Q&A
Embrace the GUI... Sometimes
The GUI, for all its faults, still has a place in IT. Infrastructure pro Greg Altman breaks down when you should rely on the GUI and what the future holds for server management.
PowerShell is not always the answer. Especially when it comes to how you manage your server tools. While the GUI does provide its own set of headaches, especially when it comes to security, IT should not shy away from embracing its strengths when it comes to server management.
Nobody knows this better than Greg Altman, who has spent over three decades living and breathing server management. Ahead of his Upcoming TechMentor session, titled "Long Live the Server GUI," Altman breaks down what the GUI can do for IT, what it should be used for and what server management trends he sees coming around the bend.
And to get more valuable insight from Altman, you're not going to want to miss out on attending this year's TechMentor conference on the Microsoft headquarters in Redmond, Wash. Aug. 5-9. Register by June 7 to take advantage of early bird pricing to save $400.
Redmond: Your abstract advises folks to "stop using RDP [remote desktop protocol] to manage servers." For the unconvinced, what’s the worst worst-case-scenario you’ve seen related to using RDP for server management?
Altman: The biggest problem with relying upon RDP to manage servers doesn't lie in the RDP protocol itself. Rather the largest danger lies in the difficulty in properly securing systems if RDP is allowed from outside. Even if restricted to internal use only, there have been dozens of instances where attackers were able to move laterally from a compromised machine utilizing RDP as a transit method. That said, the real problem isn't RDP, it's the graphical user interface (GUI) that most are using RDP to connect to. In 2023 there were over forty security updates to Microsoft Edge alone. Server core has no GUI, and therefore these types of vulnerabilities are moot.
Are server GUIs underappreciated? What kinds of GUI technology advances have you seen in recent years that IT pros should start paying attention to (and appreciating)?
GUIs on the server are far from underappreciated. The overreliance upon Windows Server Desktop Experience weakens the security posture of the enterprise by increasing the attack surface rather than reducing it. I suggest moving the GUI from the server, where it's only a liability, to the desktop/client machine. The major technology advances to be able to reap the ease of use and discoverability of a GUI, while reducing attack surface are things like Windows Admin Center, Remote Server Administration Tools, Azure Arc, etc.
In what scenarios do you find a GUI to be indispensable for server management? On the flip side, are there specific situations where a command-line interface is still the better choice?
A GUI interface (to the server, not on the server) is a great way to discover and accomplish an occasional operation on one server. PowerShell allows an IT pro to script actions in a repeatable fashion and then scale those operations to thousands of servers if needed. Simply put, GUI operations are good for exploring and single actions, while scripting PowerShell is good for speed and scale. Of course, there is still software that requires installation on a server with a GUI installed.
"I suggest moving the GUI from the server, where it's only a liability, to the desktop/client machine."
Greg Altman
What are the main advantages of maintaining a GUI in server environments, especially when trends might be leaning towards headless setups?
These is no advantage of installing a GUI on a server, but a great advantage to maintaining GUI tools installed on client desktops/laptops. A GUI is of tremendous help to someone who is either unfamiliar with the task to be done or unfamiliar with the scripting tools needed to automate and scale the operations. I personally use a GUI all the time for exploration and discovery. Then if I'm going to need to do an operation more than once or twice, I learn how to script it in order to not have to log into hundreds of servers to click "next, next, finish" on each one.
When it comes to server management broadly, are there any trends or developments that you think will be game-changers for admins? Where does AI fit in?
I think the main thing coming around is the increased integration of hybrid cloud. Hybrid isn't just a matter of some data or servers in the cloud and some on-prem. The management of infrastructure is becoming more and more intertwined between the two environments. Today it is fairly easy and inexpensive to use the same tools to manage your servers on prem and cloud services with the same sets of tools. An issue that comes up with this is the overwhelming amount of diagnostic data that can be generated in such a hybrid environment. That's a short-term place where AI could really be of assistance. Imagine a "bot" that watched all the event logs of every server and every cloud service in your environment and not just filtered out the background nice but actually could be taught how to handle different events. We have the beginnings of this today, and I only see it accelerating.