Latest posts by Paul Schnackenburg (see all)
- Project Honolulu - A new way to manage Windows Server - Wed, Nov 22 2017
- Use Azure Managed Service Identity (MSI) to store passwords in your code securely - Thu, Nov 9 2017
- Azure Data Lake overview - Fri, Sep 22 2017
The GUI for managing Windows Server is getting a bit long in the tooth. On top of the venerable Microsoft Management Consoles (MMCs) we've been using since the Jurassic era, we've got Server Manager as a way to tie together all of these different consoles and centralize multi-server management.
You may remember Server Management Tools (SMT) that was last year's web-based UI. It was hosted in Azure and connected back to on-premises servers. The issue was that it didn't work for servers that didn't have internet connectivity, nor was an Azure dependency good for other hosting providers.
Honolulu basics ^
Honolulu takes the best of SMT but packages it in a single MSI installer you can run on any Windows 2012, 2012 R2, or 2016 server. It doesn't require IIS, and there's no SQL Server database to configure. You can also install it in gateway mode where multiple administrators can connect to a "jump server" that in turn then functions to manage other servers.
The current preview works in Edge and Chrome. If you want to replicate the functionality of SMT, you could open connectivity through a firewall to a server with Honolulu as long as you're comfortable with HTTPS access directly to a server from the internet. There's no agent to install on the servers you're managing, though if they're down-level ones you'll need to install Windows Management Framework 5.1. Actions in Honolulu on target servers use PowerShell.
At Ignite, they promised frequent updates to the preview, but the current download is build 20016, the same as its release on September 22, 2017.
What's available now ^
This first preview covers basic server management such as the device manager, certificates, event log, file management, local users and groups, firewall, network, processes, registry, roles and features, services, Windows update, and storage, including Storage Replica.
There's a bunch missing (hopefully) coming, such as Active Directory (AD), DHCP, DNS and DFS, remote access, and task scheduler.
You can add servers manually one at a time or through a text file with a list of names. There's no support for browsing AD for them yet. Adding a cluster will add both the cluster and the individual servers.
Because the URL for each management area is unique, you can create documentation with links to particular tasks on your Honolulu server(s), and clicking the link will take you to the relevant management area (deep linking).
Another cool feature is contextual reusability (although it's a bit hit or miss in the preview). If you look at networking and then move to the event log, you'll only see events related to networking by default.
It's not in this preview, but Microsoft did demonstrate at the Ignite opening a PowerShell session against a server directly in the browser.
LAPS, the Local Administrator Password Solution is a great (and free) solution for randomizing the local admin password on every machine in your environment, which is one of the tools you need to protect against pass-the-hash attacks. If you have deployed LAPS (and you should), Honolulu integrates with it and can retrieve passwords from AD for servers it needs to manage.
Hyper-V and Honolulu ^
One of the scenarios Microsoft is pushing with Honolulu is hyper-converged infrastructure (HCI) in Windows Server 2016 where servers are both Hyper-V hosts and storage hosts with Storage Spaces Direct (S2D). Without Honolulu you need Server Manager, Hyper-V Manager, Failover Cluster Manager, and PowerShell to manage the HCI stack fully.
The aim is for all four of those to converge into Honolulu for all day-to-day management. When you look at an HCI cluster, you get a dashboard with latency, throughput, CPU, memory, and storage usage graphs across the cluster. You can trim that information on an hourly, daily, weekly, monthly, or yearly aggregate basis. If you need information on an individual drive, you can drill down to see usage but also the firmware version.
There's an Azure connection. If you're using Azure Site Recovery (ASR) for replicating virtual machines (VMs) to Azure and do the required configuration, you can enable protection for a VM with a single click.
Extending Honolulu ^
Today you can look under the Extension Manager in Honolulu and only see plug-ins from Microsoft, but they're building a third-party SDK for Honolulu. Microsoft's idea is that independent software vendors (ISVs) and hardware vendors build their management tools into Honolulu. So instead of just managing Windows Server, I could also monitor the hardware in my Dell server in the same console for example.
Personally, I find the lack of right-clicking a bit irritating, along with the required high screen resolution. As for Hyper-V, we need support for host settings and virtual switch management; there are no settings for virtual LANs (VLANs), Switch Embedded Teaming (SET) switches, or single-root input/output virtualization (SR-IOV) yet.
One of Hyper-V's strengths in 2016 (and 2012 R2) is the ability to change settings on running VMs, which Honolulu doesn't support. Seeing the PowerShell commands Honolulu is running to accomplish its magic would also be nice. There were two sessions at Ignite covering Honolulu: here and here.
Overall, I think Microsoft is on the right track with Honolulu, but they've got to add a lot of features to make it truly a one-stop shop for all management before they release it "sometime in 2018."