managing enterprise with powershell remoting
DESCRIPTION
TRANSCRIPT
JUNE 7-10, 2010 | NEW ORLEANS, LA
Managing Your Enterprise from a Single Seat: Windows PowerShell RemotingDon JonesSenior Partner and TechnologistConcentrated Technology, LLC
SESSION CODE: WSV319
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site,
www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC
IntroductionsMe: Don Jones, Concentrated Technology
Microsoft MVP Award recipientContributing Editor, TechNet MagazineAuthor of 45+ IT booksBlogger at http://ConcentratedTech.com
You: A Busy Windows AdministratorLooking to enable single-seat administrationComfortable with command-line tools and utilities
AgendaAbout PowerShell RemotingDeploying PowerShell Remoting1:1 Remote Shell1:Many “Fan-Out” RemotingSessionsImplicit Remoting
How Remoting WorksUtilizes WinRM v2
First shipped with PowerShell v2, installs with PowerShell v2Auto-starts on servers, but not on clients (consider configuring to auto-start)Communicates via HTTP or HTTPSDefault ports are not 80/443; ports can be customized
Applications register with WinRM as an endpointThis tells WinRM the application is thereWinRM must be configured to permit this (e.g., secure by default)
Also: WS-MAN (Web Services for Management) is the protocol name
PowerShell RequirementsPowerShell v2 only on both ends
Ships with Win7 and Win2008R2; downloadable for Win2003, Vista, WinXPMust explicitly enable WinRM, register PowerShell as an endpoint, on machine that will accept incoming connections
Run Enable-PSRemoting or Disable-PSRemoting (to disable)No configuration needed on computers that will initiate connections (e.g., where you are physically sitting)Remoting is a strong argument for deploying PowerShell v2 everywhere and enabling remotingRemoting can also be controlled via Group Policy object (download ADM template for Win2008 and Win2003; comes with Win2008R2)
Enabling Remoting
DEMO
1:1 RemotingThink “SSH” functionality – interactive remote command lineUse Enter-PSSession and computer name to startUse Exit-PSSession to “go home” and close the connection
Help for Enter-PSSession shows parameters for specifying non-default ports, alternate credentials, etc.
1:1 Remoting
DEMO
1:Many RemotingUse Invoke-Command with a list of computer names (many ways to provide that list)Specify a command in a –scriptblock {}, or specify a –file to run
Local files will be pushed out to the remote computer(s)-command is an alias for –scriptblockSeparate multiple commands with ; in the scriptblock
Throttled to 32 machines at once by default (can modify)Can specify alternate ports/credentials/etcRuns synchronously; use –AsJob to run as a background job
What Comes BackResults on the remote computers are serialized into XML for transmission across the wirePSComputerName property is added with the name of the computer each object came from (useful for sorting/grouping)XML is deserialized when received on your end, and turned back into objectsDeserialized objects are not “live;” they are snapshots, and do not contain methods (e.g., they’re static)Ran as a job? Use Receive-Job to get the results objects from the job (specify –keep to keep the results cached, or capture them into a variable or something)
1:Many Remoting and Jobs
DEMO
SessionsSpecifying –computerName with Invoke-Command or Enter-PSSession creates a session, uses it, and then closes itInconvenient if you want to connect to the same computer again and again, especially if you’re specifying ports/credentials/etcUse New-PSSession to create persistent connectionsConsumes memory/process (a tiny bit) on both endsUse Remove-PSSession to close connections; Get-PSSession to get a list of themPass session to –session parameter of Invoke-Command or Enter-PSSession to re-use the session
Sessions
DEMO
A Troubling ScenarioNew modules are shipping all the time – such as the ActiveDirectory module in Windows Server 2008 R2These modules often can’t be installed on older versions of WindowsThe trick is to have remoting enabled on a machine where the module can be run……and to use implicit remoting to make it look like that module is installed on your local computer
Implicit Remoting1. Use New-PSSession to create a session to the computer hosting the
module2. Use Invoke-Command with that session to tell the remote computer to
load the module into memory3. Use Import-PSSession to import the commands from that module to your
local computer (temporarily)• Specify a noun prefix if desired, to avoid overlap
4. Run commands, even ask for help on them5. Use Remove-PSSession to close the connection when you’re done
Implicit Remoting
DEMO
SummaryWinRM implements the WS-MAN service that makes it workEnable remoting on receiving machines onlyUse Enter-PSSession and Invoke-Command Persistent sessions with *-PSSessionImplicit remoting for easier access to remote modules
Any last questions?Windows PowerShell v2: TFM on sale in the TechEd Bookstore!
Track Resources
Resource 1
Resource 2
Resource 3
Resource 4
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
Related Content
Breakout Sessions (session codes and titles)
Interactive Sessions (session codes and titles)
Hands-on Labs (session codes and titles)
Product Demo Stations (demo station title and location)
Complete an evaluation on CommNet and enter to win!
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site,
www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC