WAP – Get Windows Azure Pack Websites via PowerShell


Windows Azure Pack was Microsoft’s first attempt to bring Azure into your on-premise datacenter. The things you can do with it are limited to IaaS VM, PaaS databases and PaaS websites. In addition there is Service Bus and some networking part which is necessary for the IaaS / PaaS services. Of course there are other required parts, like Service Provider Framework (SPF), SC Virtual Machine Manager etc. Because my job is to automate things using PowerShell, I have sometimes the need to get data out of systems like in this case WAP as my data source. If you look a bit closer at WAP and you want to get information about configured SQL databases or MySQL databases there is a rich set of PowerShell cmdlets available and these modules are installed on the WAP admin servers…


…so what you could do is use PowerShell remoting and query these server for information. If you want to get information about provisioned VM’s you simply could query VMM using its own cmdlets to gather information.

One other way you could get information out of WAP, is to use the Public Tenant API. This API provides information about tenant specific information, therefore you need to provide a subscription to get detailed information about that specific tenant. MVP Ben Gelens has written a fantastic PowerShell module to get all sorts of information from the WAP Public Tenant and WAP Admin API you can find the module here https://github.com/bgelens/WAPTenantPublicAPI . I have tested it and it works like a charm.

So but what is now the point of this post? Well, so far we have seen, that we can get information about SQL Server and MySQL databases using these PowerShell cmdlets using the Admin API, for VM’s use VMM as a data source, but what about websites? There are also modules installed on the web controller servers itself, e.g. the WebSites module…


…and the WebSiteDev module…


…to get infos about websites from the system just use these cmdlets above.

One more elegant way to pull website information is going through the endpoint REST API (Web Site Cloud REST Endpoint) which you need to provide when adding the website resource to the admin portal. It depends how you configured, it but as an example you can find the settings you configured on the web controller server you could execute the Windows Azure Pack Websites MMC and find all different settings…


…and this would be the spot where you configure the settings in the WAP portal…


The tricky part is to find the correct URI for the REST call to return all website. When you call the URI you get this API site here..


…click Web Administration API and you get something like this…


…well there is a whole lot of configuration to explore. What we want, is a listing of the deployed websites. After some time I figured it out what the URI is, you need to use this https://ADMIN ENDPOINT URL/20130801/webadmin/systems/DEFAULT WEB SPACE NAME/sites, and you will be provided with a listing of provisioned websites…


Cool, now we need just to use PowerShell to get the same result. Therefore we use Invoke-RestMethod…

$Password = ConvertTo-SecureString "MySecurePassword" -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ("WaaSUser", $Password)
$URI = 'https://WEB ENDPOINT URI/20130801/webadmin/systems/DEFAULT WEBSPACE/sites'
$WebSites = Invoke-RestMethod -Uri $URI -Credential $Credential -Method Get

The problem you will probably face is, that you will receive an error like this…


…the reason is, that there is a https request and we don’t have a trusted certificate in place, so there can no secure connection established. What we could do, is to skip the certification check or install the certificate as a trusted root certificate. In this case Invoke-RestMethod does not provide a parameter to skip the validation check, so we need to use some C# magic which I found on the internet (all credits to the author, can’t find the source anymore!), so we end up with something like this…

# Create ServerCertificateValidationCallback class
Add-Type @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
        public static void Ignore()
            ServicePointManager.ServerCertificateValidationCallback += 
                    Object obj, 
                    X509Certificate certificate, 
                    X509Chain chain, 
                    SslPolicyErrors errors
                    return true;
# Use previously defined ignore() method
# Create credential object
$Password = ConvertTo-SecureString "MySecurePassword" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('WaaSUser', $Password)
# Provide the URI
$URI = 'https://WEB ENDPOINT URI/20130801/webadmin/systems/DEFAULT WEBSPACE/sites'
$WebSites = Invoke-RestMethod -Uri $URI -Credential $Credential -Method Get
# Create a custom PS object with some properties like name, webspace and number of workers
$SiteObjects = @()
ForEach($WebSite in $WebSites.PagedSites.Values.Site)
    $Properties = @{}
    $Properties.Add('Name', $WebSite.Name)
    $Properties.Add('WebSpace', $WebSite.WebSpace)
    $Properties.Add('InstanceCount', $WebSite.NumberofWorkers)
    $SiteObjects += New-Object -TypeName PSObject -Property $Properties

This will out put a collection of website objects…


…of course you could add any properties to your object  that is available in WAP. Why is this awesome? Well, there are a couple of reasons. If you go via Public Tenant API you need to provide a subscription, which is just not the way to get all websites in a single request. If you use the provided cmdlets, you need to connect to the remote servers using Invoke-Command, which is also not a desired approach (reliability, load on the server etc.). In addition there is no dependency to other PowerShell cmdlets. Therefore I think this is a valid way of getting easily information out of your website deployment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s