1. Manage and troubleshoot your Windows Server environment remotely
Microsoft 2016
6/4/2018 8:03 PM
BRK2147
Manage and troubleshoot your Windows Server environment remotely
Andrew Mason Samuel Li
Principal PM Manager Principal PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Windows Server 2016 Built-in layers of security
6/4/2018 8:03 PM
Built-in layers of security
Software-defined datacenter
Cloud-ready application platform
Windows Server 2016
Windows Server + System Center session guide: aka.ms/WS2016Ignite
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Agenda Overview Server management tools
6/4/2018 8:03 PM
Agenda
Overview
Server management tools
Remote Server Administration Tools (RSAT)
PowerShell
Other Tools
Nano Server management
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. Overview Time of transition
Microsoft Ignite 2016
6/4/2018 8:03 PM
Overview
Time of transition
Enormous ecosystem of management tools to tackle
Extensibility and flexibility are key principles for the future
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. Server management tools
6/4/2018 8:03 PM
Server management tools
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Server management tools
6/4/2018 8:03 PM
Server management tools
Web-based remote management tools offered via Azure
Includes replacements for
Local-only tools, including Task Manager, Device Manager, Sconfig
Commonly used tools: Registry Editor, Firewall and more to come
Based on WMI and PowerShell
Manages Nano Server, Server Core, Server with Desktop Experience
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Current Status Public preview available to customers today
6/4/2018 8:03 PM
Current Status
Public preview available to customers today
Tools supported include:
Certificate Manager
Device Manager
Event Viewer
File Explorer
Firewall rules
Local Administrators
Network settings
Supports Windows Server 2016, 2012 R2, 2012
PowerShell console
Processes
Registry Editor
Roles and Features
Services
Storage
Windows Update
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. 6/4/2018 8:03 PM
Deployment of SMT
UX hosted within Azure Portal connecting to gateway service deployed in customer infrastructure
Gateway deployed via MSI
Gateway resource provisioned in Azure Resource Group
Nodes provisioned as resources attached to gateway resource
Scale gateways for resilience/performance
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Demo Server management tools https://portal.azure.com
Microsoft Ignite 2016
6/4/2018 8:03 PM
Demo
Server management tools
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. 6/4/2018 8:03 PM
Authentication
Username/password used to execute WMI/PowerShell against managed nodes
If credentials aren’t stored, user is prompted for creds each time they manage a node
Username/password encrypted in MRP.
Requests are signed by MRP so that payload can be verified by the gateway.
If credentials are stored, encrypted by customer-provided certificate on the gateway
Encrypted credentials stored within Azure
Certificate used for encryption is never passed to Azure, and Azure will never have access to unencrypted user credential
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. High-level architecture
TechReady 23
6/4/2018 8:03 PM
High-level architecture
Azure Tables
GW1 … N1
User Creds
(To access the target)
User (AAD Cred)
Microsoft Azure Management Portal
ARM
MRP
MDS Agent
User Creds
(To access the target)
Service Bus
Queue
Blob
Storage
Microsoft Azure
User Creds
(To access the target)
Customer Network
Gateway
Plugins
Target Servers
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. Gateway Security Gateway only reaches out using https
No special firewall rules required
Retrieves management requests from the specific service bus queue defined by the gateway profile’s Azure subscription/resource
Gateway Group Policy – AllowGateway
If AllowGateway is set to 0, any SMT gateway software which gets installed will not process any commands from its queue
This GP allows an admin to lock down an environment by default, and only allow SMT gateways on authorized servers
Gateway Group Policy – RequireMFA
If RequireMFA is set to 1, the SMT gateway will only process requests which have a header indicating MFA compliance
The user will be required to log in to the Azure portal using Multi-Factor Authentication for Azure to send the required header

14. Try it today! http://portal.azure.com Ongoing and Future investments:
6/4/2018 8:03 PM
Try it today!
Search for “Server management tools”
Or go directly to the SMT page:
Ongoing and Future investments:
Consistent release cadence of new management tools
Partner extensibility via a consistent management platform
Resources:
Blog:
UserVoice:
Twitter:
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15. Remote Server Administration Tools
6/4/2018 8:03 PM
Remote Server Administration Tools
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16. RSAT
A package that can be installed on a Windows Client machine to enable remote management of Windows Server machines
An updated RSAT package for Windows 10 will be available in the Windows Server 2016 GA timeframe
The admin tools will support Windows Server 2016, Nano Server, Windows Server 2012 R2 and 2012

17. Roles and Features supported
6/4/2018 8:03 PM
Roles and Features supported
Active Directory
BPA
Bitlocker
DHCP
Direct Access, Routing and Remote Access
DNS
Failover Cluster
File Server GP
IPAM
NIC teaming
Network load balancing
Remote Desktop
Server Manager
SMTP
Storage explorer
Storage Manager for SANs
Volume Activation
Windows System Resource Manager
WSUS
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18. 6/4/2018 8:03 PM
PowerShell
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19. PowerShell, a Story of Sustained Investment
6/4/2018
PowerShell, a Story of Sustained Investment
2006: PowerShell v1  2016: PowerShell v5
WMF provides downlevel support for client and server
Windows now has over 3000 cmdlets (and growing...)
Not just a command shell; task-based scripting language
Desired State Configuration
Pester
Moving beyond Windows
PowerShell Gallery
Azure Automation
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20. WMF 5 Highlights DSC Resources Infrastructure Tools
Microsoft Ignite 2016
6/4/2018 8:03 PM
WMF 5 Highlights
DSC Resources
PowerShell Classes - simplify resource development
PowerShell Resource Kit
Integrate PSGet to autoinstall DSC resources
Customer Feedback Addressed
Infrastructure
Audit Windows PowerShell usage (logging/transcription)
Partial configuration
Cross-machine synchronization
DSC for Linux
Tools
IntelliSense
DSC Configuration (Test/Compare/Update)
Azure Extension for PS/DSC
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21. How To Get the Latest... PowerShell 5.0
Includes PowerShell and DSC, Pull Server, JEA
Available in Windows 10, Windows Server 2016
Available in WMF 5 at
Active documentation: WMF 5 Release Notes
PowerShell Gallery, GitHub/PowerShell, & Microsoft.com/PowerShell
Separate online services
Access to PowerShell modules, scripts, and documentation

22. 6/4/2018 8:03 PM
Other Tools
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23. Setup & Boot Event Collection
Microsoft Ignite 2015
6/4/2018 8:03 PM
Setup & Boot Event Collection
Greater Visibility
Remotely view debug errors, events from your deployment process, boot loader, OS, and services
Troubleshoot issues without requiring physical access
Physical Machines
Virtual Machines
ETW Messages
Simple Setup
Works on both physical and virtual machines
Requires little additional infrastructure and can be set up using PowerShell or an unattend file
ETW Collector
Service
ETL Files
Lower MTTR
Access to data is real-time and can be correlated with other diagnostic data to identify problems faster
Analysis Tools
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24. Other Tools OpenSSH Sysinternals System Center 2016
TechReady 23
6/4/2018 8:03 PM
Other Tools
OpenSSH
PowerShell team has been releasing builds of OpenSSH for Windows Server
The 4_5_2016 release or newer works on Nano Server
Sysinternals
CLI Sysinternals tools ported to run on Nano Server
Investigating and prototyping remote port of the GUI Sysinternals tools for Nano Server
System Center 2016
Support for new WS 2016 features including Nano Server based hosts and VMs and Shielded VMs
Operations Management Suite
Automate tasks with Azure automation, visualize metrics with log analytics, backup on-prem apps to Azure Backup
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25. Nano Server Management
6/4/2018 8:03 PM
Nano Server Management
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26. Remotely Managing Nano Server
6/4/2018 8:03 PM
Remotely Managing Nano Server
Server Manager
Hyper-V Manager
Failover Cluster Manager
PerfMon, Event Viewer, etc.
PowerShell Core
Server management tools (SMT)
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27. Nano Server - Management
Eliminate the need to ever sit in front of a server
Configuration via PowerShell Desired State Configuration (DSC)
Remote management/automation via PowerShell Core and WMI
Integrate into DevOps toolchains

28. 6/4/2018 8:03 PM
PowerShell Core
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29. Nano Server – PowerShell Core
TechReady 23
6/4/2018 8:03 PM
Nano Server – PowerShell Core
Refactored to run on CoreCLR
Full PowerShell language compatibility & remoting
Invoke-Command, New-PSSession, Enter-PSSession, etc.
Most core engine components
Support for all cmdlet types: C#, Script, and CIM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30. Nano Server – PowerShell Core
TechReady 23
6/4/2018 8:03 PM
Nano Server – PowerShell Core
What Works
What Doesn’t Work
PowerShell core engine
PowerShell language
Local powershell.exe
PowerShell remoting
Extensible type system
Most core PS cmdlets
PowerShell DSC
Web cmdlets
Counter cmdlets
Scheduled jobs
Online domain join
PowerShell transactions
PowerShell workflow
Using PowerShell Core:
Porting to PowerShell Core:
Developing for PowerShell Core SDK:
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31. PowerShell Core Changes in WS16 RTM
TechReady 23
6/4/2018 8:03 PM
PowerShell Core Changes in WS16 RTM
CredSSP remoting infrastructure and cmdlets { Get | Enable | Disable }
JSON cmdlets { ConvertFrom | ConvertTo }
XML cmdlets { Select | ConvertTo }
CliXML cmdlets { Export | Import }
Add-Type (or use the new PowerShell Classes feature for defining custom types)
Get-WinEvent cmdlet (retrieves entries from ETW logs)
PowerShell remoting client (i.e. server acting as a remoting client to another server)
PSSession cmdlets { Connect | Disconnect | Get | Enter | Exit | New | Receive | Remove }
PSEdition added to $PSVersionTable (PSEdition=Core for Nano Server and IoT)
Start-Transcript, Stop-Transcript
Test-Connection
Attach-to-process debugging
Crossgen assemblies for improved startup perf
Local users & groups cmdlets
3.4.0 drop of Pester
Security Policy Cmdlets:
PowerShell Core SDK published on PowerShell Gallery and TechNet
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32. Demo PowerShell Core Microsoft Ignite 2016 6/4/2018 8:03 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33. Nano Server Recovery Console
Simple & focused UI providing recovery actions to re-establish remote connectivity
Connect via a local KVM solution
Supports EN-US language only
Additional languages planned for future iterations

34. Demo Recovery Console Microsoft Ignite 2016 6/4/2018 8:03 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35. Recap: Nano Server Management
Microsoft Ignite 2015
6/4/2018 8:03 PM
Recap: Nano Server Management
DevOps mindset: "Treat servers like cattle, not pets"
Goal: Eliminate the need to ever sit in front of a server
Remote graphical and web-based management tools
Remote management and automation via PowerShell & WMI
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36. Call to Action
Use Server management tools for remote management of your Servers
Provide feedback on Windows Server remote management

37. Related sessions Windows Server 2016 Breakout sessions
6/4/2018 8:03 PM
Related sessions
Breakout sessions
BRK3120 – Deploy, Configure, and remotely manage Nano Server
BRK3119 – Develop, package and deploy your apps for Nano Server
BRK3198 – Review Windows Server 2016 – the Cloud OS optimized for DevOps
BRK3338 – Manage Nano Server and Windows Server 2016 Hyper-V
BRK3073 – Get notes from the field: implementing Nano Server in production around the world
Hands on Lab
Experience Nano Server
Windows Server 2016
Windows Server + System Center session guide: aka.ms/WS2016Ignite
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38. 6/4/2018 8:03 PM
Q & A
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39. Please evaluate this session
6/4/2018 8:03 PM
Please evaluate this session
Your feedback is important to us!
From your PC or Tablet visit MyIgnite at
From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40. 6/4/2018 8:03 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.