Today Microsoft announced the preview of the Remote Server Management Tools hosted in Azure, written by Kriti Jindal, a program manager on the Server management tools team. This service allows you to manage your servers directly from Azure using a web-based HTML5 portal. I personally think that this could replace Server Manager and allows you to easily manage non-GUI servers such as Windows Server Core and Nano Server. This is the first public preview of the Remote Server Management Tools and it limited right now to manage Windows Server 2016 Technical Preview server, hosted on-prem or in Microsoft Azure. The Remote Server Management Tools today include the following features:
- View and change system configuration
- View performance across various resources and manage processes and services
- Manage devices attached to the server
- View event logs
- View the list of installed roles and features
- Use a PowerShell console to manage and automate
Overview
To remotely manage your Windows Server from Azure, you have to deploy a Remote Server Management Gateway into your network. This can be a Windows Server 2012 R2 Server running the WMF 5.0 (Windows Management Framework 5.0) or Windows Server 2016 with no additional preparation. You also need a Microsoft Azure subscription and an account.
The gateway will handle the connection to Azure, so the Remote Server Management Gateway needs connection to the internet. The managed servers do not need a direct connection to the internet, the gateway will connect to the managed server. With that, the gateway need connection to the sever which will be managed by Azure.
Setup Server Management Tools
Well to set this up some steps are required, first create a new server for the Remote Server Management Gateway. In my case I installed a new Windows Server 2016 virtual machine. I made sure I could connect to the internet and it has the lastest updates installed.
After I created the virtual machine I logged in to the Azure portal and added a new Server Management Tools Connection. You can search “Server management tools” in Marketplace or navigate to it: Marketplace -> Management -> More -> Server management tools. This will also create the first Server Management Tools Gateway for your connection.
After the connection is created you can see the connection and but you will get the information that the gateway is not ready. As the next step you will configure the gateway on the prepared server.
Under the Server Management Tools Gateway blade you can find a setup for the gateway which will generate a custom install package for your gateway. You can copy this link to the server and download this package and install it.
- Allow gateway updates to be installed automatically (recommended), or choose to install updates manually. You may change this later under gateway settings.
- Click the below to generate a customized gateway deployment package link.
- Use the generated link to download the gateway deployment package now, or copy the link URL to download the package later from the machine on which you intend to install the package.
- From the machine that you want to designate as the gateway, unzip the package and run GatewayService.MSI.
- Once the gateway installation completes, return to the Microsoft Azure portal and reopen your Server management tools connection.
- You should now be able to manage your Windows Server 2016 machine if the Microsoft Azure portal can reach it through the gateway.
After you have installed the Remote Server Management Gateway package on your gateway server you can see the connection in the Azure portal.
Now you start remote manage your server. As mentioned before, this is really handy if you want to manage Server Core or Nano Server.
Additional Stuff:
There are some additions for the configuration if you want to manage servers in a workgroup environment:
In order to manage workgroup machines (e.g. non-domain-joined Nano Servers), run this command as an administrator on the Server management tools gateway machine:
winrm set winrm/config/client @{ TrustedHosts=”<<IP address>>” }
When creating a Server management tools connection to the workgroup machine, use the machine’s IP address as the computer name.
Additional connectivity requirements
If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
If you wish to connect to a workgroup machine which is not on the same subnet as the gateway, run the following command in an administrator session on the target machine:
NETSH advfirewall firewall add rule name=”WinRM 5985″ protocol=TCP dir=in localport=5985 action=allow
Remote Management Server Tools Features
As mentioned the Remote Management Server Tools bring some really cool web-based management features. One of my favorites is the web-based PowerShell console.
- Device Manager
- PowerShell Console
- Computer Configuration (Name, Domain,…)
- Network Configuration
- Task Manager
- Process
- Registry Editor
- Roles and Features
- Services
- Local Administrators
- Updates Management (coming soon)
- Shutdown / Restart
More Information
- If you want to manage Nano Server using PowerShell
- Windows Server Management Tools UserVoice
- New toys : #Azure Web-Based Server Management Tools , And It’s A Lot! by Mike Martin
Any idea if this will be supported without a Gateway for those using site-to-site VPNs?