Over the past years Microsoft has made tremendous efforts in making hybrid management more accessible for everyone.
At customers I see that the pase of these innovations can be quite overwhelming. Combine that with the archilles’ heel of IT to only look forward and wait on the next big thing and soon you’ll have people and organizations that have missed the boat on an essential tools that can improve their system management capabilities. One of those tools which is becoming more important over time is undoubtedly Windows Admin Center, or called by its’ loving abbreviation, WAC.
Before we go into the Admin Center itself, I’d like to thank HPE the Netherlands and The Sourcing Company in their efforts to facilitate me with a top knotch Proliant DL380 Gen9 server to run some tests with Windows Admin Center running on top of Windows Server 2019.
Now, you probably know that I’m focussing on Azure and all its’ goodness. So what is a guy like me doing with Windows Admin Center? Well, the management of systems in the datacenter and in all sorts of cloud environments has always been my cup of tea. Ever since the start of System Center products at Microsoft, I was involved. First as a user of these products and later on, in connection with the product-teams even closely involved in the improvement of these products.
If you’re unsure on what management tool of Microsoft does what nowadays, I’d like to refer you to this excellent page in Microsoft Docs which prodivdes a brief explanation.
The first thing that will hit you is that the WAC user interface is completely different from the Microsoft Management Console (MMC’s) incorporated in Windows Server itself. But also the back-end is quite different. WAC is a web application to manage local or remote servers through a management gateway that uses PowerShell Remoting and Windows Management Instrumentation (WMI) over Windows Remote Management (WinRM). Since the gateway is a web application, administrators can connect to it from the public Internet when needed.
How to get started
Before you can start with WAC, you’ll need to download the WAC software. The software can be downloaded and used free of charge. The only thing you need is a valid and running Windows 10 or Windows Server instance. You can download WAC here.
For small-scale or demonstration deployments you could sufice with installing WAC on your favorite client operating system. For production scenarios you would typically choose between the following options:
Installation of a Gateway Server; where the WAC server is a separated management server for the environment.
Installation of a Managed Server; where the WAC servers is one of the many servers you manage with WAC.
Installation of a Failover Cluster, where the WAC service is one of the highly available services in the cluster.
More information about the choices in deployment architecture can be found here: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/plan/installation-options
Installation of Windows Admin Center
On Windows Server, Windows Admin Center is installed as a network service. You must specify the port that the service listens on, and it requires a certificate for HTTPS. The installer can create a self-signed certificate for testing, or you can provide the thumbprint of a certificate already installed on the computer. If you use the generated certificate, it will match the DNS name of the server. If you use your own certificate, make sure the name provided in the certificate matches the machine name; wildcard certificates are not supported.
Please be aware that the automatically generated certificates will expire 60 days after initial setup.
Connect to a Server
Click on a server on the All Connections screen. An overview of the server’s health is displayed by default, similar to that displayed by Task Manager. The graphs for CPU, memory, disk, and network are updated in real time and you can restart and shutdown the server.
The Settings option allows you to edit system and user environment variables, enable or disable Remote Desktop, and manage WAC Role Based Access Control Settings.
Role-Based Access Control (RBAC).
Currently, there are three access roles:
- Windows Admin Center Administrators– Allows users to view and manage most tools.
- Windows Admin Center Hyper-V-Administrators– Allows users to manage Hyper-V virtual machines and switches. Other tools are available in read-only mode.
- Windows Admin Center Readers– Allows users to view most tools but doesn’t allow them to make any changes.
There’s a list of tools on the left, which you can search. Most things you’d expect are present, including the ability to manage services, the registry, devices, files, Windows Update, virtual machines if the Hyper-V role is installed, events, Windows Firewall, network adapters, and local users and groups. The tools allow you to carry out basic tasks. For example, Services lists the services installed on the server and their status. WAC has improved greately since the initial release and now a lot of new hybrid services are available like Azure Backup, Azure Monitor, Azure Security Center and even ARC services.
Connect to Azure Services
To allow the Windows Admin Center gateway to communicate with Azure to leverage Azure Active Directory authentication for gateway access, or to create Azure resources on your behalf (for example, to protect VMs managed in Windows Admin Center using Azure Site Recovery), you will need to first register your Windows Admin Center gateway with Azure. You only need to do this once for your Windows Admin Center gateway – the setting is preserved when you update your gateway to a newer version.
Currently WAC offers a smooth, in-app experience to configure an Azure AD app for use with Azure services in WAC.
The guided in-product steps will create an Azure AD app in your directory, which allows Windows Admin Center to communicate with Azure. To view the Azure AD app that is automatically created, go to the Azure tab of Windows Admin Center settings. The View in Azure hyperlink lets you view the Azure AD app in the Azure portal.
The Azure AD app created is used for all points of Azure integration in Windows Admin Center, including Azure AD authentication to the gateway.
Windows Admin Center automatically configures the permissions needed to create and manage Azure resources on your behalf:
Azure Active Directory Graph
Azure Service Management
And there you have it, your Windows Admin Center, running on your HPE Proliant DL380 Gen9, is connected to Azure, and you can start using one of the many rich services in Azure like; Azure Site Recovery, Azure Backup, Azure Monitor, Azure Policy through Azure Arc for servers, Azure File Sync or even Azure Security Center.
In a next blog I’ll highlight these services and getting them up and running to extend your on-premises estate into Azure.
Additional reading material:
Windows Admin Product pages
Getting started with Windows Admin Center Video: https://youtu.be/WCWxAp27ERk
Run WAC on Windows Server Core
How to Install the Windows Admin Center in Server Core