#Azure Server Management Tools offers a set of web-GUI #tools to manage #AzureStack Servers #RSMT #ASMT

Azure Server management tools is currently in preview. Any data collected by Server management tools will be stored in the US.!

As this is a preview you can play with this and it is Cool a nice web management. With the Management server you can manage your on premise AzureStack or Deploy a Template with SCVMM. or just turnoff al your domain controllers.  Oh ok I must re-think my security Policy.

As many Azure is External in some cases it is handled just like a server in a DMZ site. So “real dangerous” this is the Cloud directly connected to the WEB.

This DMZ is now turned and be able to manage your internal servers, what is some one has my azure account that has this gateway…. Well I think this is a cool new feature with a lot of new options. In fact I created a cluster in the Azure GUI but it is running on premises.   

Server management tools enables you to remotely manage machines running Windows Server 2016 Technical Preview. Currently, the tools offer the following capabilities:

  • View and change system configuration
  • View performance across various resources and manage processes and services
  • Manage devices attached to the server
  • View event logs
  • View the list of installed roles and features
  • Use a PowerShell console to manage and automate

The Server management tools connection is routed through a Server management tools gateway. When you create a new connection, you will have the opportunity to create a new gateway or select an existing gateway if one already exists in the same resource group. Click on Create to establish a connection to your Windows Server 2016 Technical Preview machine and start exploring the features available today.

Open your Azure management portal and search : Server management tools in the marketplace

image

Select the Server management tools and a new window opens with the network layout on how things are connected.

Image01

So Hit Create

image

The Create option opens a new menu with all kinds of options Name Subscription , Resourcegroup.

image

As this is my first server I create it all Fresh so no connections to other Resource Groups

image

Configuring a new Server management tools Gateway

If you are creating a new gateway, you will see the following status:

image

Click to open the Gateway Configuration page and read carefully and follow the directions to set up your on-premises machine or Azure VM as the gateway.

An Server management tools gateway is required to enable communication between the Microsoft Azure portal and your Windows Server 2016 machine. A gateway is typically deployed and configured on the same local network as the Windows Server machine(s) you wish to manage. The customized gateway deployment package below allows you to install the gateway software on a machine of your choice, and automatically configures the gateway profile to register with your Azure subscription. The deployment package must be run locally on the machine that you want to designate as the Server management tools gateway.

Steps to configure your gateway

image

Save the File on your Windows Server 2016

image

Use the generated link to download the gateway deployment package now, or copy the link URL to download the package later from the machine on which you intend to install the package.

  1. From the machine that you want to designate as the gateway, unzip the package and run GatewayService.MSI.

  2. Once the gateway installation completes, return to the Microsoft Azure portal and reopen your Server management tools connection.

  3. You should now be able to manage your Windows Server 2016 machine if the Microsoft Azure portal can reach it through the gateway.

image

The Extracted File is the installation file with the JSON config file.

A quick setup is needed on the Windows Server 2016.

imageimageimageimage

As you can see there is an extra Services running on the Windows Server 2016

image

When I do a Refresh in the Azure Resource Group.

image

The manage as command is there just go to the Manage As and fill in the server admin account to manage this server

 

image

Fill in the account I us a Local Account as in this scenario I’ll not jumping thru my domain. 

image

You have established a remote connection to your resource and are now able to perform management tasks on it through the Azure Portal.

image

Some errors here with no surprise My local Firewall and Remote management WINRM is not configured as the text below described.

Unable to connect to the server ‘mvpmgt01’: WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Managing Workgroup machines

In order to manage workgroup machines (e.g. non-domain-joined Nano Servers), run this command as an administrator on the Server management tools gateway machine:

This setting is different than in the guide in Azure

winrm set winrm/config/client’@{TrustedHosts="< NAME OR IP >"}’

When creating a Server management tools connection to the workgroup machine, use the machine’s IP address as the computer name.

Additional connectivity requirements

If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

If you wish to connect to a workgroup machine which is not on the same subnet as the gateway, run the following command in an administrator session on the target machine:

NETSH advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

Now it is play time

image

image

As you can see you can manage the local server, there are more options like powershell and event viewer but this is not easy to use in the web-GUI

image

 

Happy Stacking

Robert Smit

Twitter: @clustermvp

Cloud and Datacenter MVP

Posted February 12, 2016 by Robert Smit in windows server 2016

Tagged with

Azure Backup building backup vaults Protect On-premises workloads for Azure VM in Azure #azure #marsa #mars

The usage of cloud is often a pain what application or server should we move to the cloud just to get the feeling. And what about backup where to store the files. Well you could move your backup to the cloud and see how this is treating you. If you have storsimple or SCDPM than you can use also the backup vaults.  or save the azure backup on premise. Or simple create a backup vault.

The big difference between backup Protect On-premises workloads and Protect Azure Virtual Machines is simple in the Protect Azure Virtual Machines there is a full copy of the machine and no file selection. If you want file selection backup in Azure virtual machines you will need Protect On-premises workloads.

Funny Protect On-premises workloads for Azure Virtual machines running in Azure

image

all you need is an agent and a Azure Subscription go to http://manage.windowsazure.com

Setting up backup for Azure virtual machines can be achieved in three simple steps:

  1. Discover the machines that can be protected in the Azure Backup vault.
  2. Register the discovered virtual machines to Azure Backup vault.
  3. Protect the registered virtual machines by associating them with a policy defining backup schedule and how long you want to retain.

First we need a backup Vault keep in mind that the region of your azure VM’s must be the same as you backup vault. when you do a on premise backup there is no need for this.

 

image

In this section you can create a site recovery vault backup or a backup vault.  More info about and how to setup a recovery vault https://robertsmit.wordpress.com/2014/08/27/azure-site-recovery-service-asrs-hyper-v-to-azure-recovery-mvpbuzz/ Azure Site Recovery Service #ASR #Hyper-v to #Azure #Recovery

image

Now that the vault is created you have two options what to backup Protect On-premises workloads or Protect Azure Virtual Machines

 

image

The Protect On-premises workloads is easy to setup First we need the vault credentials that are needed for the secure communication between on premise and azure

image

We save this file on the protected machine or on a file share.

And we need to download an agent and install this on every machine that we want to backup. No there is no Management suite to manage all this.

image image

Installing the Agent and registering the Vault credentials.

 

image Generate a passphrase or use your own but in case of a lost passphrase your backup is gone.

WARNING:

If the passphrase is lost or forgotten; Microsoft cannot help in recovering the backup data. The end user owns the encryption passphrase and Microsoft does not have any visibility into the passphrase which is used by the end user. Please save the file in a secure location as it would be required during a recovery operation.

When checking Azure you can see Windows Server and Azure VM to protect.

image

 

image

the backup tool to select files and folders to backup.

 

image

Protect Azure Virtual Machines

image

 

First we need to register items to the vault to protect. this will run a quick discovery of all your VM’s in the Region / subscription

To make sure that all items are discovered we run discover first

image

Successfully discovered virtual machines in the region West Europe. Please register the virtual machines to a vault of same region.

Now we are ready to register some machines to backup

image

I want to backup my mvpdummy01 machine

image

Check Protect and pick the machine and this machine is now registered

image

next step is to protect this VM again select the machine and your done.

image

Now that the machine is registered and protected we can us a default or create a custom protection level. the max setting is 99 years. why not 100 ? Guess this is not a time machine but only a backup vault that you can restore a windows server 2003 in year 2114

imageimage

 

image

Storage replication

The Locally Redundant option maintains 3 copies of your data within the same region.
The Geo-Redundant option maintains 3 copies of your data locally and 3 copies in a secondary storage region.

The storage replication choice cannot be changed once items have been registered to the vault. Learn More

 

 

Nice and easy backup

Happy Clustering

Greetings,

Robert Smit

https://robertsmit.wordpress.com/

Posted September 28, 2015 by Robert Smit in Azure

Tagged with

First hands-on Upgrading Windows Server 2016 TP2 to TP3 #easy #upgrade #ws2016 #WinServ

Now that Windows Server 2016TP3 is there we can test all the new stuff the in place upgrade was just 10 min downtime that is great. and my SCVMM and SQL server still worked. get the bits here:  https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview

At the heart of the Microsoft Cloud Platform, Windows Server brings Microsoft’s experience delivering global-scale cloud services into your infrastructure. Windows Server 2016 Technical Preview 3 provides a wide range of new and enhanced features and capabilities spanning server virtualization, storage, software-defined networking, server management and automation, web and application platform, access and information protection, virtual desktop infrastructure, and more.

As a reminder, these are early pre-release builds. Many of the features and scenarios are still in development. As such, these builds are not intended for production environments, labs, nor full evaluations. This is pre-released software; features and functionality may differ in the final release.

Need more information about the next version of Windows Server? See what’s new in Windows Server 2016 Technical Preview 3.

 

The upgrade is done in just a few steps I used a System center Virtual Machine Manager VM to upgrade ( with SQL2016 and SCVMM TP2 )

image  image

Want to keep or wipe the server. and

 

image image

 

Setup encountered a problem and was unable to determine whether Hyper-V features can be upgraded. For more information about Hyper-V upgrade requirements, see http://go.microsoft.com/fwlink/?LinkId=512570.

http://go.microsoft.com/fwlink/?LinkId=512570  VmConfigurationVersion vmname or vmobject

 

image 

image image

image

 

 

image image

In just 10 Minutes Winking smile 

image and here is my VMM server

 

So what to expect when upgrading  there a a whole lot of new things in 2016 new in this release :

 

Windows Server Containers

What’s new in Active Directory Domain Services (AD DS) in Windows Server Technical

What’s New in Failover Clustering in Windows Server Technical Preview.

What’s new in Hyper-V in Technical Preview.

What’s New in Windows Server Antimalware Overview for Windows Server Technical Preview.

What’s New in Remote Desktop Services in Windows Server 2016.

What’s New in File and Storage Services in Windows Server Technical Preview.

What’s New in Web Application Proxy in Windows Server Technical Preview.

What’s New in Networking in Windows Server Technical Preview.

Posted August 19, 2015 by Robert Smit in windows server 2016

Tagged with

  • Tag