Introducing Server management tools
I am Kriti Jindal, a program manager on the Server management tools team.
At last year's Ignite and Build conferences, Jeffrey Snover (Technical Fellow) and Andrew Mason (Principal PM Manager) first demoed the Server management tools. Server management tools offers a set of web-based GUI and command line tools to manage Windows Servers. Today, we are announcing the public preview of Server management tools!
For a quick overview of the features supported, checkout my demo video: https://channel9.msdn.com/Series/Nano-Server-Team/Remote-Server-Management-Tools-on-Nano-Server.
For those of you interested in a deeper dive, continue reading!
Server management tools overview
As I mentioned above, Server management tools offers a set of web-based GUI and command line tools to manage Windows Servers. This is especially useful when managing headless servers such as Nano Server and Server Core. These tools also provide rapid access to your on premises infrastructure alongside your Azure resources. In this first release, the tools can only be used to manage Windows Server 2016 Technical Preview SKUs running on-premises as well as in Azure. The tools are hosted in Microsoft Azure.
Currently, the tools offer the following capabilities:
- View and change system configuration
- View performance across various resources and manage processes and services
- Manage devices attached to the server
- View event logs
- View the list of installed roles and features
- Use a PowerShell console to manage and automate
This is a preliminary set of tools that are required for basic server diagnostics. If you have specific requests on what tools would be most valuable to you, please let us know using the Windows Server Management Tools UserVoice feedback site.
A Server management tools gateway is required to enable communication between the Microsoft Azure portal and your Windows Server 2016 machines. A gateway is typically deployed and configured on the same local network as the Windows Server machine(s) you wish to manage. The machine must have an internet connection.
If the machine hosting the gateway is a Windows Server 2012 R2 machine, please install WMF 5.0. This is required to use PowerShell to manage Windows Server 2016 Technical Preview or Nano Server machines from Windows Server 2012 R2. Use the following link to install WMF 5.0: https://aka.ms/wmf5download
If the machine hosting the gateway is a Windows Server 2016 Technical Preview machine, no additional preparation is required.
You will also need an Azure subscription to use Server management tools.
Now let's discuss how you can setup the Server management tools gateway and start managing your machine(s).
Step 1: Create a new Server management tools connection
Ok so you have a machine that you want to be able to manage via Server management tools. To begin your deployment, log in to your Azure portal account and search for "Server management tools" in Marketplace or navigate to it: Marketplace -> Management -> More -> Server management tools.
Select the Server management tools, read the description, review the terms of this Preview release, and click “Create”.
This will open a form prompting you to fill out the information for the connection you are establishing.
Please provide the NAME/IP/FQDN of the machine you want to connect to. If you have an existing resource group and gateway, you may opt to select them here rather than to create a new group or gateway.
If this is the first Server management tools connection you are creating, you will also need to choose to create a new Server management tools gateway and give it a name. You will be prompted to complete the gateway configuration after the Server management tools connection is created.
Once the form has been completed, click create at the bottom of the screen and you will be taken back to the Azure Startboard. Assuming “Pin to Startboard” was checked, you will see a tile appear that will indicate the deployment is in progress. Please note that you are not actually creating the connection to the machine but just a resource in Azure. The connection to the machine is initiated once you provide the credentials on the main Server management tools blade.
Once the deployment succeeds, you will be taken to the Server management tools blade where you can provide the credentials and connect to the machine. The User Name and Password are not being created by the connection, and must already exist on the machine and have proper permissions. I.e. use a user account which is a member of the local Administrators group on the target server you are connecting to.
Step 2: Configuring a new Server management tools Gateway
If you are creating a new gateway, you will see the following status:
Click to open the Gateway Configuration page and read carefully and follow the directions to set up your on-premises machine or Azure VM as the gateway.
Note: Please unzip the zip file and run the gateway MSI installer from the folder you unzipped to. If you run the MSI from the zip file without unzipping first, you will need to also specify the profile.json file.
After installing the gateway MSI, return to the Azure portal, and click Refresh. You will now be prompted to enter the credentials to start managing the machine. You will see the following status:
Congratulations! You have established a remote connection to your resource and are now able to perform management tasks on it through the Azure Portal.
Managing Workgroup machines
In order to manage workgroup machines (e.g. non-domain-joined Nano Servers), run this command as an administrator on the Server management tools gateway machine:
winrm set winrm/config/client @{ TrustedHosts="<<IP address>>" }
When creating a Server management tools connection to the workgroup machine, use the machine’s IP address as the computer name.
Additional connectivity requirements
If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
If you wish to connect to a workgroup machine which is not on the same subnet as the gateway, run the following command in an administrator session on the target machine:
NETSH advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
The Server management tools team is looking forward to your feedback on the public preview. You can provide feedback on the tools directly via the feedback button in the Azure portal. We also routinely monitor the Windows Server Management Tools UserVoice feedback site for suggestions on improvements and encourage you to submit your ideas there.
Thanks,
Kriti
Comments
- Anonymous
February 09, 2016
I though jeffrey snover was technical fellow - Anonymous
February 10, 2016
He wasn't last year ^^ - Anonymous
February 10, 2016
Looks really slick and I can't wait for it to support 2012! - Anonymous
February 10, 2016
(This comment has been deleted per user request) - Anonymous
February 10, 2016
Not cool, Why do I have to connect to Azure to manage a local device? - Anonymous
February 10, 2016
What AWC said. We do not use any cloud services for anything else; now, you're saying I have to have an Azure account to manage my on-premises servers? I truly hope this is a temporary state of affairs. - Anonymous
February 10, 2016
Like AWC and Mycroft I don't see any benefit for me to have management tools in the (paid) cloud for management of on premises server. I need this toolset in my LAN. - Anonymous
February 10, 2016
Well, if you only have your own LAN infrastructure this might not do you much good. However, if you are in a hybrid environment, with servers locally and in Azure, this does help out a lot.
Even better, for MSP's supporting multiple customers that can have all sorts of infrastructure (on local LAN, in a datacenter, in Azure or even in something like Amazon cloud), this looks like a great way to manage and maintain your servers.... - Anonymous
February 11, 2016
I echo the concerns above -- I like the cloud option for those situations where you have workloads in hybrid cloud situations but this seems to create a situation where if there is, lets just say, a fiber cut outside a company's data center not only do they lose access to cloud services (and other WAN provided connectivity) but they also lose the ability to manage their own infrastructure? that seems like an unacceptable risk for production environments. This needs to be able to run stand alone on prem (meaning without Azure stack for those in a VMWare world) if we are to see the true promise of Nano Server. - Anonymous
February 11, 2016
I agree with Walter if you have a hybrid environment, but I live in a world where almost all my workloads are local.
It's not uncommon for Google, Microsoft, and all the other providers that get you to the cloud to have both scheduled and unscheduled service interruptions. My company has seen this as a consumer of cloud services and we have very good internet services, which is why I'm unwilling to risk not being able to manage mission critical local workloads if there is an interruption anywhere in the service path.
As Anthony said " This needs to run stand alone on prem..."
There are too many layers and too many ways something can go wrong, and lets face it, when things go wrong they seldom go wrong in the best way possible...
I hope you're listening Microsoft... - Anonymous
February 11, 2016
Hi everyone - I'm a PM in the Server org working on the management tools with Kriti.
This is great feedback; we know that a cloud dependency is not the right option for many businesses, so we're evaluating how to make our tools available in other delivery vehicles, including Azure Stack.
Traditional MMC snap-ins will continue to work against Nano Server as well, so even if the link to the cloud is broken, classic management strategies (including PowerShell) are still viable. If you have an interest in providing more feedback, or talking with us about your requirements, please feel free to email me at brendanp @ microsoft.com
thanks! - Anonymous
February 11, 2016
Just chiming in...Azure is a no-go for us.
I wish we could simply have some simple, easy-to-use tools that we can fully host locally without it being chatty with the outside world. There are too many areas in our environment where we couldn't do Azure-managed stuff even if we really wanted to, due to laws and regulations (such as PCI). - Anonymous
February 11, 2016
I wonder if there will be an On-Premise version from Server Manager running from another Windows Server 2016 GUI Management Server? - Anonymous
February 12, 2016
Brendan,
What about those of us who work for '3 letter' Government agencies? Azure would be a no go. - Anonymous
February 16, 2016
The comment has been removed- Anonymous
May 25, 2016
@Schulz - Why this shameless plug for your books here. I see it has no relevance to the topic. Please STOP doing such ads in technical posts.
- Anonymous
- Anonymous
February 16, 2016
On Prem is of little interest to me as it eliminates too many benefits. Being web-based, this is a toolset that naturally allows a "work from anywhere" approach, and it seems easier to leverage it this way than to deploy and secure another web based tool on local servers. I am an Azure fan, however, unlike some commenting here... and I leverage cloud services. If my datacenter was to become unavailable for any reason, I'd appreciate having my management tools in the cloud as I work through DR and continue to manage my other resources.... Ideally, without driving to the office at 2am on a Sunday.... - Anonymous
February 26, 2016
I use Semantic Sales to manage with email mess. It let me save up to 9 hours a week. Follow up reminder, missed e-mail reminder. Also it has an option — when I receive letter from new contact, they sending me his accounts in FB and Linkedin.https://semanticsales.com - Anonymous
February 27, 2016
The comment has been removed - Anonymous
February 29, 2016
I agree with the other comments that it would be great to have a way to deploy this on premises. Perhaps as a Server 2016 role/feature. - Anonymous
March 06, 2016
Lets say that if a server won't boot in Azure, would this make it a possibility to manage the server? - Anonymous
March 08, 2016
Will these tools be able to manage 2012R2 Servers? - Anonymous
March 12, 2016
Will we be able to manage multiple locations from a single Server Management Service? Early demos made it seem that way and we were looking forward to a "single pane of glass" to manage servers at multiple offices. Unlike others here who IMHO are missing the point, I'm less interested in "corrupting" this tool's purpose by addressing on-perm (plenty of tools to do that, as you point out), but rather really leveraging it to do things a local or VPN connection can't. - Anonymous
March 15, 2016
Hi everyone. Thanks for the great feedback. We will investigate the feasibility of the features requested in the comments.
@BizD3v, I would love to further understand your scenario. Please reach out to me. My email is kritij@microsoft.com. - Anonymous
April 09, 2016
Hello, is it possible to manage Nano Server via powershell directly from my PC? - Anonymous
April 12, 2016
John, you most certainly can! PSRemoting works, just keep in mind that the set of available cmdlets in the nano session is reduced. - Anonymous
April 12, 2016
To get more details on managing Nano Server, you can also refer to https://technet.microsoft.com/en-us/library/mt126167.aspx - Anonymous
May 21, 2016
I do not understand why we cannot have both. We are a small University and do not currently have an Azure account, nor do not have any plans for it in the immediate future. While, I would not have a problem managing Nano systems using Powershell, there is a big learning curve, as I am not the only onsite admin. I do not feel comfortable deploying Nano out without, at the very least, a remote management gui tool, so other (not as technical) users can survive when I am not available. Can't the same tools be developed to run from an on prem server, which would not only be more responsive, but also would allow me to continue to manage my Nano servers in the event of our internet connection going down (this has happened for nearly 2 full days a few weeks ago)- Anonymous
May 23, 2016
Thanks for the feedback Mark. There has been a lot of customer feedback in this space and we are evaluating options for an on-prem solution. We understand that dependency on the cloud is not ideal for all businesses. I would love to understand the limitations, if any, for getting an Azure subscription. Please feel free to email me at kritij@microsoft.com.- Anonymous
May 27, 2016
Chiming in on all the others that are not happy with the way this SMT is working: As a managed hosting service provider, I manage quite a number of customers. For this we have very strict rules and security in place, and jumphosts that are not reachable from the internet that connect to those customers via an out-of-band network. Now with this tool we are supposed to log on to a public cloud provider, then with that make a connection to a Windows machine, and have this windows machine be a gateway to the innards of a highly secure datacenter.. I don't think so.. I can see this tool works just fine if you want to manage something that's in Azure already, but for secure environments this just won't fly.- Anonymous
May 27, 2016
Thanks for the feedback. It is definitely helpful for us to understand various scenarios where cloud dependency is not an option for our customers.
- Anonymous
- Anonymous
- Anonymous
- Anonymous
June 21, 2016
Unfortunately, for both me and my main employer, the licensing model of this, and both the coming licensing model of azure stack leave a hugely unpalatable taste in our mouth. Azure on-prem is now a dead end for us. Whereas we were happy to pay for system center datacenter licensing and use Azure Pack, subscription only and usage based billing of on-prem products means we will not be deploying this or stack. Our Azure Pack deployments are now just run and maintain, while we evaluate other options all the way down to allowing users limited SCVMM console access. Nevermind the fact that some of our scenarios are entirely off-internet or on tightly controlled governmental networks beyond just FedRAMP level of concerns.- Anonymous
June 22, 2016
Hi Gary,Server Management Tools do not have a licensing model, and neither does the Azure subscription associated with them. If you only use Server Management Tools in your Azure subscription, you should not incur any cost.As for Azure Stack, please reach out directly to Vijay.tewariATmicrosoft.com.Thanks!
- Anonymous
- Anonymous
July 31, 2016
When I try to install the gatewayservice.msi file I got an error message saying: "server management tools gateway setup wizard ended prematurely" Any idea about this error please?- Anonymous
August 03, 2016
Thank you for the feedback Anas. I will need some more details to help you with the issue. Could you please email me kritij@microsoft.com and we can continue the discussion.- Anonymous
August 04, 2016
Hi,I also experienced this error (2012R2). In my case it seems to be related to the creation of the self-signed certificate:"GenerateEncryptionCert returned actual error code 1603" appears if running .msi with logging.Trying with an existing certificate throws: SetPrivateKeyPermissions returned actual error code 1603Any ideas? Br,Chris- Anonymous
August 15, 2016
Thanks for the feedback Chris. This is a known issue with WS2012R2 and we are working on releasing a fix. I apologize for the inconvenience.
- Anonymous
- Anonymous
- Anonymous
- Anonymous
August 14, 2016
Thanks for sharing!