In this article, I will share with you how to natively manage Windows Server VMs in the Azure Portal with the new Windows Admin Center extension.
Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform, and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…
Windows Admin Center is not only for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs, but it also lets you connect your Windows Server to Azure hybrid services whether they are running on-premises or in a different cloud provider. There are many more hybrid services for Windows Server, which you can leverage with Windows Admin Center.
- Azure Backup
- Azure File Sync
- Azure Network Adapter
- Azure Site Recovery
- Azure Security Center
- Azure ARC
- And much more…
At Microsoft Ignite 2020 this week, Microsoft announced a new way to natively manage your Windows Server IaaS virtual machines from within the Azure Portal with Windows Admin Center. This is a great capability, which will provide you with granular management, configuration, troubleshooting, and maintenance functionality for managing your Windows Server VMs in the Azure Portal directly without the need to RDP into the VM.
To follow this article, you need to have the following prerequisites:
- Azure subscription. If you don’t have an Azure subscription, you can create a free one here.
- Windows Server 2016 or Windows Server 2019 Azure virtual machine. If you don’t have a virtual machine, you can follow this quick start guide to create a new Windows Server virtual machine in the Azure Portal.
- Please note that the VM you create in Azure must have at least 3 GiB of RAM or more. This is a requirement for the Windows Admin Center extension to work properly.
- At the time of this writing, you need to request access from Microsoft by filling the following preview form to try this new management experience.
Install Windows Admin Center extension
Log in to the Azure Portal and take the following steps:
- Select the desired Windows Server virtual machine where you want to install the new extension, and then navigate to the “Windows Admin Center (preview)” tab on the left-hand side of the VM under Settings.
- In the Windows Admin Center page, select a public inbound port through which Windows Admin Center will communicate to the VM (you can choose a different port if you want), and then click the Install button. For security precautions, do NOT select ‘open this port for me‘ which is only recommended for testing purposes, because if you let Azure configure this port for you in the Network Security Group, the port will be open to any source with the highest priority which you don’t want to do for production VMs.
- The installation of the extension will take a couple of minutes to complete, once the installation is completed, you want to navigate to the ‘Networking‘ tab of the VM and add a new inbound security rule with the port you specified in the previous step. Here is an example of what the inbound rule settings look like. At the time of this writing, you need to set the Source* to Any. Microsoft is actively working on limiting the access to Windows Admin Center service only so that the Source doesn’t have to be set to Any. Stay Tuned!
Connect to Windows Admin Center in Azure
Once the inbound security rule is added, you can take the following steps:
- Switch back to the “Windows Admin Center (preview)” tab on the left-hand side of the VM under Settings. Then click on the “Connect to Windows Admin Center“. The connection will take around one minute, as part of the connection process, Microsoft periodically renews your Windows Admin Center certificate for security purposes.
- Then you will be asked to enter your VM’s local administrator credentials. Enter the username and password and click ‘Sign in‘.
- Once the credentials are entered, Windows Admin Center will start loading which might take up to 1 minute. The first load time might be a little longer, however, any subsequent load will be just a few seconds.
If you are familiar with Windows Admin Center UI experience, it looks and feels exactly the same. Consistency is Key! Here is a screenshot accessing my Azure VM through Windows Admin Center natively in the Azure Portal, VM blade.
That’s it there you have it!
How it works…
When you install the Windows Admin Center extension from the Azure Portal, it installs a lightweight .msi package on your Windows Server Azure VM. The extension manages your server using Remote PowerShell and WMI over WinRM.
By opening an inbound security port to the internet, you can access the UI of the Windows Admin Center directly from the Azure Portal directly. This will eliminate the need to install the Windows Admin Center in a dedicated VM in Azure to manage your servers, so less VM is always great to reduce cost.
What about the Azure Bastion management service where you can privately and fully manage RDP and SSH access to your virtual machines?
Windows Admin Center extension does not interact with or impact Azure Bastion in any way. Windows Admin Center has to be deployed on a per-VM basis and requires a public IP address, while Azure Bastion works on Private IPs for all VMs that are part of a single virtual network. Additionally, Azure Bastion is not free and it’s billed per hour, however, Windows Admin Center is free! You have a lot of flexibility and options here.
In this article, I showed you how to get started managing your Windows Servers IaaS VMs in the Azure Portal natively. This will help you reduce the need to Remote Desktop (RDP) into your Azure VM for management. The new Windows Admin Center IaaS extension in Azure will provide you tools that you are already familiar with, such as Device Manager, Task Manager, Windows Firewall, Hyper-V Manager, and most other MMC tools.
At the time of this writing, the Windows Admin Center extension in the Azure Portal is in public preview V1. I would expect further enhancement and additional features to be added in the near future.
Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of Windows servers with or without GUI remotely, very easy, especially for “day-to-day activities” without the need to login into your Azure VM for management, and without complex installation.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.