The Windows Admin Center (WAC) is a web portal for managing local or remote servers via a gateway that uses PowerShell Remoting and Windows Management Instrumentation (WMI) over WinRM. WAC will eventually replace Server Manager, and going forwards, is where Microsoft will make future investments in Windows Server GUI management.
WAC gateways can be installed on Windows Server 2016, Windows Server version 1709, Windows Server 2019, and Windows 10. WAC can manage Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. It can also manage Hyper-V Server, Azure VMs, Azure Backup, highly-converged infrastructures (HCI), and more.
For more information on WAC and how to install it, see Getting Started with the Windows Admin Center and How to Install the Windows Admin Center in Server Core on Petri.
There are three ways Azure VMs can be managed using WAC. The first and easiest is to install WAC on a local device and connect it directly to an Azure VM’s public IP address. If your Azure VMs don’t have public IP addresses, you can either set up a VPN between your cloud VNET and the network where the WAC gateway is installed or set up a WAC gateway on a VM connected directly to your Azure VNET.
Whichever method you choose, you’ll will need to manually enable Windows Remote Management (WinRM) on any Azure VMs you want to manage. WinRM is enabled by default in Windows Server but disabled in the gallery images used to deploy Windows Server in Azure. Windows Firewall needs to be configured with an inbound rule to allow port 5985 for WinRM over HTTP. Secondly, depending on how you provision your Azure VMs, you will need to ensure that Azure networking allows inbound traffic on port 5985.
Let’s start by enabling WinRM in an Azure VM. If you don’t already have an Azure subscription and virtual machine, take a look at Create a Virtual Machine in the Azure Cloud on Petri.
Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress Any
The first command enables Windows Remote Management. The second command makes sure that there is an inbound Windows Firewall rule for WinRM over HTTP.
In the Azure management portal, let’s make sure that Azure networking in configured to allow WinRM over HTTP to the virtual machine.
Now that the virtual machine and Azure networking have been configured, let’s connect WAC to the Azure VM.
In this article, I showed you how to add an Azure VM to WAC using the VM’s public IP address. In a production environment, I would prefer to connect the WAC gateway to the Azure VNET using a VPN or place the gateway on an Azure VM.