The magic behind Server Management Tools in Azure

Last week I tweeted about patching my Windows Server 2016 servers by using the Server Management Tools functionality. Don’t get me wrong, I don’t hold a grudge against Group Policys and WSUS or the new update functionality in OMS, but when there’s something new in Azure, most of the time I want to try it out…

This tweet had its fair amount of attention, so that’s why I thought a short blog would be in order… The Server Management Tools feature is currently in Public Preview on Microsofts’ Azure platform. This nifty feature makes your Windows Server 2016 investments into the start of your hybrid adventures and it can even manage Nano-server instances.  But how does this magic work? Let’s try and make it really simple to understand first.. You’ll basically deploy an agent on one of your internet-facing servers, which will act as the management gateway. It’s sort of an Azure-Management-Tools-connector or bridgehead. Once deployed, Azure will connect to that bridgehead inside your datacenter (in which cloud or on-premises situation you might be) and from there connect to the other servers.

At this time this service is only available for machines running Server 2016 (TPx or later). If the topology isn’t clear yet, please review the following picture, Courtesy of Microsoft.

Now you’re familiar with the concept, let’s go and manage some on-premises servers from the public Azure portal! Start in the Ibiza Azure portal to add a new service from the Marketplace by searching for Server Management Tools

Select the Microsoft “Server Management Tools” and create the service within your subscription. Upon creation of the service, you’ll just see an empty window, quite similar to the one below.

Now we’ll have to add some servers that run in our datacenter. Be sure to use the FQDN or ip address for this, especially when you’re working with machines in different domains/subnets inside your datacenter. Hit the “Add” button on the top of the screen and you’ll see a nice wizard-like User Interface to guide you through adding your servers to Azure.

First, enter the name of the Windows Server 2016 computer you want to manage, don’t forget to enter the complete FQDN in more complex environments. Second, Select the subscription where you want this server to be managed, and create or select a Resource Group where you want to place these “Virtual Azure Resources”. Just for this functionality I’ve created the Resource Group “RG-ServerManagementTools” in advance, and all of the servers under management will be placed into that resource group.

Since this is our first (mutual) installation, we’ll also have to create the bridgehead which I’ve mentioned before; the Gateway server. This server will only need outbound internet connectivity and the possibility for the Gateway software to be installed. The name you use here is just the “friendly” name, or the name which will be shown inside the Azure Portal for this server. The location part of this screen refers back to the creation of the Resource Group, this is also tied to an Azure region.

When clicking “Create” it will create the object, but at this time you won’t be able to manage the box just yet. This is because you haven’t created your Gateway server in your datacenter yet. That’s the next step.

We’ll go ahead and click the managed server which we just created and quickly find that the server is unmanaged because of the lack of a management gateway. When you click the link you will find just a few possible choices. The biggest choice here is to let the gateway agent be updated automatically or not. After that, click on the “copy” icon to get your very own, personalized installation file of the gateway services. Download them and take them over to your appointed gateway server.

So, here we are, on a fresh Windows Server 2016 box, although the Gateway Server can be installed on a 2012 or 2012R2 machine too, I just like working with the latest and greatest. But, never mind that. If the machine hosting the gateway is a Windows Server 2012 R2 machine, please install WMF 5.0. This is required to use PowerShell to manage Windows Server 2016 Technical Preview or Nano Server machines from Windows Server 2012 R2. You can use the following link to install WMF 5.0: http://aka.ms/wmf5download

I’ve downloaded and opened the zip file containing the software and the appropriate profile file. Now, for the installation of the Gateway… I hope your coffee isn’t too hot, because you won’t have enough time to drink it during install, it’s blazing fast…

Only a single choice to make here again. I understand that if you’re working in a production environment, which has to be super secure and compliant, that you’d go for a corporate certificate. Since I’m just using this for this blog, I trust a self-signed certificate enough for now…

After this choice, its just another blink of an eye before we return to the Azure Portal to take the next steps in our hybrid-management datacenter… We have another look at the properties of the managed server in the Azure Portal where we see the status of the Gateway not being present. With a quick “refresh” we solve this issue…

…. and get a new message, saying you’ll need to use “Administrative Credentials” to manage that specific server.

What I’ve done before, while everyone was waiting for the installation of the gateway server to complete, was to create a service account in my Active Directory domain, especially for this feature. Clicking this message will result in opening another blade where we can supply our management credentials.

Here you can choose whether you want to use these credentials for this session, or to store them securely in Azure. For my convenience I decided to store these credentials in Azure. After completing this step, our first server can be managed through the Server Management Tools service in Azure. What can we manage today?

I’m sure Microsoft is still working on extending the list, but you can do cool stuff already, like switching Virtual Machines on/off, do some basic file management, insights into services and certificates…. But with PowerShell-remoting in place, I guess you could manage everything but the sink! Just a small demonstration, I connected my Hyper-V server to Server Management Tools, started PowerShell on that node and asked for all Virtual Machines with “DC” in the name.

If you want to manage other servers, you can of course do that using the same interface, or use a JSON template for that. First things you need to find out are:

  • The friendly name of your gateway
  • The FQDN of the server that needs to be managed.

Easy enough right? So now, where’s this template? The easiest way to obtain it, is to copy it from the picture below ;-).

Or is it? Let’s have another look at the wizard to add another server.

When you would add another server with the GUI, provide a name for the server, Resource Group and choose to re-use the existing Gateway (1). Remember or write down the friendly name of the gateway and click on Create OR Click on “Automation Options”. This will give you a hand of options to automate the management of other servers. There’s JSON, but also PowerShell, Ruby or .Net possibilities… Nice!

Today we’ve looked at the Preview feature in Azure, called “Server Management Tools”, this feature can help manage your servers, wherever they may be, from the Azure Webportal. If you’d like to take a look at the formal introduction of Server Management Tools, that can be found here. Or a nice video explanation on Channel 9:

If questions arose when you were reading this post, leave your comments below and I’ll try and answer them as soon as possible.

For now, keep it cloudy!

Leave A Reply

Your email address will not be published. Required fields are marked *