Sometimes Microsoft Azure virtual machine admins need alternative access points to help configure and diagnose problems that the standard Azure tools can’t deliver.
That’s where the public preview for Microsoft’s new Azure Serial Console for Virtual Machines can help by providing direct access through a COM1 serial port to address code or system problems that have become unresponsive.
The text-based Serial Console, which was announced by Azure vice president Corey Sanders in a March 26 Azure Blog post, has been one of the most commonly requested features sought by Azure users. The tool provides access to Linux and Windows VMs.
Azure already provides a wide range of tools to help users manage and secure their VMs, including patching management, configuration management, agent-based scripting, automation, SSH/RDP connectivity and support for DevOps tooling like Ansible, Chef and Puppet. Sanders recognized however, that sometimes all of these features still aren’t enough.
“We have learned from many of you that sometimes this isn’t enough to diagnose and fix issues,” said Sanders. “Maybe a change you made resulted in an fstab error on Linux and you cannot connect to fix it. Maybe a bcdedit change you made pushed Windows into a weird boot state. Now, you can debug both with direct serial-based access and fix these issues with the tiniest of effort. It’s like having a keyboard plugged into the server in our datacenter but in the comfort of your office or home.”
Common scenarios for accessing Serial Console
|Scenario||Actions in serial console||OS Applicability|
|Broken FSTAB file||Enter key to continue and fix fstab file using a text editor||Linux|
|Incorrect firewall rules||Access serial console and fix ip tables or Windows firewall rules||Linux/Windows|
|Filesystem corruption/check||Access serial console and recover filesystem||Linux/Windows|
|SSH/RDP configuration issues||Access serial console and change settings||Linux/Windows|
|Network lock down system||Access serial console via portal to manage system||Linux/Windows|
|Interacting with bootloader||Access GRUB/BCD via the serial console||Linux/Windows|
Global users can access the Serial Console for the Virtual Machines feature through the Azure portal under the support and troubleshooting tabs.
Use of the Serial Console with Linux VMs requires no changes to the existing images, and will work immediately. Windows VMs will require a few additional steps to enable the feature, using the related Special Administration Console (SAC).
For all platform images starting in March, Azure has enabled the SAC, but users can also configure their own Windows VMs and images, outlined in the company’s Serial Console documentation. Using the SAC, users can get to a command shell and interact with the system via the Serial Console.
“Serial Console access requires you to have VM Contributor or higher privileges to the virtual machine,” Sanders stated. “This will ensure connection to the console is kept at the highest level of privileges to protect your system. Make sure you are using role-based access control to limit to only those administrators who should have access. All data sent back and forth is encrypted in transit.”
Azure’s Serial Console provides access to the virtual machine regardless of that virtual machine’s network or operating system state.
To use the Serial Console, VMs must have boot diagnostics enabled. The account using the Serial Console must also have the Contributor role for the VM and the boot diagnostics storage account. For settings specific to Linux distros, users can refer to the document, Accessing the Serial Console for Linux.