How to Manage Azure VMs running Windows Server using the Windows
Admin Center.
How to Manage Azure VMs running
Windows Server using the Windows Admin Center.
The Windows Admin
Center (WAC) is a web portal for managing local or remote servers via a gateway
that uses PowerShell Remoting and Windows Management Instrumentation (WMI) over
WinRM. WAC will eventually replace Server Manager, and going forwards, is where
Microsoft will make future investments in Windows Server GUI management.
WAC gateways can be
installed on Windows Server 2016, Windows Server version 1709, Windows Server
2019, and Windows 10. WAC can manage Windows Server 2019, Windows Server 2016,
Windows Server 2012 R2, and Windows Server 2012. It can also manage Hyper-V
Server, Azure VMs, Azure Backup, highly-converged infrastructures (HCI), and
more.
Managing Azure VMs using WAC
There are three ways
Azure VMs can be managed using WAC. The first and easiest is to install WAC on
a local device and connect it directly to an Azure VM’s public IP address. If
your Azure VMs don’t have public IP addresses, you can either set up a VPN
between your cloud VNET and the network where the WAC gateway is installed or
set up a WAC gateway on a VM connected directly to your Azure VNET.
Whichever method you
choose, you’ll will need to manually enable Windows Remote Management (WinRM)
on any Azure VMs you want to manage. WinRM is enabled by default in Windows
Server but disabled in the gallery images used to deploy Windows Server in
Azure. Windows Firewall needs to be configured with an inbound rule to allow
port 5985 for WinRM over HTTP. Secondly, depending on how you provision your
Azure VMs, you will need to ensure that Azure networking allows inbound traffic
on port 5985.
Set Up Windows Remote Management
·
Log in to the Azure virtual machine
with an administrator account.
·
Open a PowerShell window.
·
Run the two commands shown below and
when prompted, type y and press ENTER to make
changes to LocalAccountTokenFilterPolicy.
PowerShell
1 |
winrm quickconfig |
PowerShell
1 |
Set-NetFirewallRule
-Name WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress Any |
The first command
enables Windows Remote Management. The second command makes sure that there is
an inbound Windows Firewall rule for WinRM over HTTP.
n the Azure management
portal, let’s make sure that Azure networking in configured to allow WinRM over
HTTP to the virtual machine.
·
In
the Azure management portal, click Virtual machines in the list of
services on the left.
·
In
the Virtual machines panel,
click the virtual machine you want to manage using WAC.
·
In
the VM panel, click Networking on
the left.
·
Under
INBOUND PORT RULES, click Add
inbound port rule.
·
In
the Add inbound security
rule panel, type 5985 in
the Destination port
ranges box. In the Name field,
type WinRM_HTTP and
then click Add.
·
The
new rule will appear in the list of inbound security rules.
Connect WAC to Azure
VM
Now that the virtual machine and Azure networking have been
configured, let’s connect WAC to the Azure VM.
·
Connect to Windows Admin Center..
·
On the Windows Admin Center screen,
click + Add under All Connections.
·
In the Add Connections panel,
click Add Server Connection.
·
On the Add Server Connection screen,
type the public IP address of the Azure VM you want to manage.
·
Under
Credentials Needed, check Use
another account for this connection.
·
Enter
the administrator credentials for your Azure VM and then click Submit with Credentials.
·
If
you get a warning that the server was not automatically discovered, proceed by
clicking Submit.
·
The
Azure VM will now appear in the list of server connections in WAC. To manage
the server, click the Azure VM in the list and WAC will connect.
Connect Windows Admin Center to an Azure virtual machine
(Image Credit: Russell Smith)
In this article, I showed you how to add an Azure VM to WAC
using the VM’s public IP address. In a production environment, I would prefer
to connect the WAC gateway to the Azure VNET using a VPN or place the gateway
on an Azure VM.
0 comments:
Post a Comment