Shulou(Shulou.com)06/02 Report--

Main characteristics of WinRM

Unlike Telnet and Shell (SSH), PowerShell adopts a new communication protocol, which we call a Web service for management (Web Services for Management,WS-MAN).

WS-MAN works entirely based on HTTP or HTTPS, which ensures that it can easily work through a firewall if needed (because each protocol uses a unique port for communication). Microsoft's implementation of WS-MAN is mainly based on a background service: Windows remote Management component (WinRM).

Microsoft announced that remoting technology can be based on the SSH protocol in addition to WS-MAN. This is good news for companies that are already familiar with SSH but not WS-MAN and WinRM. From the user's point of view, there is no difference in how to use remoting technology, and the difference between the underlying protocols should be transparent to you.

In fact, many of Microsoft's own DevOPS products also use WinRM technology, such as:

Deploy to IIS using WinRM-Azure Pipelines | Microsoft Docs https://docs.microsoft.com/zh-cn/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-winrm?view=azure-devops

Serialization and deserialization

When you run a remote command, it puts the output into a specific form of packet and then sends it back to the local computer through the HTTP (or HTTPS) protocol on the network. XML has proven to be an excellent solution to this problem, so PowerShell serializes the output object into XML. Next, the XML file is transferred over the network. When the local computer is reached, the XML is deserialized into objects that PowerShell can handle. Serialization and deserialization are just a form of format conversion: converting from an object to XML is called serialization, and from XML to an object is deserialization.

WinRM is a universal service

PowerShell is not the only one that can use WinRM services. In fact, Microsoft is starting to use WinRM services in a growing number of hypervisors-even those that already use other protocols. With this in mind, Microsoft ensures that WinRM can direct traffic to a variety of hypervisors-- not just PowerShell. WinRM is like a scheduler: when new traffic comes in, WinRM decides which program will handle that traffic. All WinRM traffic is marked with the name of the receiving application, and these applications must create their own endpoints in the WinRM so that WinRM can listen for the traffic of these principals. This means that you not only need to enable WinRM services, but also need to register PowerShell as an endpoint in WinRM.

One-to-one and one-to-many remoting

PowerShell can implement remoting in two ways. The first is called one-to-one or 1:1 remoting (the second is called one-to-many, or one-to-many, or one-to-one remoting. When using one-to-one remoting, a Shell command window is actually invoked on a single remote computer. Any commands you enter will run directly on the computer and return the output in the remoting window. This mechanism is very similar to remote Desktop connection (Remote Desktop Connection), except that Windows PowerShell uses a command line environment. This remoting technology uses only a few resources compared to remote desktop connections, so it is much less expensive for the server.

If you need to establish an one-to-one remoting process for a remote computer, run the following command.

Enter-PSSession-ComputerName Server-R2

By default, PowerShell communicates with up to 32 remote computers at a time. If there are more than 32, the computer information will be stored in a queue. If the command finishes running on a remote computer, the next computer in the queue starts running immediately. Of course, if the network is good enough and the computers are strong enough, then we can specify a larger number of computers through the-ThrottleLimit parameter of Invoke-Command.

Invoke-Command | Microsoft Docs

Https://docs.microsoft.com/en-us/previous-versions/dd347578(v=technet.10)?redirectedfrom=MSDN

Concurrent execution

Using the Invoke-Command command is more efficient and useful than the-ComputerName parameter of Cmdlet. The computer is accessed concurrently, which means that commands run more efficiently. The PSComputerName attribute is included in the output of the command, which makes it easy to see which result comes from which computer.

Remarks: some of the contents refer to the "Windows PowerShell practical Guide (3rd Edition)", which has been sorted out and supplemented by the author for the second time, which is more convenient for everyone to understand.

WinRM support of mainstream programming languages and tools

GitHub-diyan/pywinrm: Python library for Windows Remote Management (WinRM) https://github.com/diyan/pywinrm

GitHub-WinRb/WinRM: Ruby library for Windows Remote Management https://github.com/WinRb/WinRM

GitHub-masterzen/winrm: Command-line tool and library for Windows remote command execution in Go https://github.com/masterzen/winrm

Winrm-Run tasks over Microsoft's WinRM-Ansible Documentation https://docs.ansible.com/ansible/devel/plugins/connection/winrm.html

For more information, you can refer to

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.