Azure Cloud Shell - Anuj Varma, Hands-On Technology Architect, Clean Air Activist

Where is the Storage Coming From?

It comes from containers already running on Azure. When you click on the Azure Cloud Shell icon, your cloud shell connects to one of many containers nearest to your location.

These containers are already provisioned and are ready to serve a cloud shell session.

You get a home drive on these containers ( $home) – using your shell you’ll notice two folders present there –

.cloudconsole is for bash files, and
.pscloudshell is to persist you PowerShell files and modules

cd $home\clouddrive

# this is where all PS modules live
dir .\.pscloudshell\WindowsPowerShell\Modules

Creating the initial storage account using Powershell

$param = @{
    ResourceGroupName = 'test-cloud-shell-storage' 
    Name = 'NewTestStorageAccount' 
    SkuName = 'Standard_LRS'
    Location = 'south central us'
}
New-AzureRmStorageAccount @param -verbose

Dismount-CloudDrive -Force -Verbose

Figuring out which File Share and Storage Account Azure is using

First read the docs 🙂

The DF command
PS /home/myusename> df

Mapping your LOCAL drive to the Azure File Share

Cloud Shell in Azure allows you to map your local workstation drive to transfer files to Azure. This seems to me to be counterintuitive and insecure. Also read – Google App Engine via gcloud.

Azure will kindly provide you with the powershell script to map your local drive – using the Get-PSdrive cmdlet in powershell. However, you will most likely encounter ‘ The specified network name is no longer available…’ error.

To get around this error (i.e. to successfully map a local drive to the Azure file share )

You may have to disable antivirus
You need to enable SMB file share (from ‘Turn Windows Features on / off’). That too SMB 1.0 – with known security holes.
Enable services Computer Browser, Server & Workstation

With these steps, I was able to surmount ‘ the specified network name is no longer available ‘ error – and get a local drive mounted on the same file share that cloud shell was using. But, I basically left my local workstation in a vulnerable state (disabled antivirus, enabled SMB 1.0 sharing)

Summary – Azure Cloud Shell Security

Why a cloud service should require local storage from your desktop is beyond me. GCP accomplishes the same thing by launching an entire lightweight VM as part of it’s cloud shell. All with a built-in code editor. And no security loopholes.

Ready to start a conversation? Set up a 1 on 1 appointment with Anuj to assist with your cloud journey.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written 1210 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

No Comments Yet

Leave a Reply Cancel reply