Setting up RDP to a Windows Azure Instance: Part 2

In my last post, Setting up RDP to a Windows Azure Instance: Part 1, I explained how to setup Remote Desktop into the Cloud using Visual Studio 2010.

However, the cloud isn’t for Developers alone, we have to think of our IT Pro counterparts. This post will explain how to setup and configure RDP access to the Cloud without using Developer Tools.

Creating a Self-Signed Certificate with IIS7(.5)

1. Open IIS, Double-Click on Server Certificates.


2. In the Actions menu on the right, Select “Create Self-Signed Certificate…”.


3. Specify a Friendly Name for the Certificate.


4. Ensure the new Certificate has been created.


Using the Windows Azure Service Management API

So I said I was going to use the Service Management API and I am, however I am going to cheat a little bit by using the Windows Azure Service Management CmdLets [which is a convenient PowerShell Snap-in created by Ryan Dunn (@dunnry)].

Upload-Windows-Azure-Management-Certificate-For-APIBefore we can interact with the Service Management API we must upload a Management Certificate [which is similar to he process outlined in my previous post on Exporting and Uploading a Certificate to Windows Azure]. The Management Certificates are uploaded from within the Windows Azure Platform Portal as seen in this picture to the right.

Management Certificates are used by Visual Studio to interact with the Windows Azure Platform. The Management Certificate paired with the Subscription ID are used to Authenticate Access to the Windows Azure APIs.

Now that we’ve covered the Management Certificates, lets fire up the Windows PowerShell ISE.

Using the Windows Azure Service Management CmdLets

If you haven’t already done so download the Windows Azure Service Management CmdLets.

First you will have to tell PowerShell you would like to use the snap-in, use the following snippet of code to add the Azure Management Tools Snap-in.

Add-PSSnapin AzureManagementToolsSnapIn

If you’d like to list all the Commands that are included in the Windows Azure Management Snap-in simply execute this line of code:

Get-Command -PSSnapIn AzureManagementToolsSnapIn

We’re going to be using the Add-Certificate command to add a Certificate to our Hosted Service. First lets take a look at some of the examples of how to use this command by executing:

Get-Help Add-Certificate

As you can see there are a few options for running the Add-Certificate Command, I’ve chosen this format:

Add-Certificate -ServiceName RDP2Azure 
-CertificateToDeploy (gi <path-to-cert>\azurefest-RDP.cer) 
-Subscription ID ********-****-****-****-************ 
-Certificate (gi cert:\CurrentUser\My\<thumbprint>)

There are two “Certificate” Arguments which can be confusing especially when they accept different values. CertificateToDeploy is the newly created Certificate which will be used to encrypt the password for our RDP Connection, this argument accepts a file as a parameter. The Certificate argument is the Management Certificate that is being leveraged to Authenticate the transaction. When you run the Script the result should look like this:


You’ll also notice that the Certificate has been uploaded to the Windows Azure Platform Portal.


Configuring RDP in the Windows Azure Platform Portal

Now that we’ve created the Certificate needed to encrypt the RDP password, and we’ve used the Azure Service Management API to upload the Certificate to our hosted Service. Now it’s time to configure our RDP Connection in the Windows Azure Platform Portal.

RDP-To-Azure-ConfigureTo Configure our RDP Access, Select the Role you wish to configure the RDP access for. Then in the Ribbon check off the Enable checkbox, then click on the Configure Button in the Remote Access Group.


Set your username and password for the RDP Connection. Select the Certificate you wish to use to encrypt the password, then select an expiration date for the connection.

Once you’ve finished these steps you will be able to select an instance and Connect to the Cloud.

**Note: I’ll be creating one last entry to review the process of opening up the RDP File to gain access to an Instance running on Windows Azure.






This post was considered the IT Pro explanation for how to grant access to RDP in the Cloud. These skills are transferrable to Development as well if you don’t have Visual Studio.  I will create one final post which explains how to manually create the XML nodes that Visual Studio creates in the Cloud Service Configuration file auto-magically using it’s UI. This manual creation is intended for Open Source Developers or Developers that like to understand how the underlying pieces of the Visual Studio Tools Operate.

This post also appears on SyntaxC4's Blog.