Integrating Azure with Virtual Machine Manager

While organizations typically use System Center 2012 R2 and 2016 Virtual Machine Manager to manage the virtualization host, networking, and storage resources in their on-site datacenters, VMM also allows for integration between the on-premises environment and the Microsoft Azure cloud. This integration allows basic VM management using the VMM console. In this tutorial, we will show you how to do this.

For this tutorial, we will use System Center Virtual Machine Manager 2016. Let’s get started!

In the System Center VMM 2016 console, click on VMs and Services, and then go to Azure Subscriptions located on the left side. This is the area of the product that we will be working on for this tutorial.

Virtual Machine Manager - Azure management

Microsoft Azure has two supported deployment models: ARM (Azure Resource Manager) and Classic. We have two separate API sets to manage those deployment methods and, be aware, they are not entirely compatible with each other.

Microsoft is heading toward the ARM model, so any new deployment will probably follow that method. The main benefit is that it uses the concept of a resource group (in some ways it is similar to a folder in a file server), and within that container all services are deployed as part of the same group. We can delegate permissions, manage tags, and organize them separately in the subscription.

Unfortunately, the only deployment method supported by Virtual Machine Manager 2016 is the Classic model, which means that all steps we are going through in this tutorial will work only if you have your Virtual Machines (VMs) running on that deployment method.

It is likely that the ARM model, which is the Microsoft recommended deployment model, will debut in Virtual Machine Manager in the future. However, there is no specific date for that yet.

Configuring the certificates

The first step is to create a self-signed certificate on the VMM Server, which must be placed under the user certificate store. To create the certificate, the following options can be used with the New-SelfSignedCertificate PowerShell cmdlet. The Friendly and Subject name can be any name, and they don’t have to be the name of the current server.

$cert = New-SelfSignedCertificate -FriendlyName VMM -Subject VMM -CertStoreLocation “Cert:\CurrentUser\My” -Type Custom -KeyExportPolicy ExportableEncrypted -KeyLength 4096 -KeySpec KeyExchange

At this point, the certificate is installed on the current user certificate store. Now, we will define a password that will be used to export the new certificate.

$password = ConvertTo-SecureString -String “P@ssw0rd!” -Force -AsPlainText

The first export of the certificate that we have just created will be in the pfx format with the private key. We will use that in the future to import to other users that want to access the same subscription. By doing that we avoid creating and importing certificates on Azure.

Export-PfxCertificate -Cert $cert -FilePath C:\Temp\VMM.pfx -Password $password

The second export is the certificate that we will need to upload in the Microsoft Azure Classic portal. In Azure, we don’t need the private key, just the regular certificate.

Export-Certificate -Type CERT -Cert $cert -FilePath C:\Temp\VMM.cer

The entire process is depicted in the image below.

Configuring certificates in PowerShell

We can check the results by opening mmc (click on start, run and type in mmc and hit OK), in the new console, click on File, Add or Remove Snap-ins, select Certificates from the left side, and click on Add button. A wizard will show up. Select User Account and click Finish.

Back to the console, expand Personal and click on Certificates. A list of all certificates stored on the local computer will be listed on the right side. Double click on the one that we have just created (in our case the name is VMM), and on the properties of the certificate we can see that we have the private key.

Certificate in mmc

Our next step is to log on the Classic Portal. The best way to do this is to click on Management Portal on the VMM console. After logging on to the Classic Portal, click on Settings and then Management Certificates, click on Upload a management certificate. A new page where we can select a file from the local disk will pop up. Click on browse and select the vmm.cer that we created using PowerShell.

Azure portal - upload management certificate

The process will take a few seconds and the new certificate will be listed on the Management Certificates tab.

Uploaded certificate

Managing Azure VMs

We are getting to the end of the road, and after working on the certificates on both sides (Azure and on-premises), we are finally ready to manage the subscription. However, we need to retrieve the Subscription ID, which is easy to find on the Classic Portal. (Click on Settings / Subscriptions.)

Get Azure subscription ID

Back to the VMM Console, click on Add Subscription, and fill out the information, click on Browse and select the certificate that is being listed, click on Finish.

Add subscription ID in VMM

After adding the subscription to the console, click on it and a list of all VMs running on the Classic Portal will appear. At a single glance we can check their location, cloud service, and size.

Check virtual machines in VMM

The administrator will not have the same management features as Azure Portal, however. We can start, stop, shutdown, restart, and use RDP on the VMs.

Virtual machine management options

When we select any given VM, we will have more information on the details pane, such as OS Disk file, Public and Internal IP addresses.

Detailed virtual machine information

That’s it! If you are a Microsoft Azure administrator and you have VMs running on the classic deployment model, this integration with Virtual Machine Manager (2012 R2 or 2016) will bring great benefits to your VM management from a single location.

About The Author

1 thought on “Integrating Azure with Virtual Machine Manager”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top