Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
WINDOWS IN THE CLOUDFROM THE POINT OF VIEW OF A JAVA DEVELOPER USED TO LINUX AND MAC OSX, ON EC2
Linux in the CloudYour SSH public key is put into the instance metadataVM images have OpenSSH server installedBootstrap pa...
Windows in the Cloud?SSH is rare in the Windows worldRemote administration commonly done withRDP: Remote Desktop ProtocolW...
Wait, I need a mouse?Yes - you need to log in with an RDP viewer to doanything usefulOnce logged in, install better remote...
What’s the password?The cloud provider’s bootstrap software will:  randomly-generate a password  assign it to the Administ...
WinRM: WindowsRemote ManagementAn implementation of WS-Management: a DMTFstandard to remotely access and manage systemsand...
How to enable WinRM         If the remote host is running Windows Server 2003 R2, you will need to enable WinRM. As the Ad...
Finally: remotecommand executionConnectionOptions options = new ConnectionOptions();options.set(ADDRESS, "windows-box");op...
Turn it into an AMIIf you make an AMI at this point, it will be stuck with thesame password for each new instance you make...
Am I done yet?No... now you need to install the softwarepackages needed by your application.
Am I done yet?No... now you need to install the softwarepackages needed by your application.You are on your own from here!
Upcoming SlideShare
Loading in …5
×

Windows in the cloud

736 views

Published on

Windows in the Cloud, from the point of view of a Java developer who is used to Linux and/or Mac OSX, and who is using Amazon EC2.

Published in: Technology
  • Be the first to comment

Windows in the cloud

  1. 1. WINDOWS IN THE CLOUDFROM THE POINT OF VIEW OF A JAVA DEVELOPER USED TO LINUX AND MAC OSX, ON EC2
  2. 2. Linux in the CloudYour SSH public key is put into the instance metadataVM images have OpenSSH server installedBootstrap package will read the public key from instancemetadata, and add to VM user’s SSH authorized keys listSo you can immediately log in using your private key andwithout needing a password*providing your security group allows it! Easy!
  3. 3. Windows in the Cloud?SSH is rare in the Windows worldRemote administration commonly done withRDP: Remote Desktop ProtocolWith a new instance in a public cloud, this isyour only option, and is set up automaticallyBut other remote management features can beenabled later, or be part of an Enterprise cloud
  4. 4. Wait, I need a mouse?Yes - you need to log in with an RDP viewer to doanything usefulOnce logged in, install better remote managementtools that let you automateDifficult to script this part, especially from JavaAnd... you can’t log in to an RDP session with akey pairs like SSH. You need to get the password.
  5. 5. What’s the password?The cloud provider’s bootstrap software will: randomly-generate a password assign it to the Administrator account fetch the public key from the instance metadata encrypt the password with the public key store the encrypted data blob in the instance metadataThen you must: retrieve the encrypted data blob from the instance metadata decrypt the data using your private key to get the password (jclouds can help you with these steps) start RDP session and log in with the password
  6. 6. WinRM: WindowsRemote ManagementAn implementation of WS-Management: a DMTFstandard to remotely access and manage systemsand devicesIncludes Remote Shell functionality - goodThere’s a free Java client: overthere by XebiaLabs Runs something "Over there" - great!
  7. 7. How to enable WinRM If the remote host is running Windows Server 2003 R2, you will need to enable WinRM. As the Administrator user, go to theAdd/Remove System Components feature in the Control Panel and add WinRm under the section Management and Monitoring Tools. 1. On the remote host, as the Administrator user, open a Command Prompt and follow the steps below. 2. Configure WinRM to allow basic authentication: winrm set winrm/config/service/Auth @{Basic="true"} 3. Configure WinRM to allow unencrypted SOAP messages: winrm set winrm/config/service @{AllowUnencrypted="true"} 4. Configure WinRM to provide enough memory to the commands that you are going to run, e.g. 1024 MB: winrm set winrm/config/winrs @{MaxMemoryPerShellMB="1024"} 5. To use the WINRM_HTTP connection type, create an HTTP WinRM listener: winrm create winrm/config/listener?Address=*+Transport=HTTP 6. To use the WINRM_HTTPS connection type, follow the steps below: 1. (optional) Create a self signed certificate for the remote host by installing selfssl.exe from the IIS 6 resource kit and running the command below or by following the instructions in this blog by Hans Olav: C:Program FilesIIS ResourcesSelfSSL>selfssl.exe /T /N:cn=HOSTNAME /V:3650 2. Open a PowerShell window and enter the command below to find the thumbprint for the certificate for the remote host: PS C:Windowssystem32> Get-childItem cert:LocalMachineRoot | Select-String -pattern HOSTNAME 3. Create an HTTPS WinRM listener for the remote host using the certificate youve just found: winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="HOSTNAME"; CertificateThumbprint="THUMBPRINT"}For more information on WinRM, please refer to the online documentation at Microsofts DevCenter.Taken from the online documentation of Overthere - https://github.com/xebialabs/overthere
  8. 8. Finally: remotecommand executionConnectionOptions options = new ConnectionOptions();options.set(ADDRESS, "windows-box");options.set(USERNAME, "Administrator");options.set(PASSWORD, "secret");options.set(OPERATING_SYSTEM, WINDOWS);options.set(CONNECTION_TYPE, WINRM_HTTPS);OverthereConnection connection =Overthere.getConnection("cifs", options);try { connection.execute(consoleHandler(),CmdLine.build("type", "windowssystem32driversetchosts"));} finally { connection.close();}
  9. 9. Turn it into an AMIIf you make an AMI at this point, it will be stuck with thesame password for each new instance you make from itSo, “reseal” the VM, then create an AMI from it "C:Program FilesAmazonEc2ConfigServiceEc2Config.exe" -sysprepOn the first boot after “resealing”: New SIDs will be generated (Windows stuff) EC2 will generate a new, random passwordSo this AMI can be safely shared with everyone
  10. 10. Am I done yet?No... now you need to install the softwarepackages needed by your application.
  11. 11. Am I done yet?No... now you need to install the softwarepackages needed by your application.You are on your own from here!

×