Share via

Using Smartcards/CACs to Manage Windows Azure via Powershell

  • Article

Even though Windows Azure VM's can be managed from either the Azure Portal or Microsoft Azure PowerShell, some tasks can only be performed using Microsoft Azure PowerShell. In order to Manage windows Azure using PowerShell you must first prepare your workstation by completing the following:

  • Installing Microsoft Azure PowerShell

  • Importing the Azure Subscription Publish Settings File

  • Adding Azure Account

These steps are pretty straight forward, however you organization might require CAC/Smartcard authentication to Corporate resources so the following steps can be performed to utilize an existing Smartcard to authenticate to Windows Azure PowerShell.

Installing Microsoft Azure PowerShell

The easiest method for installing Microsoft Azure PowerShell is using the Microsoft Web Platform Installer. This installing will also install requirements like Microsoft .NET Framework 4.5. It can be downloaded from the following Link:

https://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409

 

  1. When prompted execute the WindowsAzurePowerShell.3f.3f.3fnew.exe click Run.

  2. At the Web Platform Installer 5.0 click Install.

  3. At the next pop-up select I Accept.

  4. At the next screen click Finish, then Exit.

Managing Management Certificates

Microsoft Azure is a Subscription based service. In order to Manage your subscription using a Smartcard, the Public Key of the Certificate must be uploaded using the Azure Portal. The first step in this process is extracting the Public Key from your Smartcard.

Extracting the Public Key

  1. Navigate to Start | Run.

  2. In the Open: section enter mmc then click OK.

  3. At the MMC navigate to File | Add/Remove Snap-in.

  4. In the Left-Column select Certificates then click Add.

  5. At the Certificates snap-in pop-up windows select My user account then click Finish then OK.

  6. Insert your Smartcard into the Smartcard Reader.

  7. In the Left-Column expand Certificates – Current User | Personal and right-click Certificates and select Refresh.  (At this point your Smartcard Certificates should be visible)

  8. In the Right-Column right-click the Certificate being exported and select All Tasks | Export.

  9. At the Welcome to the Certificate Export Wizard select Next.

  10. At the Export Private Key screen click Next.

  11. At the Export File make sure Base-64 encoded X.509 (.CER) is selected then click Next.

  12. At the File to Export screen enter C:\Smartcard.cer under File name: then click Next then Finish.

Uploading the Certificate

Once we have successfully exported the Public Key of our Smartcard we need to upload it to the Azure Portal for usage with our Subscription. This can be accomplished by completing the following steps:

  1. Navigate to the Azure Portal and Login

     

    https://manage.windowsazure.com

     

  2. At the Microsoft Azure screen enter your logon account then click Continue.

  3. At the next screen select Microsoft account.

  4. At the Sign in screen enter your password then click Sign in.

  5. In the Left-Column scroll down and select SETTINGS.

  6. Under the Middle-Column under Settings select MANAGEMENT CERTIFICATES then on the bottom toolbar click UPLOAD.

  7. At the Upload a management certificate pop-up click FILE then navigate to C:\Smartcard.cer then click Open and click on the OK Checkbox.

    (Note:  Stay logged in to the Portal.  This will prevent you from having to re-enter your credentials for the next step.)

Downloading the Azure Publish Settings File

The Azure Publish Settings File contains the following information about your Subscription:

  • ServiceManagementURL

  • ID

  • Name

  • All Management Certificates Uploaded in the Azure Portal

The Azure Publish Settings file can be downloaded by using the following steps:

  1. Launch Microsoft Azure Powershell.

  2. At the prompt, enter the following command:

     

    Get-AzurePublishSettingsFile

     

  3. At the File Download select the Save pull-down menu and then select Save as.

  4. At the Save As pop-up enter a name for the file then click Save (Subscription.publishsettings)

 

Modifying the Azure Publishing File

By default the Azure Publishing File contains the Public Key for the default Management Certificate created with the Azure Subscription. The steps below can be used to modify the Azure Publishing File to utilize your Smart Card Certificate Public Key:

  1. Navigate to the location that you saved your Public Key (C:\Smartcard.cer).

  2. Right-click the c:\Smartcard.cer and select Open with, then select Notepad.

  3. Select and Copy the Public Key of your certificatesection between the -----BEGIN CERTIFICATE-----  and ----- END CERTIFICATE -----

  4. Navigate to the location that you saved the AzurePublishSettingsFile.

  5. Right-click the AzurePublishSettingsFile and select Open with then select Notepad.

  6. Locate the ManageCertificate= section and paste your copied Public Key then Save the File.

 

Connecting to and Manage your Azure Publish Subscription

Now that we have successfully uploaded our Management Certificate and downloaded our Azure Publish Settings File, we can now successfully connect to our Azure Subscription using the following steps:

  1. Launch Microsoft Azure Powershell.

  2. At the prompt, enter the following command:

     

    Import-AzurePublishSettingsFile –PublishSetingsFile MySubscription.publishsettings

     

  3. Test your newly Imported Certificate by issuing the command below:

     

    Get-AzureVM

     

If everything is configured correctly a list of all of your Azure VM’s will be returned. J

 

Enjoy

-Elliott