Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Using Veeam FastSCP with Azure VMs and self-signed certificates

When working with Azure VMs you have several options to copy files into your VMs. One tool I really like is Veeam FastSCP, because my Azure VMs are just dev / test machines and are neither part of an Active Directory nor I have a VPN connection with the my Azure Virtual Network.

-> https://www.veeam.com/fastscp-azure-vm.html

So I want a secure way to get files into my Azure VMs and here comes Veeam FastSCP into play. It uses WinRM over HTTPS and therefor you need a certificate on the VM to configure WinRM for HTTPS use. As I already mentioned, the VMs do not belong to an Active Directory and that is the reason why I have to use self-signed certificates.

Before creating the self-signed certificate we have to configure the NSG and public IP in Azure first.

The NSG should allow inbound traffic from the Internet to the VM on TCP port 5986.

AzureFASTSCP01

Next step is the public IP and its configuration. You should specify the DNS label, because we will need this in the next step in the PowerShell script.

AzureFASTSCP02

Now we can connect to the VM via RDP and run the following PowerShell script to create the self-signed certificate. Make sure the DNS label of the Azure VM is placed into the dnsName variable.

$dnsName="azst-crp3.northeurope.cloudapp.azure.com"
$cert=New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My\ -DnsName $dnsName
$command="winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="+'"'+$cert.DnsNameList.Unicode+'"'+"; CertificateThumbprint="+'"'+$cert.Thumbprint+'"'+"}"
cmd.exe /c $command
New-NetFirewallRule -Name "Windows Remote Management (HTTPS-In) (Azure)" -DisplayName "Windows Remote Management (HTTPS-In)" -Protocol TCP -LocalPort 5986 -Direction Inbound -Profile Any -Action Allow –Verbose

Next step is to add the Azure VM to Veeam FastSCP.

AzureFASTSCP03

Enter the DNS name, leave the port on its default value, check if use SSL and skip certificates trusted authority verification are checked and finally enter username and password for the Azure VM.

AzureFASTSCP04

Now we can upload or download files to our Azure VMs.

WordPress Cookie Notice by Real Cookie Banner