Save to My DOJO
For most IT professionals, managing servers is something that is done quite regularly on a day-to-day basis. Core services run on servers and without proper management things can become messy quite quickly. Thankfully we’ve had the Microsoft Management Console (MMC) to handle this historically. However, MMC is going on 20 years old now, and the toolset is much the same as it was 20 years ago. With the industry moving to more of a web-based management model, MMC is really starting to show its age. This is where Windows Admin Center comes in.
What is Windows Admin Center?
For those that aren’t aware, Windows Admin Center is the new preferred server management tool from Microsoft. Windows Admin Center provides a modern-day UI for management of our most critical workloads. I like to describe it as something like server manager from Windows Server 2012-2016 on steroids. It’s not the same tool, but a reimagining of it.
With that said, one common concern that often comes up when I’m talking about WAC is what about MMC? Is MMC going to go away? As of the time of this writing, the answer is no. The old tools like MMC will continue to be supported and available. However, all the new functionality will be developed for WAC and not MMC. So over time, I could see MMC going away, but personally, I don’t see that happening for at least 3-5 years.
Building on what we’ve discussed so far, let’s take a little bit of time to cover 5 ways – in no particular order – that Windows Admin Center makes server management a breeze.
1. Web-Based Management
Windows Admin Center is 100% web-based, and the goal from Microsoft is to make it fully HTML5 compatible. While I’ll say it’s nearly there today, there is still some weirdness with non-edge browsers. So, if you’re using chrome/firefox, your mileage may vary. In any case, it’s not hard to launch edge to make sure you have a flawless experience with this new tool, and as soon as you open it for the first time the benefits become quite apparent. As you can see in figure 1 below, all of the various management tools and settings you’re used to seeing are all in one place. If you drill down into the server overview screen on a particular server, you have access to things like regedit, event viewer, and more. This web-based approach ensures access to server management from any device at any time. It’s a big win to be sure.
Figure 1: Windows Admin Center Stand-Alone Server Management
2. Centralized Server/Object Repository
Another huge benefit of this tool is the centralized management of all your Windows Server and Failover Cluster resources. As shown below in figure 2, WAC can pool all of your servers into a single list. Making management of each item just a single click away. Again, this pertains not only to stand-alone Windows Server instances, but also failover clusters, Hypeconverged-Failover Clusters, and event endpoints! Additionally, any or all of the items you add to the list can belong to different domains or workgroups. You simply input the credentials for each object when prompted.
Figure 2: List of all added resources for WAC to manage
3. Azure Integrations
Hybrid cloud is a huge part of Microsoft’s long-term strategy. It’s generally known in the industry that most organizations aren’t going to move cold-turkey to the cloud. Most will adopt a hybrid approach in that some resources live in the public cloud, while some remain on-premises. Windows Admin Center was designed to manage this strategy by including access to things within the UI like management of the Azure Network Adapter. Additionally, update management in WAC has been paid with services in Azure to allow for a more holistic approach to patching. Expect to see much more in this space as WAC continues to grow and evolve.
4. Hyper-Converged Infrastructure Management
Hyper-Converged Infrastructure (or simply HCI) has been the new infrastructure trend in the industry. The idea of HCI is simply the concept of clustering storage and compute within the same server chassis using cheap commodity hardware. Microsoft has enabled this deployment model with Windows Server through Storage Spaces Direct (Called S2D by some). The problem that S2D has had in the past is that there hasn’t been a great management story surrounding it. Historically the solution has needed to be managed via PowerShell, and many IT Pros have been hesitant to adopt a solution without some sort of GUI management platform. Again, WAC to the rescue.
With WAC in place, we now have a management UI for S2D. Within the WAC UI, you’ll see several references to “Hyper-Converged Cluster Manager”. Hyper-Converged Cluster Manager (As shown in figure 3 below) provides much of the monitoring for the HCI cluster itself along with management of the VMs and storage that live on top of it. While there are still some things missing, like the ability to setup S2D clusters with WAC, it’s a HUGE step in the right direction. With WAC, Storage Spaces Direct is very much starting to feel like it’s ready for prime-time.
Figure 3: HCI Management with Windows Admin Center
Finally, the last area we’ll talk about today is extensibility. Microsoft has made Windows Admin Center in a way that allows 3rd party vendors to create extensions. This allows you to extend the functionality of WAC to potentially encompass all of your infrastructures. For example, vendors like DataOn and Fujitsu have made storage related add-ons for WAC when their hardware is in play, and others are actively developing extensions for their own technologies.
Microsoft has released an SDK, so any interested party can make their own WAC extension.
Learn More about Windows Admin Center
Microsoft Cloud and Datacenter Management MVP, Eric Siron, has compiled this fantastic free eBook on Windows Admin Center covering installation, UI, security, extensions, and more. This eBook is over 80 pages long and is a complete guide to working with the tool.
Download your free copy of the eBook How to Get the Most Out of Windows Admin Center
In addition to the free eBook, we also have a webinar session for you to watch which shows exactly how the core features of Windows Admin Center work. The webinar and eBook have been designed to complement each other so if you’re looking for a complete understanding of everything Windows Admin Center, be sure to check out both of these great resources.
Watch the on-demand webinar How to Manage Windows Server Like a Boss with Windows Admin Center
During the webinar, we received a ton of great questions about Windows Admin Center. Here is a complete list of the questions and answers from the event.
Note: if you’re looking for your specific question and don’t see it here, it’s probably because there was a similar question asked so duplicates have been removed. However, if you’re not satisfied with this, feel free to post your question in the comments box below and either Eric or I will get back to you!
|I would like to know how to set up containers in Windows Server 2019 Core||Take a look at our series on containers on our MSP blog. While it looks at containers from the standpoint of an Managed Service Provider (MSP), it will give you a nice overview of how things work and how to get started|
|We are currently using WAC and I had heard MS is saying it is the replacement for Server Manager….whats your take on that?||I would say that’s a correct statement. You can think of WAC as server manager on steroids. It provides some of the same functionality as server manager, but with so much more.|
|Can I use this to Manage X Workgroup/Domain System?||Yes, you can use WAC to manage servers in the current domain, different domains, or workgroups even. Be advised though you may experience more authentication prompts.|
|Have there been any improvements in the HTML5 RDP sessions through WAC?||It’s still a basic console with limited functionality. Though after the server is set up, there is little that cannot be done with remote management.|
|Is it possible to manage servers not only in the local network but also from customers over the internet? If yes, what requirements are needed (Firewall ports, etc)||You could, but I would only do so over a VPN tunnel. You don’t want management traffic traversing the public internet.|
|is it best practice to install this on a (domain joined) management server, or can you just install it on one of the DC’s?[||You’ll get a warning if you try to install WAC on a domain controller. This is because the installer modifies the system’s TrustedHosts setting, which you want to avoid doing on a DC. Install it on a management server or run it from an endpoint in the environment.|
|Can I Install this on a Domain Controller?||No|
|Does WAC Support SMB3?||The version we demoed in the webinar (1903) does not, however, 1904 has been released and does have support for SMB storage baked in.|
|Is it possible to delegate management rights? For example, if we want that 2 Users only manage Hyper-V Machines||On the Settings item for a Hyper-V host, you will find a “Role-Based Access” tab. There, you can add members to the “Windows Admin Center Hyper-V-Administrators” role. Members of this group can manage all virtual machines. For more granularity, you must still use System Center VMM.|
|Will WAC Replace SCVMM?||No these tools serve different functions. WAC is designed to manage a single object at a time, while SCVMM is designed to act as more of an enterprise fabric management tool|
|Will WAC be supported in browser X?||Microsoft currently tests with Edge and Chrome, so all functionality should work in those browsers. Outside of that, most HTML5 browsers should work, but without proper testing and validation, there aren’t any promises.|
|Possible to manage Hyper-V Replica from WAC?||Windows Admin Center Cannot Currently Manage Hyper-V Replica|
|Is storage Migration Possible from WAC?||At this time, Windows Admin Center only supports intra-cluster Quick and Live Migration. It does not currently support Storage Migration or Shared Nothing Live Migration.|
|Hi, I want to use WAC somewhere centrally and then connect to 20+ customer sites and add 2 or 3 or 4 servers from each site so I can centrally manage all servers from different customers with each one their own domain. Is this possible?||I would define VPN tunnels between you’re management network and your customers. Best practices would state to not run management traffic over the public internet.|
|What Version of Windows Server can I manage with WAC?||2008 R2 and Newer|
|Is there going to be a Vmware extension for Windows Admin Center?||Unknown at this time. Microsoft has released an SDK, so theoretically, if Vmware wanted to create an extension for Windows Admin Center, they certainly could do so.|
|Is Altaro working on a WAC Extension?||We’re always evaluating the best management experience for our products. With that said, while we’re looking at this option, there isn’t anything officially on the roadmap at this time.|
|Although Microsoft recommends performing a clean-install, many still perform in-place upgrades of Windows Server. Is this a feature that could be coming to WAC?||Nothing has been announced at this time.|
|Best to Install WAC as a clustered Role or to Install it stand-alone on the target server?||Your environment will dictate this more than anything else. If you need a highly available WAC installation then, by all means, do so. However, stand-alone installation will work for the vast majority of organizations|
|I am unable to use Windows Admin Center to manage my Server 2012 R2 servers. The error mentions that I need to upgrade the version of PowerShell on my servers. Is that safe to do, especially with my DCs?[||Yes, newer versions of PowerShell are needed for WAC to work properly. Upgrading Powershell should be relatively painless, the one big gotcha to look out for is if you’re using older custom built scripts for anything. With newer versions of Powershell cmdlet names may have shifted. Also note that some PowerShell dependent services may not do well. This would include services such as Exchange|
|The older version installed without certificate now upgrade to the new version, can I add the certificate now?||Yes|
|Why don’t I see System Insights in my left-hand column in WAC?||System Insights requires Windows Server 2019|
|when connect to the target machine ( server) do we need to do some changes on the target server, for example, PowerShell executionpolicy…?||I know that you do not need to change from the default. Any scripts it uses are signed. If your policy is a higher restriction, you may have different requirements. I did not test for that.|
|Are you running this locally on a non-privileged account and authenticating to servers with a privileged account?||You’re able to authenticate and manage servers outside of your current security scope. For example, you could be a member of a workgroup and manage domain systems. You’d just need to authenticate to the target system|
|Does System Insights work for Hyper-V Server 2019?||Because Hyper-V Server 2019 is not officially released (as of the time of this writing), the official answer is “unknown”. However, WAC should have no trouble with it.|
|I am an MSP. What is the cleanest way to install/use Admin Center for multiple domains, remotely||This depends on your existing management strategy for your customers. If you already have a remote footprint, you could install WAC on your management machine at each customer. Otherwise, if you wanted to centralize everything, I would consider VPN tunnels to your management network and have customer machines report to a centralized WAC cluster.|
|Is this intended to replace 2012+ Server Manager? For example, I see no way to see all my file server storage status on one screen without going server to server in admin center||It does look to be a replacement for server manager. WAC has the management goal of managing one server at a given time. They may add a file server management extension at some point to extend this functionality but it is not present in the tool today|
|For the RDP to Linux through WAC does it require Integration Services?||WAC does not truly RDP to the Linux system at all. It establishes an RDP session to the host and then uses VMBus to open a console view. It is essentially VMConnect within RDP. So, you do not need any particular software on the destination virtual machine.|
|Is it possible to see the PowerSHell code that WAC is running?||Yes! In most sections of the UI you’ll see a powershell icon in the top right of the screen. Clicking this will show you the relevant PowerShell commands for running the task at hand.|
|Can I Use WAC to manage Multiple domains and sites?||Yes|
|Does WAC take care of role drain on shutdown/reboot?||WAC does not have a specific “Drain” command like Failover Cluster Manager does (unless it’s hiding from me) but the cluster service will still do its duty.|
|Does WAC support multi-session access?||Yes, absolutely. It will maintain their environments independently, such as light v dark mode and the added systems. There is a “Shared Connections” item that we did not cover that allows you to share systems|
|Is it possible to limit access to WAC? For example for admin and for helpdesk to have different menus?||Not quite to that extent. It does offer a limited Role-Based Access in the Settings for WAC and on individual hosts. Of course, a user cannot do anything outside the scope of their credentials.|
What about you? Have you tried Windows Admin Center yet? How are you liking it? Anything you don’t like? Anything you’d like to hear more about? Let us know in the comments section below!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!
13 thoughts on "5 Ways that Windows Admin Center Makes Managing Servers a Breeze"
Thx for all that great stuff Eric & Andy. Let me just ask an addon to managing different customers on a “centralized” WAC. You mentioned that you would prefer VPN tunnels to all customers. But remember that it isn´t that easy to connect to 50 customers with VPN before using WAC. If using the public internet what ports do I have to open on customers firewall to get access. These ports then could be provided with limited access form our public IP.
The Windows Admin Center front-end listens on the port that you specify during installation: 443 by default. You can also allow it to set up a port 80 redirect.
If making Windows Admin Center’s interface available on the public Internet, I will triple-down on my recommendation to use real certificates, not self-signed. You can certainly use certs published by your own PKI to save money. Just do not use self-signed.
Sure, real certificates are a must. Does that mean that I cannot connect VMs from a customer side directly to my WAC but have to set up a local WAC at customer side and connect to that local WAC somehow?
I could correctly answer that question a number of ways. To keep it generic, the certificates matter at the point of accessing the WAC interface only. When WAC reaches out to manage a system, it connects using WSMan on port 5985. WAC and the target system will negotiate a session key and encrypt all traffic. No certificate-based key exchange happens there.
Out of curiosity, did you manage to get this running in the way you wanted to? I’m faced with a similar challenge and it would be interesting to know if and how you got it working.
This is great stuff. Thank you so much for sharing man.
Is it possible to run powershell commands against several servers that are managed by Windows Admin Center? It appears that you can connect to each one manually, but what if you want to view the System Path on 50 servers. Is it possible to select the servers and run a command through WAC?
There is no special way to run a PowerShell script against multiple WAC servers, besides the standard methods. Another way to think of WAC is that it provides a GUI layer on top of PowerShell cmdlets. To run a PowerShell script against multiple servers, you can pass a list of servers into a script.
Here’s a Microsoft blog: https://devblogs.microsoft.com/scripting/learn-how-to-run-powershell-scripts-against-multiple-computers/
Here’s a sample script: https://gallery.technet.microsoft.com/PowerShell-script-to-add-41718fb8
However a better way to implement a global configuration change would be to use Group Policy, and this will also ensure than any new servers receive these settings.
WAC is built to work against one target machine at a time. You could use WAC to open a PowerShell instance on a single machine that has access to all 50 targets, then run it against them inside that window. But, WAC itself does not provide anything special that you couldn’t get by logging into that machine directly.
I have installed WMF 5.1 on a Windows Server 2008R2 server. I added it to the WAC and when I click on “overview” for that server it provides an error that WMF 5.0 or greater is not installed. FYI it also has .NET Framework 4.5.2 installed. Any ideas why it’s throwing this error when I’ve confirmed it is installed?
I have the same problem with W2008R2 with all requirements. do you have solution for this issue?
Thanks in Advance