Updated – 19/04/2018 – Added [Manage Storage Spaces Direct in Windows Server 2016 with Windows Admin Center]
Contents of this Article
The day has come… After almost a year of private and public previews, Windows Admin Center (formerly known as Microsoft Project ‘Honolulu’) is now generally available for production use.
In the unlikely event that you have not heard about Microsoft Project ‘Honolulu’ unless you are laying on the beach in Honolulu without Internet access :-)
Windows Admin Center is the final official name of Project ‘Honolulu’. Windows Admin Center is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management and maintenance for Windows Server, Windows Client, Hyper-Converged Infrastructure, and Microsoft Hyper-V Server.
What is new in Windows Admin Center GA release
If you’ve already started evaluating Windows Admin Center, then you are good to go. If not, then head to the getting started guide here to kick off the tires.
I’ll point out some of the important updates in Windows Admin Center in the GA release.
Using Remote Desktop over HTML5
One of the most requested features on Windows Admin Center UserVoice is integrating RDP, and that any Windows Server admin is using over the past decade. Microsoft is using RDP over HTML5 with Windows Admin Center. Now using Windows Core (headless server) becomes easier to be managed.
Using PowerShell over HTML5
One of the other top requested features is adding PowerShell. Using the same tool, you can get under the hood and bring up a full command line in PowerShell session over HTML5. This is just awesome! I should also point out, that you have full Intellisense as well, you can type any PowerShell command followed by the TAB key.
Manage Hyper-Converged Infrastructure (HCI)
Managing Storage Spaces Direct (HCI Cluster) has never been easier with Windows Admin Center. The latest enhancements that have been added are as follows:
- Monitoring storage job progress. You can see the storage jobs like rebalancing the storage pool. You can also see the status of each volume that is in service mode like repair or resync jobs.
- Deduplication and compression. You can enable data deduplication and compression for each volume, or you can do the same when you create a new volume.
- UI experience enhancement when connecting to a Hyper-Converged Cluster.
- More enhancement on the inventory grid. You can see the uptime for each server, you can group drives by server or you can search for a specific drive, model or serial number.
To manage your cluster as Hyper-Converged Infrastructure in Windows Admin Center, it needs to be running a preview build of Windows Server 2019 and have Hyper-V and Storage Spaces Direct enabled.
Microsoft also added support to manage Storage Spaces Direct in Windows Server 2016 with Windows Admin Center. For this to work, you need to install the April 17th 2018-04 Cumulative Update for Windows Server 2016, KB4093120, on every server in your Storage Spaces Direct cluster. The Hyper-Converged Infrastructure experience depends on new management APIs that are added in this update. Check the announcement here to get started.
Manage remote client PCs
Managing remote client PCs (Windows 10) is also a brand new feature in Honolulu. So instead of Server Manager, you select Computer Management. And just like you do for servers, you could simply add a computer by typing in the name, add an IP address, or import a list of client names using text file. You can see, I still have a rich set of features. I can see an overview of the system, certificates, devices, events, firewall configuration, and so much more.
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) allows you to configure three role configurations:
- Windows Admin Center Administrators: Allows users to view and manage most tools. Use this role when you want to let a user manage an entire server, but only through Honolulu. Users in this role will not be granted direct access to the server with WinRM or Remote Desktop.
- Windows Admin Center Hyper-V-Administrators: Allows users to manage Hyper-V virtual machines and switches. Other tools are available in read-only mode.
- Windows Admin Center Readers: Allows users to view most tools but does not allow them to make any changes.
After connecting to a managed node, navigate to Settings from the server Overview, then choose the Role-Based Access Control tab. This page will display the current status of the RBAC configuration, an overview of what RBAC does, and the option to apply or remove the RBAC configuration on the machine. Please note that when changing the role based access control configuration on the target node will restart WinRM. This may interrupt other users who are using PowerShell remoting or WMI to manage this computer.
Once the RBAC configuration is deployed to the target node, you can add non-administrator accounts to the local groups that correspond to the role configurations mentioned above. So when connecting as those users, access will be restricted to their role.
Under the hood, when you choose to apply the RBAC configuration to the target node, it leverages Desired State Configuration (DSC) to configure the target node. Under the hood, DSC is setting up a PowerShell Just Enough Administration (JEA) endpoint with three roles: Windows Admin Center Administrators, Windows Admin Center Hyper-V-Administrators, and Windows Admin Center Readers.
Make Windows Admin Center highly available
You can deploy Windows Admin Center in a failover cluster to provide high availability of your Admin Center gateway service. The solution provided is an active-passive solution, where only one instance of Admin Center is active. If one of the nodes in the cluster fails, Windows Admin Center gracefully fails over to another node, letting you continue managing the servers in your environment seamlessly. Some of the prerequisites to consider before you start the installation:
- You need a Failover Cluster of 2 or more nodes on Windows Server 2016.
- You need a Cluster Shared Volume (CSV) for Windows Admin Center to store persistent data that can be accessed by all the nodes in the cluster. 10 GB should be sufficient for your CSV.
- You need High-availability deployment scripts from Windows Admin Center HA Setup Scripts zip file. You can download the .zip file containing these scripts to a node on the cluster or to your local machine.
- Recommended, but optional: a signed certificate .pfx and password. You do not need to have already installed the certificate on to the cluster nodes – the script will do that for you. If you do not supply one, the installation script will generate a self-signed certificate, which expires after 90 days.
For more information about deploying Windows Admin Center in HA mode, please check the following article.
Microsoft also have added Azure Active Directory (AAD) based access control. Using AAD identities, you can configure conditional access policies that require Multi-Factor authentication, device compliance, and more. You can find instructions to configure this in the Azure Active Directory section of the Gateway access documentation here.
To set up AAD, you must first connect your gateway to Azure by downloading New-AadApp PowerShell script. This step creates an AAD application, from which you can manage gateway user and gateway administrator access.
Please note that access control management only applies when you are running Windows Admin Center as a service on Windows Server and not on Windows Client.
Microsoft Windows Admin Center is the future of remote server management experience. This is a great step by Microsoft for on-premises environment and for Azure to have a single pane of glass for managing our servers wherever they are. This means that Server Core will be the recommended choice for hosting virtual machines, infrastructure workloads as well as for containers. Windows Admin Center will help to manage and configure Server Core installations and drastically remove the need to logon locally on every server. We don’t need a GUI on every single server anymore.
This is the first GA release of Microsoft Windows Admin Center and there are still a lot of features that will be added along the way. Meanwhile, you can download the GA release today for free at http://aka.ms/WACDownload, check the complete documentation here and share your feedback on User Voice Windows Admin Center.
Until then… Stay tuned!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.