Is there something that can be done to speed up powershell remoting? Currently with an active session it takes anywhere from 5-20 seconds to use invoke-command. On the same opened session it can take 60 seconds to Enter-PSSession.
While this is over public internet my latency to the Azure VM is under 20ms and these delays are constant in the PSSession such as with intellisense.
The VM has a loaded certificate for WinRM from a trusted provider (digicert). Also using SSL in the session. Any help would be great. We have well over 100 VMs to manage in Azure and right now this is posing a huge problem as our footprint grows.
There’s nothing inherently slow about Remoting per se; on a local network with a good setup, I can perform these commands in milliseconds.
It’d probably be useful to run a Wireshark trace and see how much time you’re getting between the back-and-forth of the packets. For example, on an internal network within a domain, you’re using Kerberos, which doesn’t require a lot of communications. SSL, on the other hand, adds about 2-3 back-and-forth exchanges as keys are negotiated - just as with a HTTPS website. The traffic packets get larger when they’re encrypted, too. All that might be adding up on you. Firewalls can add to it, as well - Azure has their firewall and I’m sure you’re traversing a few. If those are stateful (likely) or using deeper-layer inspection (possible), that’ll add lag time that you don’t see in a normal ping or tracert. I’d also look at the configuration of the VMs themselves, and what kind of load they’re dealing with. You’ll see some indication of that in the Wireshark capture, right? If your requests get out speedily but there’s a delay until the reply is seen - that may be the VM itself simply not responding quickly.
So, were I troubleshooting this, I’d Wireshark it and look at the packet sizes, and amount of back-and-forth to set up the session, and the lag time between those back-and-forths.
I’ll note as an aside that you’re in a slightly less-than-usual scenario, from my experience. I’m more accustomed to seeing site-to-site VPNs, which then forgo SSL inside the tunnel. Let the VPN do the heavy lifting instead of each connection. That also helps take a lot of potential firewall lags out of the picture. If you still see slow responses then, it’s nearly always either the underlying network (which you seem to have eliminated as a cause) or the VM.