Get in touch with us!

Secure server 2016 management with Azure server management tools!

Soon it’s time for Server 2016 and next-generation server management is here! With nanoserver and server-core, where we do not have a GUI, this is perfect. Server Mananagement tools include a web GUI where we can control such as services and processes. And we also get a powershell CLI from the Azure portal.

Right now it only works with server 2016, I’m not sure if server 2012 will get support later, time will tell. But it would be very nice if that was the case.

 

Prerequisite (Important!)

  • At least two servers, at least one must be running server 2016.
  • Make sure firewall is open for winrm over https, port 5986 usually .
  • A WinRM https listner is created.
  • Understanding of certificate-based authentication with WinRM.
    • In production, we use a PKI, the lab is fine with self-signed cert.

 

So how does it work, here is a simple overview.

Simple-overview

A SMTG server is usually installed on the same local network as those servers it will manage. It is also possible to add the server in a DMZ if you want, but remember that WinRM must operate over https. This server can also be version 2012 R2 but WMF 5.0 or higher must be installed.

You cannot manage the SMTG-server via the Azure portal.

 

How to set it up? Easy.

 
#Login to Azure
Login-AzureRmAccount

#Create a new resourcegroup or use existing
$location = "West Europe"
$resourcegroupname = "slask-servermgmt"
New-AzureRmResourceGroup -Name $resourcegroupname -Location $location

#Gatewayname can be called anything
$gatewayname = "myvmgateway01.slask.zone"

#Create your gateway
$vmgateway = New-AzureRmServerManagementGateway -ResourceGroupName $resourcegroupname -GatewayName $gatewayname -Location $location -AutoUpgrade

Unfortunately I have not found any command to download the gatewayservice.msi. Go to the portal and go to “Server management tools gateways”. Click on “Configuration required…” and download the installer. There will be two files inside the ZIP, “profile.json” and “gatewayservice.msi”. The json file is the unique configuration. Go ahead and install with next next finish.

GatewayService

After a few minutes the status of your vmgateway will change to OK.

Next we need to add some nodes to be managed.


#Nodes must be fqdn or ip-adress
$nodes = "dc01.slask.zone","vm01.slask.zone","vm03.slask.zone"
#Credentials that will be used to manage servers, make user these credentials can use winrm over https
$localcred = Get-Credential

#Add all nodes to your gateway.
$nodes.ForEach({
 New-AzureRmServerManagementNode -ResourceGroupName $resourcegroupname -GatewayName $gatewayname -Location $location -NodeName $PSItem -ComputerName $PSItem -Credential $localcred 
})

Again wait a few minutes and you servers should start to show up. You now have a great place to perform some basic diagnostics.

Vm03

Worth thinking about, this service is currently in preview. Features might be removed or added in the future.

Best regards!

Submit a Comment

Your email address will not be published. Required fields are marked *