As infrastructure and deployments become more hybrid in nature, where we have workloads spread across clouds, the management effort to control all these different areas increases exponentially. This is obviously a bad thing and we want to be able to provide a more controlled way to manage resources which might exist on-premises but also in Azure.
The next figure presents an overview of what a deployment with the server management tools would look like.
You will also observe from the diagram that a gateway server (in the middle of the diagram) is required to allow on-premises infrastructure to communicate with the service in Azure.
Server management tools (SMT) introduces a web-based GUI hosted in Azure and command-line tools that can do this for your Windows Server 2016 estate. For instance, your administrators can manage Nano Server or server core easily from this GUI without affecting the footprint of those deployments.
The tool currently has the following capabilities:
If this is a Windows 2016 Server, no prerequisite work is required, but if you are using a previous edition of Windows (i.e., 2012 or 2012 R2) you must install WMF 5.0 so that you can manage Windows Server 2016 hosts, including Nano Server.
With the exception of Windows Update and Device Manager, all SMT tools will work with Windows 2012 and 2012 R2. There is one thing to consider when approaching SMT and using it to manage your previous versions of Windows: the dependencies of installed applications on the server. For example, will your application break if you install a newer version of WMF?
You might also need to perform additional tests to ensure that your applications perform correctly with WMF 5.0.
In Windows Server 2016 Server Management Tools, you can store credentials encrypted by using AES256 encryption and stored in Azure. The gateway is responsible for encrypting these credentials with a certificate that only exists on the gateway before uploading the credentials to Azure in a secured state. These credentials can then be decrypted only by the gateway using the certificate that encrypted the credentials in the first place. The certificate, as stated, never leaves the gateway andonly ever exists on the gateway.
Centrally managing a Windows firewall provides numerous benefits to servers by ensuring that a standardized policy is enforced. Unfortunately, dealing with a Windows firewall outside of traditional enterprise monitoring tools typically has been a difficult task; you can’t easily work at scale and it can be difficult to gather a complete understanding what rules are turned on and what their status is. In SMT, Microsoft provides GUI support for looking at the firewall rules on a specific machine, making iteasier to understand what is happening, as demonstrated in the next figure.
Firewall Rules in SMT
The Windows PowerShell script editor in SMT has been upgraded to support file-browsing capabilities on a machine. Now, you can open, edit, and save scripts on specified machines.
The script editor also has the ability to connect directly to an Azure Storage Blob (see Figure 5-28) and save your scripts to it. The scripts then become accessible to all servers in your subscription and beyond.
The Windows PowerShell script editor in SMT connecting to Blob Storage
Along with the Windows PowerShell script editor’s basic capabilities to interact and work with scripts on specified machines, you also can perform basic file management activities like browse, rename, and delete. The next figure shows you a sample of what File Explorer in SMT looks like.
File Explorer showing the contents of a machine in SMT
SMT now has the ability to provide more detailed info on storage for a specific machine. You can display information about drives, volumes and file shares. Currently, that information is available in a read-only format, but this technology will evolve over time. The next figure demonstrates this capability.
Storage information in SMT
Certificates for any IT organization presents challenges in terms of its management; for example, how do you verify certificates across multiple machines if you don’t run a Certificate Authority. SMT introduces a certificate manager so you can now remotely manage certificates on specified machines. The next figure shows how you now can view all or a scoped set of certificates, look at the event log, and manage certificate lifecycles with import, export, and delete functions.
Certificate Manager in SMT
Deployment of SMT is relatively straightforward; however, it does involve the use of Azure and will require an Azure subscription. There are various ways of obtaining an Azure subscription but the simplest is to go to https://azure.microsoft.com/free/. Here, you can create a subscription if your organization does not already have one.
The gateway server you will create also needs Internet access, so it will need to be on a routable subnet within your organization.
For all the latest information about Server Management Tools for Windows Server read:
Learn about this new web-based GUI management tool that is hosted in Azure and available for no charge. Especially useful when managing headless servers such as Nano Server and Server Core, it can be used to manage on-premises infrastructure alongside Azure resources.