Using Remote Desktop with Windows Azure and SDK 1.3

  • Article

Since the 1.3 Windows Azure SDK release, you can configure a Remote Desktop connection in order to connect to your instances running in the Windows Azure fabric. This feature was one of the most frequently requested, especially by developers, who will use it to facilitate diagnosing and troubleshooting applicatons running in Windows Azure.

Before rusing into the details, I wanted to clarify what was the use case for this feature: the idea here is not to offer a “workstation in the cloud”, but rather to allow remote connections for technical professionals (developers, system administrators) who need to troubleshoot or perform maintenance operations on applications. Using Remote Desktop to allow end-users to execute applications like Microsoft Office for example, is not a supported scenario today.

And now, let’s jump into the practical matters! Activating this feature is done using the Windows Azure publishing assistant in Visual Studio 2010. Once you have installed the SDK 1.3, you can launch the publishing assistant from the contextual menu on the Cloud Service:

image

And you will see this updated dialog, which allows you to enable Remote Desktop connections:

image

When you click on “Configure Remote Desktop connections”, you will see the following dialog:

image

After checking “Enable connections for all roles”, you will need to select, or generate, a certificate that will secure the connection. This certificate is different from the one you created and installed for publishing projects to Windows Azure from Visual Studio.

I will assume that you don’t have a certificate yet: select “Create” in the certificate selection drop-down menu. A dialog will ask you to type a name for the certificate; use something that will clearly distinguish this new certificate from the others, like “Windows Azure RDP” for example.

While you are in this dialog, enter a login and a password that you will use to connect remotely to the instances, and an expiration date for the remote desktop access.

You will now need to export your certificate, and then upload it into Windows Azure; here’s how:

In the certificate selection drop-down menu, once you have selected your certificate, click on “View…”

image

The standard certificate information dialog will now appear; click on the “Details” tab to access the “Copy to File…” button that will allow you to export the certificate.

image

In the wizard that appears, click on Next, and in the first dialog, choose '”Yes, export the private key”:

image

In the next dialog, select the option “PKCS 12 – .PFX” which is the format that Windows Azure expects in this case.

image

In the next dialog, enter a password to protect the certificate, and finally, in the last page of the wizard, enter the name of the file you want to export the certificate to, something like “WindowsAzureRDP.pfx”.

That was the hardest part! You will now use the new Windows Azure Management Console to upload the certificate. You will perform this operation from the “Hosted Services” screen, after having selecte the “Certificates” folder corresponding to the service where you will deploy your application. The next screen capture shows you what the screen should look like (click on the picture to see it full size):

image

You can now click on the “Add Certificate” button on the upper left to send the certificate you exported; the dialog looks like this:

image

You will need to select the .pfx file that was created above, and the password that you associated with the certificate.

Once the certificate has been uploaded, you need to finish the deployment operation that you started at the beginning of this post, by choosing the Hosted Service you just uploaded the certificate to. Once the deployment is finished, the Windows Azure console will light up the RDP icon (upper right) for all the instances in your application.

image

As you can see, this feature is not limited to the VM Role: here, I could connect via RDP to a Worker Role or a Web Role to inspect its configuration or troubleshoot problems with my application.

When you click on the Connect icon, choose to open the .rdp file that is sent to you. In the login box, you will enter the login and password that you defined when you enabled Remote Connections in the Windows Azure publishing assistant in Visual Studio.

image

If you want to learn more about how Windows Azure Roles work, and what you can expect to find when RDP’ing into one, you should watch Mark Russinovitch's PDC10 session, "Inside Windows Azure".