In this article I explain how you how you can (remotely and securely) manage your on-premises Hyper- V hosts, including Nano Server, from Azure’s (remote) server management tools, on Windows 7, Macs, and even non-Windows tablets.
How would you manage servers today? Unfortunately, I expect that most of you will say “I log into the server and …”. Although I remain an advocate for a GUI on Windows Server (mainly for troubleshooting reasons), I still prefer working remotely. The best way to manage a server is to use the Remote Server Administration Toolkit (RSAT), a set of tools that you would normally get on a server, but can be installed on your PC.
That sounds perfect until you enter the real world. Most enterprises seem to adopt, not necessarily for widespread usage, newer versions of Windows Server faster than they deploy client OSs. This is often because there are some services that require a newer OS. The business might demand the latest CRM application, which requires Windows Server 2016 (WS2016). Some new ERP solutions might take advantage of a performance feature in WS2016. Or maybe you’ve opted to deploy WS2016 Hyper-V because of Nano Server, security, administration, operational, scalability, or management features? While that doesn’t force you to upgrade the guest OSs of your virtual machines, you might have been forced to look at your PCs. To manage Nano Server at all, or any other Windows Server installation type from your PC, you need to install RSAT on your PC. But RSAT is only ever designed to be installed on the matching desktop OS. For example:
How many organizations do you think have deployed anything newer than Windows 7, even with the since-ended free upgrade to Windows 10? Not that many. And while some IT departments might be free to do limited upgrades for themselves, I’d wager that many more are limited by how they are licensed or by internal company policies (for example, “you use what you support”).
You cannot expect to work around the problem by using an older version of the administration tools with a newer version of the Windows Server OS.
Two workarounds were commonly used:
What if there was a solution that offered some of the benefits of the RDS option, such as centralized installation administration tools, always up-to-date versions, security, remote accessibility, and with the ability to use many kinds of devices … or browsers.
Microsoft first started to talk about the Server Management Tools (in preview at the time of writing) in Azure back at Ignite 2015. The company first pitched the tools as a way to get a GUI experience for Nano Server, but that wasn’t quite correct because the solution, like RSAT, manages all kinds of on-premises Windows Server installations.
The solution offers you a set of GUI tools for server administration that run in your browser, via the Azure Portal. This means that to use the solution to manage Windows Serve 2016, including Nano Server:
The Azure Portal is a web service, so administrators can sign in from anywhere to manage your on-premises servers. If you have configured Azure AD with either Azure AD Connect or ADFS, then you will also have single sign-on. You can further secure this remote access using conditional multi-factor authentication (MFA), a feature of Azure AD Premium.
The system, from the customer perspective, is actually pretty simple. We deploy a Server Management Tools gateway onto a Windows Server 2016 server that is running on-premises. This will act as a proxy for discovering machines on our network and for funneling traffic to/from the management tools running in Azure.
A connection is created in Azure for each on-premises server that we want to manage; the server must be accessible to the gateway via IPv4/IPv6 address or DNS name. Credentials to manage the server must be either:
I’ll explain how you can deploy this solution in a later post. For you Hyper-V administrators, there’s some good news. As with all good cloud services, Microsoft is continually adding features to the Server Management Tools. One of these additions was a Hyper-V console – Yay! We finally get a new Hyper-V management tool … sort of. But at least we get a great new way to manage those brand new WS2016 hosts from anywhere, and lack of Windows 10 deployments is no longer a blocker for adopting the most secure hypervisor and private cloud platform that is commercially available.