Using PowerShell Web Access to manage your Windows Azure Virtual Machines and everything else

PowerShell Web Access is a new feature of Windows Server 2012 which provides you a web-based PowerShell console. This diagram from the Deploy Windows PowerShell Web Access article on TechNet gives you a clear overview on how PowerShell Web Access works:

When you install the PowerShell Web Access feature you’re actually installing an IIS Web Application which acts as a gateway to your machines. The web application allows you to connect to a specific machine and the gateway will create a new PowerShell session through Remote PowerShell.

Let’s take a closer look at how you could use this in Windows Azure.

Setup PowerShell Web Access

In my current setup I have a Virtual Network which contains a few Virtual Machines and I’m simply creating a new Virtual Machine which will contain the PowerShell Web Access Gateway:

After that I simply joined the domain of my other Virtual Machines and that’s almost it. The last thing to do is simply start PowerShell and run the following script:

This will take a few seconds to execute, but after that the PowerShell Web Access gateway will have been configured on this new machine:

As you can see I’m allowing everyone to connect to every machine when calling Add-PswaAuthorizationRule. In a production deployment you’ll want to trim this down to the required users, machines and permissions.

In order to get access to the web interface from your own machine you’ll need to open up the HTTPS endpoint on the gateway. Simply create a new endpoint in the portal for port 443:

Connecting to a machine

Now that everything has been setup you can simply connect to the web application. Since my Virtual Machine (and Cloud Service) is called psgateway I can use the following url: https://psgateway.cloudapp.net/pswa. This will bring me to the login page:

On this page you’ll be able to enter the user account you want to use and which machine you want to connect to. For this example I’m simply connecting to the current machine (the gateway). That’s the reason why I called Enable-PSRemoting -force in the setup script. This will enable PowerShell Remoting on the gateway (localhost) which will allow me to connect to it. If you want to connect to a different Virtual Machine in the same Virtual Network you’ll need to enable PowerShell Remoting on that machine.

After logging in I get access to the PowerShell web console and I can do anything I want on that machine. If corporate proxies bother you from time to time (I’m a victim of corporate proxies myself), this could be the solution to remotely manage your Virtual Machines

Managing everything else in your account

Now this is great for managing Virtual Machines. But you could also (ab)use PowerShell Web Access to manage your complete Windows Azure account (like Web Sites, Cloud Services, Storage, …). So on the gateway I’ve installed the PowerhSell SDK and the Azure CLI (which you can download here). After installing these you’ll need to reconnect to your session. But once you’ve done that you have access to the full PowerShell SDK and the Azure CLI from within the browser!

Here is an example where I downloaded the publish settings file on the gateway and imported it in the PowerShell Web Access session. After importing it I’m able to use the PowerShell SDK in the browser.

And the same applies to the Azure CLI:

Enjoy!

About Sandrino Di Mattia

Sandrino Di Mattia is a Windows Azure Consultant at RealDolmen and a Windows Azure Insider. He lives and breathes Windows Azure.