Lately I have been on a PowerShell kick. Call it a resolution if you like, but getting to know PowerShell better is definitely something I am looking forward to in 2012. The biggest reason for this is the deployment of Microsoft Exchange 2010 in my organization. During the testing of configuration and the dogfooding of the application with my mailbox, I came to quickly realize that Microsoft wasn’t kidding when they said things were headed toward PowerShell.
Remote Systems Management is built into PowerShell (and has been beefed up in v2 from what I can tell) and this allows me to do things like see the processes running on a remote system. No problem, just ask PowerShell to get the list by sending Get-Process -computername RemotePC and, whamo, the list appears. Other commands for managing things like services and even restart-computer can be great tools in managing remote systems if you are on the same network.
Remote Systems Management
If I am not on the same network as the computer I am managing, there is always the VPN route. I can VPN into a computer on the network and get into PowerShell and do whatever needs to be done. This way works great, but I have some Unix friends who are all about the command line all the time, using Secure Shell (SSH) to access devices and systems for command line based management. What if there was a way to use SSH with PowerShell and get a bit of both worlds?
Guess what? There is just such a tool. It’s called PowerShell Server and made by /n Software.
The PowerShell Server comes in a few flavors based on the number of concurrent connections you need. Since I am using this application to help me learn PowerShell, but my Windows PC is on the blink and the Mac is not terribly PowerShell friendly (without help), the single concurrent connection for the cost of Free works out pretty well for me.
The table below outlines the versions of the application and their cost:
|Free Personal Edition – 1 Concurrent connection||
|5 Connection License – Single Server, 5 Concurrent Connections||
|25 Connection License – Single Server, 25 Concurrent connections||
|100 Connection License – Single Server, 100 Concurrent Connections||
|Unlimited Connection License – Single Server, unlimited connections||
|Site or Enterprise License – Multiple Machines and other connections||
Call for Quote
The reason I like the tool so much over the few days I have been playing with it is that it can be exposed and available from anywhere. This way, my isolated box on which to learn PowerShell can be accessed from anywhere I happen to be.
I downloaded the free version of PowerShell Server and configured it on a Windows 2008 R2 VM and it automatically listens on TCP port 22 allowing SSH clients to connect to the service. To keep it running and out of the way, it also can be set to load itself as a Windows service, which is as painless as a check box.
On the initial screen (shown in Figure A) the connection log is displayed as well as the option to run as a Windows service. From the top of the console window you can start, stop, or restart the service.
On the Connection tab, you can specify the port to use, choose a login banner, and select if the application should support tunneling and/or secure copy.
The server key tab is where you can configure certificates for the service to use, helping to better secure logons to the application via SSH. You can generate a certificate or use a third-party option.
Next, you specify security; this can be done using a Windows group and is configurable unless running the free version of PowerShell Server. If you are using the free version, the built-in Administrators group is used for security when using Password or GSSAPI authentication (password is the default). You can also be authenticated by public key certificate if your organization supports (or requires that).
The last tab on the console is the Other tab. Here you specify the location of a log file and what mode to use for logging:
- Info – informational only
- Error – log errors
- Warnings – log Warnings
- Verbose – keep detailed logs
- Off – do not log
In addition, you can specify if PowerShell profiles should be used when connecting, this can be handy if you have built a profile for yourself to map certain PS Drives or create certain variables. Enabling this allows their use via SSH as well.
You can also enable impersonation, which allows the runspace for PowerShell to impersonate the user that is authenticated. It is enabled by default and if you disable it, the account that started the PowerShell server will maintain the runspace.
So why use this application?
Using a service like PowerShell Server allows one point of connection from any SSH capable device for those who need to manage a Windows environment with PowerShell. I can connect to one environment and maintain one profile and remotely manage the systems I need.
In testing this via SSH, I connected using three clients:
- Putty from the internal network, which connected immediately after the server was running
- Secure CRT from outside my network on a Macbook; the coolest part of this was being able to use a native Mac experience and run PowerShell commands against my test environment.
- Prompt for the iPad*. This was a rather interesting idea, using SSH on the iPad to run PowerShell, making it handy for times when traveling light.
(*I did need to obtain a hotfix for the application to get the iPad to connect; the download link for that hotfix is here.)
If you are getting into PowerShell or want to increase the reach of your systems management using PowerShell, check out PowerShell Server. I have a feeling you will not be disappointed.