Quick tip for all potential Azure Stack Cloud Operators

As you’d be aware, essentially the majority of the Azure Stack extended setup requires PowerShell. Not only does managing Azure Stack require PowerShell, it requires specific modules, tools and PowerShell profiles…

Oh, did I mention Azure Stack management requires PowerShell?

This is typically fine, but if you’re anything like me and tend to use your computer (desktop/laptop etc) for many different functions, managing PowerShell profiles and having them all aligned can be a bit of a pain.

I handle this by creating myself a dedicated Cloud Operator VM. This way no matter what I am doing, I’ll always be able to connect and manage my Azure Stack without any annoying issues.

In my environment, I have an external Hyper-V cluster which can access the Azure Stack endpoints. The decision was to deploy a Windows Server 2016 VM here and install the required management ‘bits’. This is also where I build/modify any scripts using Visual Studio Code… (This was a recent switch for me from ISE. I’m still coming to terms with it :) )

List of steps and tools to install:

  1. Deploy/Identify your Cloud Operator VM
  2. Configure WinRM for ERCS
  3. Install Azure Stack PowerShell modules
  4. Install Azure Stack Tools
  5. Verify connection to ARM Admin
  6. Verify connection to privileged endpoint
  7. Install Visual Studio Code

 

All Azure Stack sources for the required tasks: Install PowerShell for Azure Stack https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-powershell-install Download Azure Stack tools from GitHub https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-powershell-download Connect to Azure Stack with PowerShell as an operator https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-powershell-configure-admin Download and install Visual Studio Code https://code.visualstudio.com/download

Ok, let’s get cracking!

1. Deploy/Identify your Cloud Operator VM. I called mine CloudOperator… Yes, very creative I know Open-mouthed smile

Not that it’s required, but I went with 8 vCPU and 4GB of memory. I will likely drop the vCPU to 4 at some point but from my old PDT days having more threads mean things wen faster… Not so much with single PS scripts but I have plenty of spare processing so why not.

Up date your VM to the latest CU. 1810 was the most up to date at the time.

 

2. Configure WinRM for ERCS

Add the ERCS IP’s as WinRM trusted hosts. If you do not do this you will likely have difficulties connecting to the ERCS endpoints with ambiguous access denied errors.

winrm  s  winrm/config/client  ‘@{TrustedHosts=“10.61.11.224,10.61.11.225,10.61.11.226”}’

*adjust the IP addresses to suit your environment

 

3. Install Azure Stack PowerShell modules

The below is taken verbatim from docs. Have I mentioned how good they are these days at updating docs??

Uninstall-Module -Name AzureRM.AzureStackAdmin -Force
Uninstall-Module -Name AzureRM.AzureStackStorage -Force
Uninstall-Module -Name AzureStack -Force
Get-Module -Name Azs.* -ListAvailable | Uninstall-Module -Force

# Install the AzureRM.Bootstrapper module. Select Yes when prompted to install NuGet
Install-Module -Name AzureRm.BootStrapper

# Install & Import the API Version Profile required into the current session.
Use-AzureRmProfile -Profile 2018-03-01-hybrid -Force

Install-Module -Name AzureStack -RequiredVersion 1.5.0

*note: at the time of writing, I had to revert to a previous PowerShell profile and AzureStack module to install the SQL and MySQL resource providers (which were literally updated as I am writing this). Whist this is fairly easy to do, I save the different scripts to uninstall and install the appropriate profiles so they are on demand

Get-Module -Name "Azure*" -ListAvailable
Get-Module -Name "Azs*" -ListAvailable

 

4. Install Azure Stack Tools

# Change directory to the root directory.
cd \

# Download the tools archive.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
invoke-webrequest `
https://github.com/Azure/AzureStack-Tools/archive/master.zip `
-OutFile master.zip

# Expand the downloaded files.
expand-archive master.zip `
-DestinationPath . `
-Force

# Change to the tools directory.
cd AzureStack-Tools-master

 

5. Connect to Azure Stack

$adminARMEndpoint = "https://adminmanagement.region.domain.com"

Add-AzureRMEnvironment -Name "AzureStackAdmin" -ArmEndpoint $adminARMEndpoint

Add-AzureRmAccount -EnvironmentName "AzureStackAdmin"

Run Get-AzureRMResourceGroup and Get-AzureRMSubscription to demostrate you’re connected to Azure Stack

 

6. Connect to Azure Stack privileged endpoint

$CloudAdminCreds = Get-Credential

Enter the credentials used for the deployment (you know these right?)

Enter-PSSession -ComputerName $privilegedEndpoint `
    -ConfigurationName PrivilegedEndpoint -Credential $CloudAdminCreds

Run a get-command to see all you are allowed to do

Anything outside of this will fail… And I mean ANYTHING! …even a ping.

 

Enter Get-AzureStackStampInformation

[10.61.11.224]: PS> get-azurestackstampinformation
WARNING: The names of some imported commands from the module 'ECEClient' include unapproved verbs that might make them less discoverable. To find the
 commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

DeploymentID                   : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
OemVersion                     : 1.0.1805.1
PackageHash                    : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
StampVersion                   : 1.1809.3.96
InitialDeployedVersion         : 1.1808.0.97
Prefix                         : AzS
CompanyName                    : domain.com
ServerSku                      : Core
Topology                       : HyperConverged

<…>

TenantExternalEndpoints        : @{TenantResourceManager=https://management.region.domain.com/; 
                                 TenantResourceManagerCertificateMetadata=https://management.region.domain.com:30024/; 
                                 TenantPortal=https://portal.region.domain.com/; TenantHosting=https://*.hosting.region.domain.com/}
AdminExternalEndpoints         : @{AdminResourceManager=https://adminmanagement.region.domain.com/; 
                                 AdminResourceManagerCertificateMetadata=https://adminmanagement.region.domain.com:30024/; 
                                 AdminPortal=https://adminportal.region.domain.com/; AdminFrontdoor=https://adminmanagement.region.domain.com/; 
                                 AdminShellSite=https://adminportal.region.domain.com/; 
                                 AdminGallery=https://adminportal.region.domain.com:30015/; 
                                 AdminHosting=https://*.adminhosting.region.domain.com/}
IdentitySystem                 : AzureAD
ExternalDomainFQDN             : region.domain.com
ERCS VMs                       : {@{Name=AzS-ERCS01; HostName=AzS-Node04; IPAddress=10.61.11.224}, @{Name=AzS-ERCS02; HostName=AzS-Node03; 
                                 IPAddress=10.61.11.225}, @{Name=AzS-ERCS03; HostName=AzS-Node01; IPAddress=10.61.11.226}}
AD VMs                         : {@{Name=AzS-DC01; HostName=AzS-Node02}, @{Name=AzS-DC02; HostName=AzS-Node03}}

[10.61.11.224]: PS> exit

Save this info somewhere safe!

Remember to exit the remote session

 

Happy Cloud Operating Smile

Dan

Daniel Apps

Hi, I'm Daniel Apps — AI platform enthusiast, unapologetic infrastructure nerd, and dad to two small humans. I write about infrastructure, AI industry topics, and the real-world chaos of modern IT.

More about me →

s