The Linux Administrators will love this features . When we started moving to cloud applications we started modernized to adapt for cloud . We got so many features ,easy access , fast ,salable etc when compare with on-premises.
But what will happen really when some issue with OS and due to some error server got hang etc. Ultimately the fundamental Linux OS didn’t change . Linux is still Linux . In on-premises we have option to connect with server serial console directly , so in any worst case scenario we can login into the machine ,then we can troubleshoot and recover the machine . It will make administrator job bit easy.
Do we really have this option in all the cloud vendor , The answer is NO Amazon still does not provide the option to connect with EC2 serial console.So during incident the only we have to either restore from backup snapshot or mount the root disk in other EC2 and do some magic.
Azure has option to connect the Linux VM serial console.There are multiple reason behind this . It’s not that Amazon not capable to enable to this feature . Cloud vendor looking in different perspective for security reason.
For an example if you are cloud admin role in Azure you can create user and easily login to Linux VM . So you are breaking the OS and getting into server easily . Incase of AWS there is no such option ,even if you are root user , you can’t touch the OS part.
The virtual machine serial console on Azure provides access to a text-based console for Linux and Windows virtual machines. This serial connection is to COM1 serial port of the virtual machine and provides access to the virtual machine and are not related to virtual machine’s network / operating system state.
Note:
- Access to the serial console for a virtual machine can be done only via Azure portal currently
- Allowed only for those users who have VM Contributor or above access to the virtual machine.
- Virtual machine MUST have boot diagnostics enabled
User Access to Console:
Serial console requires a local user with a password configured. At this time, VMs only configured with SSH public key will not have access to the serial console. To create a local user with password, follow VM Access Extension and create local user with password.
Create new user through Reset password (Through VM Extension)
Disable Serial Console Access:
The serial console functionality can be deactivated for specific VMs by disabling that VM’s boot diagnostics setting.
Concurrent Usage:
If a user is connected to serial console and another user successfully requests access to that same virtual machine, the first user will be disconnected and the second user connected in a manner akin to the first user standing up and leaving the physical console and a new user sitting down
Now lets see how to access virtual console of Azure Linux Ubuntu servers:
1.Open the Azure Portal
2. In the left menu, select virtual machines.
3. Click on the VM in the list. The overview page for the VM will open .
4. Scroll down to the Support + Troubleshooting section and click on serial console option. A new pane with the serial console will open and start the connection
5.Enable boot diagnostics:
Click Boot Diagnostics in the “SUPPORT + TROUBLESHOOTING” menu.New pane will open right side
Select boot diagnostics and save
6. Now select serial console:
7.You can setup OS user access to login into console . This is one dangerous point with Azure . So if you have access for Azure you can reset and login into OS as well.
You can login with existing user also if you know the credentials.
8.Now logged into Ubutu OS with newly created credentials.
Summary:
Really good feature , but we should be really careful with Azure Cloud roles for the user.
Thanks!