DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Optimizing Integration Workflows With Spark Structured Streaming and Cloud Services
  • AI-Based Threat Detection in Cloud Security
  • Mastering Advanced Traffic Management in Multi-Cloud Kubernetes: Scaling With Multiple Istio Ingress Gateways
  • Cloud Cost Optimization for ML Workloads With NVIDIA DCGM

Trending

  • Enhancing Security With ZTNA in Hybrid and Multi-Cloud Deployments
  • Understanding and Mitigating IP Spoofing Attacks
  • It’s Not About Control — It’s About Collaboration Between Architecture and Security
  • Customer 360: Fraud Detection in Fintech With PySpark and ML
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Cloud Automation with WinRM vs SSH

Cloud Automation with WinRM vs SSH

By 
Sharone Zitzman user avatar
Sharone Zitzman
·
Mar. 19, 14 · Interview
Likes (0)
Comment
Save
Tweet
Share
25.4K Views

Join the DZone community and get the full member experience.

Join For Free

[Article originally written by Barak Merimovich.]

Automation the Linux Way

In the Linux world SSH, secure shell, is the de facto standard for remote connectivity and automation for the purpose of logging into a remote machine to install tools and run commands.  It's pretty much ubiquitous, runs across multiple Linux versions and distributions, and every Linux admin worth their salt knows SSH and how to configure it.  What's more, it's even the default enabled port on most clouds - port 22.

An important feature available with SSH is support for file transfer via its secure copy protocol - AKA SCP, and secure file transfer protocol - AKA SFTP.  These are a built-in part of the tool or exist as add-ons to the protocol that are almost always available.  Therefore, using SSH for file transfer and remote execution is basically a given with Linux, and there are even tools to support SSH clients available for virtually every major programming language and operating system.

WinRM in a Linux World

So what comes out-of-the-box with Linux, is less of a given with Windows.  SSH, obviously, is not built in with Windows; over the years there have been different protocols attempting to achieve the same functionality, such as Secure Telnet and others, however to date, none have really caught on.  From Windows Server 2003, a new tool called WinRM - windows remote management, was introduced.  WinRM is a SOAP-based protocol built on web services that among other things, allows you to connect to a remote system, providing a shell, essentially offering similar functionality to SSH. 

WinRM is currently the Windows world alternative to SSH. 

The Pros

The advantage with WinRM is that you can use a vanilla VM with nothing pre-configured on it, with the only prerequisite being that the WinRM service needs to be running. EC2, the largest cloud provider today, supports this out-of-the-box, so if you want to run a standard Amazon machine image (AMI) for Windows, WinRM is enabled by default.  This makes it possible to quickly start working with a cloud, all that needs to be done is bring up a standard Windows VM, and then it's possible to remotely configure it - and start using it.

This is very useful in cloud environments where you are sometimes unable to create a custom Windows image or are limited to a very small number of images and want to limit your resource usage.

The Challenges

Where SSH has become the de facto protocol with Linux, WinRM is far less known tool in the Windows world, although it does offer comparable features as far as security, as well as connecting and executing commands to a remote machine.

The standard tool for using WinRM is usually PowerShell, the new Windows shell that is intended to supersede the standard command prompt.  To date though, there are still relatively few programming languages with built-in support for WinRM, making automation and remote execution of tasks over WinRM much more complex. 

To achieve these tasks, Cloudify employs PowerShell itself, as an external process to act as a client library for accessing WinRM.  The primary issue with this, however, is that the client-side also needs to be running Windows, as PowerShell cannot run on Linux. 

Another aspect where WinRM differs from SSH is that it does not really have built-in file transfer.  There is no direct equivalent for secure copy in SSH for WinRM.  That said, it is possible to implement file transfer through PowerShell scripts.

There are currently several open source initiatives looking to build a WinRM client for Linux - or specifically for some programming languages, such as Java, however, these are in different levels of maturity, where none of them are fully featured yet.  Hence, PowerShell remains the default tool for Cloudify, which essentially provides the same level of functionality you would expect for running remote commands on a Linux machine with Windows.

WinRM & Security

Another interesting point to consider about WinRM is its support for encryption.  WinRM supports three types of transfer protocols, HTTP, HTTPS, and encrypted HTTP.

With HTTP, inevitably your wire protocol is unencrypted.  It is only a good idea to use HTTP inside your own data center in the event that you are completely convinced that no one can monitor anything going over the wire.

HTTPS is commonly used instead of HTTP, however with WinRM there's a chicken and egg issue.  If you want to work with HTTPS you are required to set up an SSL certificate on the remote machine. The challenge here is when you're starting with a vanilla Windows VM that will not have the certificate installed, there is a need to automate the insertion of that certificate, however this often cannot be done, as WinRM is not running.

Encrypted HTTP, which is also the default in EC2, basically uses your login credentials as your encryption key and it works.  From a security perspective this is the recommended secure transfer protocol to use.  It is worth noting that most attempts to create a WinRM client library tend to encounter problems around the encrypted HTTP protocol, as implementing MS' encrypted HTTP system - credSSP - is challenging.  However, there are various projects working on achieving this, so it will hopefully be solved in the near future.

Where Cloudify Comes Into the Mix

Where WinRM comes into play with Cloudify, is during the cloud bootstrapping process.  By using WinRM Cloudify is able to remotely connect to a vanilla VM provided by the cloud, and set up the Cloudify manager or agent to run on the machine.

In addition to traditional cloud environments, WinRM also works on non-cloud and non-virtualized environments, such as a standard data center with multiple Windows servers running.  All that needs to be done is provide Cloudify with the credentials, and it will use WinRM to connect and set up the machine remotely.  Since WinRM is pre-packaged with Windows, there is no need to install anything.  The only thing requirement, as mentioned above, is to have the WinRM service running,  as not all Windows images will have this service running. 

Conclusion

In short WinRM is the Window's world alternative to SSHD that allows you to remotely login securely and execute commands on Windows machines.  From a cloud automation perspective, it provides virtually all the necessary functionality requirements, and thus it is recommended to have WinRM running in your Windows environment.

Cloud

Published at DZone with permission of Sharone Zitzman, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Optimizing Integration Workflows With Spark Structured Streaming and Cloud Services
  • AI-Based Threat Detection in Cloud Security
  • Mastering Advanced Traffic Management in Multi-Cloud Kubernetes: Scaling With Multiple Istio Ingress Gateways
  • Cloud Cost Optimization for ML Workloads With NVIDIA DCGM

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: