Microsoft Azure: Managing Nano Server with Server Management Tools

What have I been busy with lately? Last few weeks, I was experimenting with Microsoft Azure Server Management Tools and have posted an article on TechNet Wiki on how to setup a Server Management Tools Gateway that will communicate with Server Management Tools Service provided by Microsoft Azure. The service allows you to create Server Management Tools Connections to remotely manage your On-Premise or Public Cloud machines such as Nano Servers as Server Management Tools Nodes.

You can either view this article from the Microsoft TechNet Wiki which may have any improvement updates by the TechNet community on the link below:

Or carry on reading this page on the original article which I have noted in my engineering journal with some explanations on the process.

The Original TechNet Wiki Article on Microsoft Azure: Managing Nano Server with Server Management Tools

1. Introduction

In this article with Server Management Tools Service from Azure is still in Preview, we will demonstrate on how to deploy an Azure Resource Manager network environment and an Azure Management Server (AZUMGTSVR01) in Azure to be the Server Management Tools Gateway server that will communicate with Server Management Tools Service from Microsoft Azure to get started with Server Management Tools. In order to demonstrate the functionalities of Server Management Tools, we will also deploy a Nano Server (NANOSERVER01) in Azure that will be managed by the Server Management Tools Service in Microsoft Azure to complete the demonstration.

As a proof of concept in managing any Windows Server or Nano Server hosted in a Public Cloud (Eg. Azure or maybe Amazon AWS) instead of On-Premise Datacenter, we will demonstrate how to deploy Server Management Tools Gateway in a Virtual Machine and manage those nodes located in the Public Cloud.

With that concept in mind and a high level diagram illustration below displaying on the possibilities of having Server Management Tools Gateway for On-Premise or Public Cloud environment tapping on Server Management Tools Service provided by Microsoft Azure, let us get started.

Microsoft Azure - SMT - Server Management Tools Concept Diagram

2. Requirements

In order to begin the deployment, we will requires the followings:

  • Microsoft Azure Subscription
  • Server Management Tools Gateway¹
  • Azure Resource Group in the following Locations² (as of August 2016):
    • Central US
    • East US
    • North Europe
    • West Europe

¹ Once you added a Server to be a Server Management Tools Gateway, you will generate a package link to obtain the package to be installed on that server.

² Server Management Tools Service from Microsoft Azure are only available in those listed locations and may be only available in other locations at a later phase.

3. Getting Started with Server Management Tools in Azure

In this section, we will start off with how to deploy an Azure Resource Manager Resource Group and Virtual Network for our public cloud environment in the respective Server Management Tools available location.

3.1. Login to Microsoft Azure using AzureRM PowerShell

In this section, we will begin our journey in deploying a virtual machine to be the Server Management Tools Gateway and a virtual machine to be the headless Nano Server that will be managed by the Server Management Tools Service in Azure. Therefore, let’s start by logging into Microsoft Azure using AzureRM PowerShell.

# Login to Azure using Azure PowerShell Cmdlet
Login-AzureRmAccount ; 
# Select a Azure Subscription to use
Select-AzureRmSubscription `
    -Subscriptionid "GUID of subscription" ; 

Microsoft Azure - SMT - Step 1 - Login to Microsoft Azure using AzureRM

3.2. Create an Azure Resource Manager Resource Group

In this section, we will create a Resource Group located in Central US where Server Management Tools Service is available.

# Create a new Azure Resource Manager Resource Group
New-AzureRmResourceGroup `
    -Name "CNUS-ARM-DEV-ENV" `
    -Location "Central US" `
    -Tag @{Name="Department";Value="IT"}, `
         @{Name="CostCentre";Value="Innovation"}, `
         @{Name="Location";Value="Central US"}, `
         @{Name="Function";Value="Development"} ;  

3.3. Create an Azure Resource Manager Virtual Network

Based on the Resource Group location that we previously created, we will create a Virtual Network located in Central US where Server Management Tools Service is available.

# Create a new Azure Resource Manager Virtual Network
New-AzureRmVirtualNetwork `
    -ResourceGroupName "CNUS-ARM-DEV-ENV" `
    -Location "Central US" `
    -Name "CNUS-ARM-DEV-ENV-VN" `
    -AddressPrefix "192.168.2.0/24" `
    -Subnet (New-AzureRmVirtualNetworkSubnetConfig `
                -Name "GatewaySubnet" `
                -AddressPrefix "192.168.2.248/29"),
            (New-AzureRmVirtualNetworkSubnetConfig `
                -Name "Subnet-DEV-ENV" `
                -AddressPrefix "192.168.2.0/25") `
    -Tag @{Name="Department";Value="IT"}, `
         @{Name="CostCentre";Value="Innovation"}, `
         @{Name="Location";Value="Central US"}, `
         @{Name="Function";Value="Development"} ; 

Microsoft Azure - SMT - Step 2 - Create Resource Group and Virtual Network

3.4. Create a Server Management Tools Server in Azure

Now that we have our Resource Group and Virtual Network created in Central US, we will request a Public IP Address for our Azure Management Server (AZUMGTSVR01) that will be the Server Management Tools Gateway server that will communicate with Server Management Tools Service in Azure.

# Request a new Azure Resource Manager Virtual Network
#  Dynamic Public IP Address for AZUMGTSVR01
New-AzureRmPublicIpAddress `
    -ResourceGroupName "CNUS-ARM-DEV-ENV" `
    -Location "Central US" `
    -Name "CNUS-ARM-DEV-ENV-VN-PIP-AZUMGTSVR01" `
    -AllocationMethod "Dynamic" `
    -Tag @{Name="Department";Value="IT"}, `
         @{Name="CostCentre";Value="Innovation"}, `
         @{Name="Location";Value="Central US"}, `
         @{Name="Function";Value="Development"} ; 
# Create an Azure Resource Manager
#  Virtual Machine configuration
$newVMConfigParams = @{
    "VMName" = "AZUMGTSVR01" ;
    "VMSize" = "Standard_A0" ;
} ;
$newAzureRmVMConfig = `
    New-AzureRmVMConfig `
        @newVMConfigParams ; 
# Configure the Azure Resource Manager
#  Virtual Machine operating system
$newAzureRmVMOperatingSystemParams = @{
    "VM" = $newAzureRmVMConfig ;
    "Windows" = $true ;
    "ComputerName" = "azumgtsvr01" ;
    "Credential" = ( `
        Get-Credential `
            -Message "Please input new local administrator username and password.") ;
    "ProvisionVMAgent" = $true ;
    "EnableAutoUpdate" = $true ;
} ;
$AzureVirtualMachine = `
    Set-AzureRmVMOperatingSystem `
            @newAzureRmVMOperatingSystemParams ; 
# Obtain the Azure Resource Manager
#  Virtual Machine image offer
$AzureRmVMImageOffer = `
    Get-AzureRmVMImageOffer `
        -Location "Central US" `
        -PublisherName "MicrosoftWindowsServer" ;  
# Configure the Azure Resource Manager
#  Virtual Machine source image
$newAzureRmVMSourceImageParams = @{
    "PublisherName" = "MicrosoftWindowsServer" ;
    "Version" = "latest" ;
    "Skus" = "Windows-Server-Technical-Preview" ;
    "VM" = $AzureVirtualMachine ;
    "Offer" = $AzureRmVMImageOffer.Offer ;
} ;
$AzureVirtualMachine = `
    Set-AzureRmVMSourceImage `
        @newAzureRmVMSourceImageParams ; 
# Create an Azure Resource Manager
#  Virtual Machine network interface
$newAzureRmVMNetworkInterfaceParams = @{
    "Name" = "CNUS-ARM-DEV-ENV-VMNI" ;
    "ResourceGroupName" = "CNUS-ARM-DEV-ENV" ;
    "Location" = "Central US" ;
    "SubnetId" = (
                    (
                        Get-AzureRmVirtualNetwork `
                            -ResourceGroupName "CNUS-ARM-DEV-ENV" `
                    ).Subnets | `
                        Where-Object { $_.Name -eq "Subnet-DEV-ENV" }
                 ).Id ;
    "PublicIpAddressId" = (
                            Get-AzureRmPublicIpAddress `
                                -Name "CNUS-ARM-DEV-ENV-VN-PIP-AZUMGTSVR01" `
                                -ResourceGroupName "CNUS-ARM-DEV-ENV"
                          ).Id ;
    "Tag" = @{Name="Department";Value="IT"}, `
            @{Name="CostCentre";Value="Innovation"}, `
            @{Name="Location";Value="Central US"}, `
            @{Name="Function";Value="Development"} ;
} ;
$newAzureRmVMNetworkInterface = `
    New-AzureRmNetworkInterface `
        @newAzureRmVMNetworkInterfaceParams ; 
# Add Azure Resource Manager
#  Virtual Machine network interface
#  to Azure Virtual Machine
$AzureVirtualMachine = `
    Add-AzureRmVMNetworkInterface `
        -VM $AzureVirtualMachine `
        -Id $newAzureRmVMNetworkInterface.Id ;  
# Create an Azure Resource Manager
#  storage account for Virtual Machine
#  VHD creation
$newAzureRmStorageAccountParams = @{
    "ResourceGroupName" = "CNUS-ARM-DEV-ENV" ;
    "Location" = "Central US" ;
    "Name" = "cnus8storage8account0001" ;
    "Kind" = "Storage" ;
    "Type" = "Standard_LRS" ;
    "Tag" = @{Name="Department";Value="IT"}, `
            @{Name="CostCentre";Value="Innovation"}, `
            @{Name="Location";Value="Central US"}, `
            @{Name="Function";Value="Development"} ;
} ;
$newAzureRmStorageAccount = `
    New-AzureRmStorageAccount `
        @newAzureRmStorageAccountParams ; 
# Construct Azure Virtual Machine
#  operating system VHD disk Uri
$newAzureRmOperatingSystemDiskUri = `
    $newAzureRmStorageAccount.PrimaryEndpoints.Blob.ToString() + `
        "vhds/" + `
        $newAzureRmVMConfig.Name + `
        "_OperatingSystem" + `
        ".vhd" ; 
# Configure the Azure Resource Manager
#  Virtual Machine operating system disk
$newOperatingSystemDiskParams = @{
    "Name" = "OperatingSystem" ;
    "CreateOption" = "fromImage" ;
    "VM" = $AzureVirtualMachine ;
    "VhdUri" = $newAzureRmOperatingSystemDiskUri ;
} ;
$AzureVirtualMachine = `
    Set-AzureRmVMOSDisk `
        @newOperatingSystemDiskParams ; 
# Create an Azure Resource Manager
#  Virtual Machine now
$newAzureRmVirtualMachineParams = @{
    "ResourceGroupName" = "CNUS-ARM-DEV-ENV" ;
    "Location" = "Central US" ;
    "VM" = $AzureVirtualMachine ;
    "Tag" = @{Name="Department";Value="IT"}, `
            @{Name="CostCentre";Value="Innovation"}, `
            @{Name="Location";Value="Central US"}, `
            @{Name="Function";Value="Development"} ;
} ;
New-AzureRmVM `
    @newAzureRmVirtualMachineParams ; 

Microsoft Azure - SMT - Step 3 - Create AZUMGTSVR01 Virtual Machine

3.5. Create a Nano Server in Azure

Before we start with Server Management Tools setup process, we need to have some servers to be in the environment that will be managed and therefore we will deploy a headless Nano Server into Azure.

# Request a new Azure Resource Manager Virtual Network
#  Dynamic Public IP Address
New-AzureRmPublicIpAddress `
    -ResourceGroupName "CNUS-ARM-DEV-ENV" `
    -Location "Central US" `
    -Name "CNUS-ARM-DEV-ENV-VN-PIP-NANOSERVER01" `
    -AllocationMethod "Dynamic" `
    -Tag @{Name="Department";Value="IT"}, `
         @{Name="CostCentre";Value="Innovation"}, `
         @{Name="Location";Value="Central US"}, `
         @{Name="Function";Value="Development"} ; 
# Create an Azure Resource Manager
#  Virtual Machine configuration
$newVMConfigParams = @{
    "VMName" = "NANOSERVER01" ;
    "VMSize" = "Standard_A0" ;
} ;
$newAzureRmVMConfig = `
    New-AzureRmVMConfig `
        @newVMConfigParams ; 
# Configure the Azure Resource Manager
#  Virtual Machine operating system
$newAzureRmVMOperatingSystemParams = @{
    "VM" = $newAzureRmVMConfig ;
    "Windows" = $true ;
    "ComputerName" = "nanoserver01" ;
    "Credential" = ( `
        Get-Credential `
            -Message "Please input new local administrator username and password.") ;
    "ProvisionVMAgent" = $true ;
    "EnableAutoUpdate" = $true ;
} ;
$AzureVirtualMachine = `
    Set-AzureRmVMOperatingSystem `
            @newAzureRmVMOperatingSystemParams ;  
# Obtain the Azure Resource Manager
#  Virtual Machine image offer
$AzureRmVMImageOffer = `
    Get-AzureRmVMImageOffer `
        -Location "Central US" `
        -PublisherName "MicrosoftWindowsServer" ;  
# Configure the Azure Resource Manager
#  Virtual Machine source image
$newAzureRmVMSourceImageParams = @{
    "PublisherName" = "MicrosoftWindowsServer" ;
    "Version" = "latest" ;
    "Skus" = "Windows-Server-Technical-Preview" ;
    "VM" = $AzureVirtualMachine ;
    "Offer" = $AzureRmVMImageOffer.Offer ;
} ;
$AzureVirtualMachine = `
    Set-AzureRmVMSourceImage `
        @newAzureRmVMSourceImageParams ; 
# Create an Azure Resource Manager
#  Virtual Machine network interface
$newAzureRmVMNetworkInterfaceParams = @{
    "Name" = "CNUS-ARM-DEV-ENV-VMNI-nanoserver01" ;
    "ResourceGroupName" = "CNUS-ARM-DEV-ENV" ;
    "Location" = "Central US" ;
    "SubnetId" = (
                    (
                        Get-AzureRmVirtualNetwork `
                            -ResourceGroupName "CNUS-ARM-DEV-ENV" `
                    ).Subnets | `
                        Where-Object { $_.Name -eq "Subnet-DEV-ENV" }
                 ).Id ;
    "PublicIpAddressId" = (
                            Get-AzureRmPublicIpAddress `
                                -Name "CNUS-ARM-DEV-ENV-VN-PIP-NANOSERVER01" `
                                -ResourceGroupName "CNUS-ARM-DEV-ENV"
                          ).Id ;
    "Tag" = @{Name="Department";Value="IT"}, `
            @{Name="CostCentre";Value="Innovation"}, `
            @{Name="Location";Value="Central US"}, `
            @{Name="Function";Value="Development"} ;
} ;
$newAzureRmVMNetworkInterface = `
    New-AzureRmNetworkInterface `
        @newAzureRmVMNetworkInterfaceParams ; 
# Add Azure Resource Manager
#  Virtual Machine network interface
#  to Azure Virtual Machine
$AzureVirtualMachine = `
    Add-AzureRmVMNetworkInterface `
        -VM $AzureVirtualMachine `
        -Id $newAzureRmVMNetworkInterface.Id ; 
# Get the Existing Azure Resource Manager
#  storage account for Virtual Machine
#  VHD creation
$ExistingAzureRmStorageAccount = `
    Get-AzureRmStorageAccount `
        -Name "cnus8storage8account0001" `
        -ResourceGroupName "CNUS-ARM-DEV-ENV" ; 
# Construct Azure Virtual Machine
#  operating system VHD disk Uri
$newAzureRmOperatingSystemDiskUri = `
    $ExistingAzureRmStorageAccount.PrimaryEndpoints.Blob.ToString() + `
        "vhds/" + `
        $newAzureRmVMConfig.Name + `
        "_OperatingSystem" + `
        ".vhd" ; 
# Configure the Azure Resource Manager
#  Virtual Machine operating system disk
$newOperatingSystemDiskParams = @{
    "Name" = "OperatingSystem" ;
    "CreateOption" = "fromImage" ;
    "VM" = $AzureVirtualMachine ;
    "VhdUri" = $newAzureRmOperatingSystemDiskUri ;
} ;
$AzureVirtualMachine = `
    Set-AzureRmVMOSDisk `
        @newOperatingSystemDiskParams ; 
# Create an Azure Resource Manager
#  Virtual Machine now
$newAzureRmVirtualMachineParams = @{
    "ResourceGroupName" = "CNUS-ARM-DEV-ENV" ;
    "Location" = "Central US" ;
    "VM" = $AzureVirtualMachine ;
    "Tag" = @{Name="Department";Value="IT"}, `
            @{Name="CostCentre";Value="Innovation"}, `
            @{Name="Location";Value="Central US"}, `
            @{Name="Function";Value="Development"} ;
} ;
New-AzureRmVM `
    @newAzureRmVirtualMachineParams ; 

Microsoft Azure - SMT - Step 4 - Create NANOSERVER01 Virtual Machine

3.6. Create a Server Management Tools Gateway in Azure

With the Management Server and Nano Server deployed in Azure, we can start the Server Management Tools setup process by configuring the Management Server in Azure to be the Server Management Tools Gateway server.

# Create an AzureRm Server Management Gateway
New-AzureRmServerManagementGateway `
    -ResourceGroupName "CNUS-ARM-DEV-ENV" `
    -GatewayName "CNUS-ARM-DEV-ENV-SMTG" `
    -Location "Central US" `
    -AutoUpgrade `
    -Tags @{"Department"="IT"; `
            "CostCentre"="Innovation" ; `
            "Location"="Central US" ; `
            "Function"="Development" } ;  

Microsoft Azure - SMT - Step 5 - Create Server Management Gateway

3.7. Generate and Download Server Management Tools Gateway package

Once you have executed New-AzureRmServerManagementGateway AzureRM PowerShell Command, you can validate the setup in the Azure Portal using your web browser and obtain the Server Management Tools Gateway package for the installation in the Management Server.

  1. Login to Microsoft Azure Portal
  2. Select Server Management Tools Gateway
  3. Select the Server Management Gateway Name
  4. Select Overview
  5. Select Generate a package link
  6. Copy the URL

Microsoft Azure - SMT - Step 6 - Download Gateway package

Once you have copied the URL, you will have to establish Remote Desktop Connection to the Management Server and download the package for installation. In the example below, we will launch PowerShell Console with Elevated Privileges to initiate the download, uncompress the package and start the Server Management Tools Gateway installation using PowerShell commands.

# Create a Temp folder
New-Item `
    -Path "C:\Temp" `
    -Type directory ; 
# Download the Compressed Server Management
#  Gateway Deployment Package
Invoke-WebRequest `
    -Uri "<# Input copied Server Management Tools Gateway package URL #>"`
    -OutFile "C:\Temp\gateway.cnus-arm-dev-env-smgt.zip" ; 
# Extract Compressed Server Management
#  Gateway Deployment Package
Add-Type -Assembly “System.IO.Compression.FileSystem” ;
[IO.Compression.ZipFile]::ExtractToDirectory("C:\Temp\gateway.cnus-arm-dev-env-smgt.zip", "C:\Temp\Server-Management-Gateway") ; 
# Install Server Management Gateway
#  Deployment Package
Start-Process `
    -FilePath "C:\Temp\Server-Management-Gateway\GatewayService.msi" `
    -ArgumentList "/l*v C:\Temp\install_GatewayService.log" ;  

With those commands executed, the Server Management Tools Gateway Setup will prompt on the screen where you will have to accept the terms in the License Agreement and select the Install button.

Microsoft Azure - SMT - Step 7a - Install Server Management Tools Gateway MSI

Next, Server Management Tools Gateway Setup will request for a Server Certificate that it will use to establish a secure connection with the Server Management Tools Service in Azure. For this demonstration, we will be generating a self-signed certificate because we do not have a certificate authority that is available to issue a Server Certificate for the Management Server.

Microsoft Azure - SMT - Step 7b - Install Server Management Tools Gateway MSI

Finally, you will have to select the Finish button to exit out of the Server Management Tools Gateway Setup prompt.

Microsoft Azure - SMT - Step 7c - Install Server Management Tools Gateway MSI

Once that is done, we can launch the web browser, navigate back to the Server Management Tools Gateway Overview blade page and view the health state. If the configuration are all correct and communication is properly established, you should at least view a green icon with a OK on the Health column.

Microsoft Azure - SMT - Step 8 - Verify Gateway Health

3.8. Adding Non-Domain or Workgroup Subnet to WinRM Trusted Hosts

In this section, we will demonstrate on how we can have the Server Management Tools Gateway communicates with all the servers that are non-domain joined or workgroup and still have them managed by the Server Management Tools Service in Azure. If all your servers in the environment are domain joined, you can skip this section.

# Verify if the Nano Server is a Trusted Hosts on the
#  Azure Management Server (AZUMGTSVR01) to allow
#  Azure Server Management Tools to communicate with it
Get-Item `
    -Path "WSMan:\localhost\Client\TrustedHosts" ; 
# Set the entire Subnet to be a Trusted Hosts on the
#  Azure Management Server (AZUMGTSVR01) to allow
#  Azure Server Management Tools to communicate with it
Set-Item `
    -Path "WSMan:\localhost\Client\TrustedHosts" `
    -Value "192.168.2.*" `
    -Force ; 
# Verify if the Nano Server is a Trusted Hosts on the
#  Azure Management Server (AZUMGTSVR01) to allow
#  Azure Server Management Tools to communicate with it
Get-Item `
    -Path "WSMan:\localhost\Client\TrustedHosts" ; 

Microsoft Azure - SMT - Step 9 - Configure AZUMGTSVR01 WinRM Trusted Hosts

3.9. Add a Server to Server Management Tools Nodes in Azure

Once we have the Server Management Tools Gateway setup properly, we can starting adding any servers that is in the environment into the Server Management Tools Service to have them managed as Server Management Tools Nodes.

# Get the Nano Server Private IP Address that
#  reside in Azure
$NanoServerPrivateIPAddress = ((Get-AzureRmNetworkInterface `
    -Name CNUS-ARM-DEV-ENV-VMNI-nanoserver01 `
    -ResourceGroupName CNUS-ARM-DEV-ENV).IpConfigurations).PrivateIpAddress ; 
# Add the Nano Server that reside in Azure
#  to be managed by Azure Server Management Tools
New-AzureRmServerManagementNode `
    -ResourceGroupName "CNUS-ARM-DEV-ENV" `
    -GatewayName "CNUS-ARM-DEV-ENV-SMGT" `
    -Location "Central US" `
    -NodeName "NANOSERVER01" `
    -ComputerName $NanoServerPrivateIPAddress `
    -Tags @{"Department"="IT"; `
            "CostCentre"="Innovation" ; `
            "Location"="Central US" ; `
            "Function"="Development" } `
    -Credential (Get-Credential `
                    -Message "Please input local administrator username and password.") ; 

Microsoft Azure - SMT - Step 10 - Add Server Management Tools Node

3.10. Configure the Administrative Credential for the Node

After we have added the Nano Server to be managed in the Server Management Tools, we will have to return back to the Azure Portal and input the Administrative Credential that the Server Management Tools will utilize to manage the node.

  1. Login to Microsoft Azure Portal
  2. Select Server Management Tools Connections
  3. Select the Server Management Tools Connections Name
  4. Select Overview

Microsoft Azure - SMT - Step 11 - Configure Node Administrative Credentials

  1. Select Manage as
  2. Input the Local Administrator Username
  3. Input the Local Administrator Password
  4. Select OK

Microsoft Azure - SMT - Step 12 - Input Node Administrative Credentials

After the Manage as Administrative Credential have been provided, you will notice that the Status will be at a Connecting state and eventually reach the OK state if your credential is correct. Viola! Immediately, you will start to see the CPU Processor and Memory metric tiles responding live on the browser.

Microsoft Azure - SMT - Step 13 - Verify Node Performance Health

4. Conclusion

What is actually intriguing about the development of Server Management Tools Service in Microsoft Azure is the fact that it provides so much functionalities in managing servers remotely through the web browser. With the future of headless Nano Server, this Server Management Tools Service in Microsoft Azure will be a great tool set for any administrators to dream for. Not forgetting that it also has the capability to allow administrator to execute PowerShell commands remotely to the server from the web browser.

Below is a list of the available tools that any administrator can perform through the Server Management Tools Service offered from Microsoft Azure:

  • Certificate Manager
  • Device Manager
  • Event Viewer
  • File Explorer
  • Firewall Rules
  • Local Administrators
  • Network Settings
  • PowerShell
  • Processes
  • Registry Editor
  • Roles and Features
  • Services
  • Storage
  • Windows Update

Microsoft Azure - SMT - Step 14 - Executing PowerShell Command from Browser