In-Depth

Azure Delivers with Remote Server Management Tools

How to configure and administer Windows Server 2016, including the Nano configuration, with Microsoft's forthcoming Azure-based Remote Server Management Tools option.

• By Paul Ferrill
• 06/03/2016

Microsoft recently released Remote Server Management Tools (RSMT) for Azure to the general public for preview after a private beta period. With this tool, you can remotely manage any Windows Server 2016 system from the Azure cloud, including any Nano Server instances.

This tool will be especially important for the Nano Server configuration option, as it's the only graphical management interface to a Nano Server and has been demonstrated by Microsoft at multiple events. IT pros can choose to use the PowerShell Desired State Configuration (DSC) to create configuration scripts (see "How To Use PowerShell's Desired State Configuration To Configure Nano Server"). Remote management is the other option.

When implementing RSMT, connection to the on-premises machine uses a gateway service that must be installed on a Windows Server 2016 system. It's best if this machine is domain-joined, but you can make it work on a non-domain-joined system. Once the gateway service connection has been authen­ticated you gain access to any other machine running Windows Server 2016 on the internal network. Microsoft hasn't stated publicly if this capability will be made available on earlier versions of Windows Server.

The basic monitoring dashboard presents a number of graphical charts, including CPU performance, memory utilization, network adapter status and disk metrics. Clicking on an item such as a specific NIC brings up an additional dialog with more information, including a performance graph and specific details such as IPv4 and IPv6 addresses, DNS name, and connection type. Each item or tile on the dashboard is customizable and includes rearranging the position and size of each one.

Installation
You'll need an Azure account if you want to give this a try for yourself. Getting everything set up is relatively painless. To run the preview, it requires a Windows Server 2016 TP4 or higher system to serve as the gateway machine between your local system and the Azure service. Using the Azure menu with the two Server Management Tools items, choosing the first one, "Server management tools connection" (see Figure 1), will present a dialog box.

The computer name field should be either the fully qualified domain name of the target server or an IP address on your local network. If this is the first managed machine, you'll need to click on the blue "Or create new" text under the Server management tools gateway field. This will generate a download package containing an MSI file and a JSON file with connection details. The MSI must be executed on the machine that will act as the gateway server between your local network and Azure. When this completes, you should be able to connect to the machine from the Azure Management Portal.

If you need to manage non-domain-joined machines such as a virtual Nano Server, you'll need to enter an additional command for that machine to trust that specific IP address. To do this, open a command prompt and type the following, substituting the machine's IP address for <<IP address>>:

winrm set winrm/config/client @{ TrustedHosts="<<IP address>>" }

You'll need to make a registry change on the target system if you want to connect to the target machine using a local administrator account with the following command:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccount­TokenFilterPolicy /t REG_DWORD /d 1

The last thing you'll need to do if you want to connect to a machine on a different subnet is create a new firewall rule with this command:

NETSH advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

That should be everything you need to do directly on the target and gateway machines to get started with remote management.

Management Options
This release of the RSMT provides quite a few of your favorite and most frequently used management tools, plus access to the PowerShell command line. The Device Manager tool presents a list of all devices in a list form, including any devices requiring attention. Clicking on an individual device displays pertinent information and gives you the option to enable or disable the device or see more information that would normally be found on the details page for that item. You can't update the driver from this page at this time.

The Event Viewer tool presents all of the event logs and gives you the ability to drill down into specific logs, plus the ability to filter on any of the column headings from the event list. The Process tool shows a list of all running processes and gives you the power to end a process, assuming you've connected to the machine as an administrator. The Registry Editor tool gives you full access to the system registry with search, add, modify and rename functionality. You can't export or import entries from Azure in this preview version.

The PowerShell tool gives you a full-up command-line remote session to the remote system. This makes it possible to do a lot of things you can't do straight from the Azure Management Portal that you can do on the local machine. Roles and features can be viewed but not modified. You can install a role or feature using the PowerShell tool (see Figure 2). Here is where the Hyper-V role is installed using a PowerShell command. You can also restart the system from PowerShell.

Creating and editing PowerShell scripts is possible from the Script Editor tool. Output from the script will be displayed in the PowerShell window. In the version I tested there's no way to save or load scripts, although you can cut and paste from your local machine. You don't get any IntelliSense help or tab completion in the editor, but the remote command line does support tab completion. While it's not the full-featured PowerShell Integrated Scripting Editor (ISE), it does make it possible to run an entire script or selected lines.

Bottom Line
These new Azure-based management tools add to Microsoft's ammunition aiming at turning servers into headless platforms where you control everything from a remote console. It's obvi­ous that you can't do everything you would do if connected locally, but with the PowerShell console you can do a lot. It's only a matter of time before Microsoft implements the full set of management features, and you'll never have to log on to a server locally again. At least that's what Microsoft would like you to do.