Commands.ServiceManagement.Model.PersistentVM object, and that PersistentVM object has a property called DefaultWinRMCertificateThumbprint. You supply the contents of that property to the -Thumbprint argument of the Get-AzureCertificate cmdlet to get the X509 certificate for your VM.

$vm = Get-AzureVM -ServiceName $mySrvNm -Name $myVmNm$myVmCert = $vm.VM.DefaultWinRMCertificateThumbprint$myX509cert = Get-AzureCertificate -ServiceName $mySrvNm -Thumbprint $myVmCert -ThumbprintAlgorithm sha1

Once you have the certificate, you need to send it to a file, but you don't need a permanent file, so you'll create a temporary file and write the contents of the cert's Data property to that file.

$certtf = [IO.Path]::GetTempFileName()$myX509cert.Data | Out-File $certtf

Now, you can create a new X509Certificate2 object using that temp file. You'll open the local cert store, and add the certificate to the store, and then remove the temporary file.

$VMCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certtf$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)$store.Add($VMCert)$store.Close()Remove-Item $certtf

With the VM's certificate in the local cert store, you now have a trust established with the VM. With that done, you can use the Get-AzureWinRMUri to get the URI of our Azure VM.  You'll also use the Get-Credential cmdlet to store the login credential for our administrative account so you can use that for multiple tasks. Note that if I've added the Azure VM to the local domain, you can use your domain credentials to access the VM instead of the VM-specific login.

$uri = Get-AzureWinRMUri -ServiceName $mySrvNm -Name $myVmNm $cred = Get-Credential AVMSQL01myavmadmin

Using the same scripts you use with your local domain servers, you can now just as easily manage your Azure VMs by supplying the $uri variable to the -ConnectionUri argument and the $cred variable to the -Credential argument of the Invoke-Command cmdlet.

Invoke-Command -ConnectionUri $uri -Credential $cred -filepath .get-topmemoryprocess.ps1Invoke-Command -ConnectionUri $uri -Credential $cred -scriptBlock { gwmi -query 'select * from Win32_LogicalDisk where DriveType=3' }Invoke-Command -ConnectionUri $uri -Credential $cred -FilePath .get-databaseinfo.ps1 -ArgumentList AVMSQL01Invoke-Command -ConnectionUri $uri -Credential $cred -FilePath .scan-errorlog.ps1 -ArgumentList AVMSQL01

These scripts bring you back information on memory usage by process for the server, the amount of disk space total and available, the databases and their properties, and the errors in the errorlog for the servers.

The ability to use remoting to manage your servers is critical to minimizing the time it takes to make sure everything's running smoothly, so you can focus on the problems that are impacting the business.