Azure developers and sysadmins have long asked for the ability to get access to a serial console for their virtual machines (VMs). While it’s generally easy enough to log into a VM after it has booted, things get far more complicated if the machine doesn’t boot for some reason. Troubleshooting that can be a nightmare. With today’s launch of the Serial Console in the Azure portal, developers get a full view of their machine’s boot process that should make fixing these kind of issues far easier.
“It’s like connecting a keyboard and monitor to the machine,” Azure corporate VP Corey Sanders told me.
While Azure (and all of its competitors) support all kinds of automation tools like Ansible, Chef and Puppet, as well as SSH connectivity and configuration management, sometimes that just isn’t enough to fix an issue. What’s relatively easy to diagnose and fix on a local machine (think a mistake in a config file or a new driver install that has gone awry), isn’t always all that easy to diagnose in the cloud, after all.
“I’ve been working with virtual machines and infrastructure for many years now,” Sanders said. “This has been a consistent top request from users. […] The amount of improvement that this can bring to sysadmins lives is huge.”
The new console access works for Linux and Windows VMs in the Azure cloud. Since Linux was built for this kind of scenario, there is nothing users have to do to enable this. Windows is a bit of a different beast, so for Windows machines that already run in Azure, developers do have to flip a switch and type a few commands to turn this on. On machines you start up now, everything should already be set up. In Sanders’ view, all developers with existing machines should probably do this right away.
Not every developer in an organization should probably have access to the serial console by default, so during the beta test, Microsoft decided that only users who have “VM Contributor” or higher privileges to the virtual machines should be able to access the serial console.
It took Microsoft a while to launch this feature (and it’s worth noting that Google also offers access to the serial console while AWS gives you the console’s output and screenshots). The reason for this, Sanders says, is that it’s not trivial to enable these kind of features securely. “The connectivity here is not through the network of the VM,” he explained. “It’s through the host and the hypervisor and to enable that in a secure and performant way was quite challenging.”