Today I learnt a little about an awesome feature which I think isn’t that well known – or at least when I speak to colleagues past and present they are not familiar with it. The feature in question is leveraging PowerShell on a Hyper-V host down the VMBus to a guest virtual machine. What exactly does this mean? Well I’m glad you asked, let us take a look together.
I think it is important we first understand the definition (from Microsoft) of the Hyper-V VMBus –
VMBus – Channel-based communication mechanism used for inter-partition communication and device enumeration on systems with multiple active virtualized partitions. The VMBus is installed with Hyper-V Integration Services.
The VMBus brings some other benefits to enlightened virtual machines but that is not the focus of this discussion so we will skip over those for now.
Consider a traditional hardware server or system which does not support the VMBus – if you had no network access to this system you would not be able to leverage PowerShell. Now let us consider a virtual machine guest which is enlightened and capable of using the VMBus – we can use PowerShell on the Hyper-V host and connect via the VMBus to the guest virtual machine! Essentially we are using the VMBus as an out of band management interface. Think of it like a HPE iLO or Dell iDRAC remote management card and you have the right idea.
I will demonstrate the functionality with the following setup –
- Microsoft Server 2016 Technical Preview 4 host running Hyper-V (hostname = HV-2016TP4)
- Microsoft Server 2016 Technical Preview 4 guest virtual machine (hostname = VMBusTest)
As you can see in the screenshot below we have a single virtual machine running on the host.
I want you to note that there is no network connection whatsoever on this virtual machine. See below the Hyper-V console and a screenshot from within the VM when running sconfig –
With no network connectivity you would assume we cannot manage this system remotely and in some respects you are right but never fear, PowerShell Direct over VMBus is here!
First we need to check whether the ‘Guest Services’ option is enabled for the virtual machines integration services, by default it is not –
Enabling is a simple matter of selecting the tick box and applying the change –
Alternatively we could leverage PowerShell from the Hyper-V host to enable or disable the service –
To enable –
PS C:\> Enable-VMIntegrationService -VMName "VMBusTest" -Name "Guest Service Interface"
Now that the necessary service is enabled we can give it a test. I launched PowerShell and firstly used the classic hostname command to demonstrate I am running on the host system.
PS C:\> hostname HV-2016TP4
Next I leverage the Enter-PSSession PowerShell command and provide a virtual machine name and credential for the connection –
PS C:\> Enter-PSSession -VMName "VMBusTest" -Credential "Administrator" [VMBusTest]: PS C:\Users\Administrator\Documents> hostname VMBusTest [VMBusTest]: PS C:\Users\Administrator\Documents>
As you can see we have a PowerShell session open to the virtual machine which is denoted by the VM hostname prefixed to the prompt. If I run the classic hostname command again I get confirmation I am on the virtual machine.
I think this is a really powerful tool to have at ones disposal and I imagine Microsoft will continue to develop this feature. It does of course go without saying that it can present a security risk which must be considered. That being said think of a VM in a DMZ which you don’t want to open up extra ports to – you could connect via the host and manage through PowerShell so plenty of options and ideas.
If you are using this feature currently I’d love to hear your thoughts and experiences in the comments below.