A lot of the value built into Windows Admin Center has to do with it being a remote-management tool that can have a lot of upside in a modern IT shop, including implementing best practices by not logging directly into servers, bringing flexibility to the management architecture, and performing admin tasks from high-DPI or touchscreen devices.
Considered a complement to System Center, Admin Center is a free app, downloadable here, that runs in a browser and can manage Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Azure Stack HCI through Windows Admin Center Gateway, software installed on Windows Server or domain-joined Windows 10.
Since it’s free, trying it out costs nothing more than some time, and you might find that some of these benefits make it worth the investment.
Improve administration architecture
Windows Admin Center can be installed on a local Windows 10 client, a gateway server in order to provide centralized management, on individual servers, or in a failover cluster for situations where high-availability is required. Opting for the gateway server or the failover cluster means you could have Windows Admin Center installed in your network DMZ, and limit administrative traffic coming into your corporate network to specific management servers.
Administer via browser
If you’ve been in the business of administering Windows for any length of time you’re familiar with the Microsoft Management Console (MMC) and MMC snap-ins. If you aren’t familiar with the name, think about all of the admin tools you’ve used in Windows such as Computer Management, Services, DHCP, DNS, etc. All of these are based on MMC.
MMC is great at offering a way to manage servers or services without logging onto the server console, but it’s also showing it’s age in a number of ways. Ever try using MMC on a high-DPI monitor or a touch screen display? How about on a device that isn’t running Windows? Each of these scenarios highlights something MMC cannot do but Admin Center can. That doesn’t mean Admin Center is a full replacement for MMC. It’s not quite there yet, but it does replace the functionality most admins will need on a regular basis, and it does so with a web-based interface that works great on high-DPI and touch screen devices regardless of platform.
In terms of browser support, only Microsoft Edge and Google Chrome are officially supported, though there’s a chance you’ll have success with other browsers. According to Microsoft’s Windows Admin Center documentation: “Other modern web browsers or other platforms are not currently part of our test matrix and are therefore not officially supported.” Microsoft also states, “Windows Admin Center is not tested with Mozila Firefox, but most functionality should work.”
Use modern authentication
The ability to authenticate to Windows Admin Center with a local user account or Active Directory credentials is a given, but Windows Admin Center can also leverage Azure AD accounts and the flexibility they bring to the equation such as conditional access and multi-factor authentication. There is a bit of a process to get Azure AD authentication working, but it’s well worth the effort.
Set role-based permissions
Assigning administrative users more access than they really need is a simple fact of life in many IT shops. There are numerous for this violation of the rule of least privilege including convenience, lack of manpower to manage and maintain permissions appropriately, or simply a limited understanding of the right way to manage levels of permission. Windows Admin Center won’t enforce the rule of least privilege all by itself, but it can be an additional tool to provide access without granting each administrator full permissions to every server.
Access to the Windows Admin Center gateway is configured in the Admin Center settings under Access. A gateway administrator can define Active Directory groups that should have access to Admin Center as either a gateway administrator or a simple user.
Role-based access control (RBAC) in Admin Center is configured per-server, meaning you can define more fine-grained levels of access to users based on their need to manage individual resources. RBAC in Windows Admin Center supports three levels of access through membership in the corresponding local computer groups: Windows Admin Center Administrators, Windows Admin Center Hyper-V Administrators, and Windows Admin Center Readers.
Leverage default auditing
It’s no secret that auditing changes to Windows Servers can be a major pain point. Identifying all the audit events that need to be enabled and getting it done consistently is half the battle, but then you have to track down where those events get logged and set up tools to monitor and correlate them.
Auditing in Windows Admin Center is turned on by default, which means all events are logged to a single event log on the server being managed and have the same event ID. Most of the information regarding the event being logged ends up in the event data in object notation, meaning you’ll still need to parse out all the details at some point, but getting all events consolidated into a single stream is a major step in the right direction.
Simplify performance monitoring
Windows Admin Center offers a modern take on performance monitoring, with the ability to design performance dashboards with multiple counters in individual, correlated graphs that can include line charts, heat maps, and other views. These dashboards, called workspaces, can be saved for later use or even exported to be shared with other users. Individual counters also support exporting log data as a CSV file to perform more detailed analysis with more sophisticated tools.
Manage modern server types
Windows Admin Center installed on an on-premises server can not only manage standard Windows servers (2012 and later) but also Hyper-V Servers (2012 R2 and later), Windows Server Core, Hyper-Converged systems, or even Azure VMs.
Replace Event Viewer
Sure, Event Viewer isn’t the most exciting feature, but it is a must-have for any sort of system troubleshooting or auditing. If you’ve ever tried to view event logs on a system where they weren’t properly maintained, you know how hard it can be to actually get anything useful out of them. Admin Center offers a similar set of tools for event logs as with performance monitoring, including the ability to add multiple logs to a single workspace, save your workspaces, or even export event logs once you’ve filtered the view down to the information you need.
Remote access without exposing firewall ports
There will always be some tasks that require access to the server console, and for that Windows Admin Center includes a Remote Desktop capability right from your browser. It’s not as full-featured as the Remote Desktop clients you’re used to, but it allows you to access the console of any managed server without having to leave open extra ports in your firewall. All traffic is routed and encrypted through the HTTPS connection to Windows Admin Center, which is critical as RDP ports are a popular target for malicious users.
Migrate and replicate storage
Windows Admin Center offers some cool functionality regarding storage, but first the basics.
Accessing the file system from Windows Admin Center is trivial, and you can perform all of the common tasks you would expect: creating new folders, renaming or deleting items, uploading/downloading, cut/copy/paste, and even extracting archives. You can also view, create, and manage file shares, including share permissions. Admin Center even lets you manage Disks and Volumes like you would in disk management, including formatting and resizing, creating and attaching VHD files, and managing disk quotas.
Where things get really interesting are the support for the Storage Migration Service and Storage Replica. Storage Migration Service will not only help you migrate data to a new server (either hosted on-premises or in Azure), but it will help with the process of maintaining user access to that data, both in terms of security and addressing. Storage Replica helps you configure volume replication between servers or clusters, and in certain scenarios can even support replication between hosts in separate sites.
Copyright © 2021 IDG Communications, Inc.
