The new Azure Server Management tools allow you to remotely manage your on-premises server via a web-based HTML5 portal.

You might already know that Jeffrey Snover, Microsoft's Windows Server lead architect, feels strongly that graphical user interfaces (GUIs) have no place on servers unless you absolutely need them for legacy support scenarios.

Thus, in the forthcoming Windows Server 2016, we have a new installation option called Nano Server that not only has no GUI, but also is the thinnest, lightest Windows Server version ever produced.

Of course, we've been able to remotely manage Windows Core servers in a variety of ways and these methods still work with Nano Server:

  • MMC console remote connectivity
  • Windows PowerShell remoting
  • Other first- and third-party remote administration tools

If you're a Microsoft Azure subscriber, then you can also manage your cloud and on-premises servers by using the Azure Resource Manager (ARM) portal. Now, not so fast--I know that Azure is a "no go" for many businesses due to security and data sovereignty concerns.

You should know that the Azure team plans to include their Server Management Tools in the upcoming Azure Stack. At the moment, though, what I'm going to teach you today works only with an Azure subscription and managed servers running Windows Server 2016 Technical Preview 4 (TP4).

Describing our lab environment ^

Take a look at the following Visio drawing, which illustrates my lab setup:

Our lab setup to test the Azure Server Management Tools

Our lab setup to test the Azure Server Management Tools

Notice that the Azure Server Management tools require the presence of a gateway agent located on the same subnet as the servers you need to manage. I'm getting a bit ahead of myself--let's set this thing up and see how it works.

Building the environment ^

Log into the Azure Portal (portal.azure.com) and find the node called Server management tools connections. If you don't have an Azure subscription, feel free to sign up for a free 30-day trial. Microsoft gives you $200 in service credit to play around with.

Click Add to build a new Server Management Tools connection and then fill out the blade. I show you what this looks like in the following screenshot:

Defining a Server Management Tools connection in the Azure Portal

Defining a Server Management Tools connection in the Azure Portal

You need to fill in the following fields:

  • Computer name: I couldn't get this to work by specifying my on-premises Nano server's hostname. The connection went through fine when I used the host's private IP address 10.0.0.10. Remember that, as of this writing in April 2016, this feature is solidly in "preview" mode. For that matter, Windows Server 2016 is only in Technical Preview status as well.
  • Subscription: Self-explanatory
  • Resource group: A container for your Azure resources
  • Create a new Server management tools gateway: I just added the hostname of my on-premises Windows 10 box. We'll configure the gateway more in just a moment.
  • Location: Only select Azure regions are available as of this writing.

When you examine your new Server Management Tool connection's Essentials page, you'll see a big banner that says "Gateway not detected. Click here to configure a Server management tools gateway." Go ahead and click that; I show you what it looks like here:

Configuring our Server Management Tools gateway

Configuring our Server Management Tools gateway

In the Gateway configuration blade, you can generate a download link for the agent software. This is a small .msi package that's personalized to the hostname of the gateway you provided a moment ago.

The candidate gateway should reside on the same IP subnet as your target hosts. Moreover, the gateway (wait for it) needs to run either Windows 10 or Windows Server 2016 TP4. Go figure!

Performing remote administration from Azure ^

The gateway serves as an "umbilical cord" between your managed servers and the Azure Portal Web UI. After installing the gateway software, refresh your view of the Server Management Tools connection and you should see something similar to the following:

Our on-premises Nano Server is reachable from the Azure cloud

Our on-premises Nano Server is reachable from the Azure cloud

I've called out some touch points in the previous screenshot; let me explain them for you:

  • A: Click Manage as to provide administrative credentials for the remote server
  • B: Investigate the status of your gateway
  • C: See real-time performance metrics
  • D: Leverage a rapidly expanding set of remote administration tools

Remember that the Azure product development team ships new features literally every business day. Accordingly, you can expect to see the Server Management Tools functionality broaden and deepen as we get closer to Windows Server 2016's final release date.

You know what they say (whoever 'they' are): a picture is worth a thousand words. Therefore, let me give you three interface screenshots to show you the kind of remote management flexibility you have through the Azure Web portal:

Remote PowerShell session

Remote PowerShell session

Server role management (read-only for now)

Server role management (read-only for now)

 

Workgroup or domain membership

Workgroup or domain membership

Discussion ^

Okay, so what do you think? You may be thinking some of the following perfectly valid arguments:

  • The dependency on an Azure subscription is a deal-breaker for me!
  • Why do I have to hairpin out to the Internet and back to manage my local servers?
  • I thought we were supposed to use code to manage our Windows servers now?!
  • How secure is the traffic that's orchestrated between my on-premises Server Management Tools gateway and the Azure cloud?

I'm just speculating here, but I suspect that the biggest consumer of the Azure Server Management Tools are managed service providers (MSPs) who need an easy way to "touch" customer servers (both in the cloud and on-prem) from a central location.

Remember, too, that the Azure Stack will bring much of the Azure public cloud functionality to your local data center so it's probably to your professional advantage to learn how they work to get yourself prepared for the future of datacenter/server management.

Subscribe to 4sysops newsletter!

From what I've read on the Azure support forums, Microsoft plans to continue fully supporting the more traditional remote access tools, from MMC remote connectivity to WinRM/WSMan and beyond.

 

4 Comments
  1. ahostingadmin 6 years ago

    As a hosting engineer at a European managed service provider, I can tell you this Azure tool most likely won't be used with us, and with similar providers like us.

    Having to use a public tool to manage something that is supposed to be buried deep inside your datacenter is just a no-go; PCI auditors would have a field day with this!

    I am all for a light, ESXi-like OS, but management should remain within the management environments of the datacenters.

    Then this gateway that requires windows... yeah no. Also, I wonder how Microsoft thought this would work: 1x Windows Nano license, 1x Windows Server license and 1x Azure subscription.. really?

    • Author

      Agreed--the current model is a bit...weird, for lack a better term. I think that what's gonna happen is that we'll have the Azure web portal experience (including the web server management tools) in the forthcoming Azure Stack. Because Azure Stack is essentially the Azure toolset running in your on-prem data centers, you'd therefore maintain control over the entire infrastructure.

      Also, it seems to me that the Azure server management tools are the best fit for VMs that you're already running in the Azure cloud. Remember that in Azure, your server licenses are all absorbed in your per-minute runtime. Thanks for reading!

  2. elvisho 5 years ago

    does it support windows 2008 r2?

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account