Updated – 4/19/2018 – Added [Manage Storage Spaces Direct in Windows Server 2016 with Windows Admin Center]
The day has come … After nearly a year of private and public previews, Windows Control Center (formerly known as Windows Control Center) Microsoft project ‘Honolulu’) is now widely available for production use.
In the unlikely event you haven’t heard of Microsoft project ‘Honolulu’ unless you are lying on the beach in Honolulu without an internet connection 🙂
Windows Control Center is the final official name of the Honolulu project. Windows Control Center is a flexible, locally deployed, browser-based management environment and solution. It includes key tools for troubleshooting, configuring, managing, and maintaining Windows Server, Windows Client, Hyper-Converged Infrastructure, and Microsoft Hyper-V Server.
If you have already begun to evaluate Windows Control Center, then you’re good to go. If not, go to the Getting Started Guide here kick the tires off.
I will present some important updates in the Windows Control Center in GA.
Using Remote Desktop via HTML5
One of the most requested features of the UserVoice service in Windows Control Center is the integration of RDP and what all Windows Server administrators have used over the past decade. Microsoft uses RDP through HTML5 With Windows Control Center. Now it’s easier to manage Windows Core (headless server).
Using PowerShell via HTML5
One of the other most popular features is the addition of PowerShell. With the same tool, you can get under the Hood and bring up the entire command line in a PowerShell session via HTML5. This is awesome! I would also like to point out that you also have full Intellinense, you can type any PowerShell command followed by TAB key.
Hyperconverged Infrastructure (HCI) Management
Managing storage spaces (HCI cluster) has never been so easy with Windows Control Center. The latest improvements that have been added are:
- Monitoring the progress of recording work. You can see storage jobs such as balancing storage. You can also see the volume status of each volume in maintenance mode, such as repair or synchronization jobs.
- Deductions and packaging. You can enable deduplication and compression of data for each volume, or you can do the same when creating a new volume.
- Improved UI experience when merging with Hyper-Converged Cluster.
- More improvements in the inventory grid. You can see the usage time of each server, you can group drives by server, or search for a specific drive, model, or serial number.
To manage your cluster as a Hyper-Converged Infrastructure environment in Windows Control Center, it must have a Windows Server 2019 preview structure and Hyper-V and Storage Spaces Direct connections.
Microsoft also added management support Direct storage modes In Windows Server 2016 with Windows Control Center. For this to work, you need to install April 17, 2018-04 Cumulative update for Windows Server 2016, KB4093120, on each server in the Storage Spaces Direct cluster. The Hyper-Converged Infrastructure experience depends on the new management APIs that will be added to this update. Check the notification here to get started.
Manage remote computers
Remote Client Computer Management (Windows 10) is also a brand new feature in Honolulu. So instead Server management, you select Computer management. And just like on servers, you can simply add a computer by typing a name, add an IP address, or import a list of client names using a text file. You can see that I still have plenty of features. I see an overview system, certificates, equipment, Proceedings, firewall configurationand much more.
Role Based Access Control (RBAC)
Role-based access control (RBAC) allows you to configure three role definitions:
- Windows Control Center administrators: Allows users to view and control most tools. Use this role to allow the user to control the entire server, but only through Honolulu. Users in this role are not granted direct access to the server through WinRM or Remote Desktop.
- Windows Control Center Hyper-V Administrators: Allows users to control Hyper-V virtual machines and switches. Other tools are available in read-only mode.
- Windows Control Center Readers: Allows users to view most tools but does not allow them to make changes.
Once you have connected to the managed node, go to settings from the server Overviewand then select Role-based access control tab. This page displays the current status of the RBAC configuration, an overview of RBAC operation, and the ability to add or remove an RBAC configuration on the machine. Note that when you change the role-based access control configuration on the target node, it restarts WinRM. This can interrupt other users who use PowerShell remote access or WMI to control this computer.
Once the RBAC configuration is enabled on the target node, you can add non-administrator accounts for local groups that meet the above role definitions. So when you connect as such users, access is restricted to their role.
When you decide to use the RBAC configuration on the target node, it will take advantage of it under the Hood Desired space configuration (DSC) specifies the target node. Under the hood, DSC is setting up PowerShell Just enough administration (JEA) endpoint with three roles: Windows Control Center administrators, Windows Control Center Hyper-V administratorsand Windows Control Center Readers.
Make Windows Control Center highly accessible
You can enable Windows Control Center in a failover cluster to ensure high availability of the Control Center gateway service. The delivered solution is an active-passive solution where only one instance of the control center is active. If one of the nodes in the cluster fails, Windows Control Center will smoothly fail to the other node, allowing you to continue managing servers in your environment seamlessly. Some conditions to consider before starting the installation:
- You need at least a two-node failover cluster for Windows Server 2016.
- You need Cluster Shared Volume (CSV) for Windows Admin Center to store persistent data that can be used by all nodes in the cluster. 10GB should be enough for CSV.
- You will need high availability deployment scripts at HA Control Scripts zip file in Windows Control Center. You can download .ZIP code the file that contains these scripts to the cluster node or to your local machine.
- Recommended but optional: signed certificate .pfx and Password. You don’t already need to have the certificate installed on the cluster nodes – the script will do it for you. If you do not provide it, the installer will create a self-signed certificate that will expire in 90 days.
Learn more about deployment Windows Control Center In HA mode, check the following article.
Microsoft has also added Azure Active Directory (AAD) -based access control. AADs allow you to specify conditional access policies that require multi-factor authentication, device compliance, and more. For instructions on how to configure this, see the Azure Active Directory section of the gateway’s documentation here.
To configure the AAD, you must first connect the gateway to Azure by downloading New-AadApp PowerShell script. This step creates an AAD application from which you can manage the rights of the gateway user and the gateway administrator.
Note that access control only applies when you use the Windows Control Center as a service on Windows Server, not Windows Client.
The Microsoft Windows Admin Center is the future of the remote server management experience. This is a big step for Microsoft in the local environment and Azure has one glass pane for managing servers anywhere. This means that Server Core is the recommended choice for hosting virtual machines, infrastructure workloads, and repositories. Windows Control Center helps you manage and configure Server Core installations and eliminates the significant need to log on locally to each server. We no longer need a graphical user interface on every server.
This is the first GA release Microsoft Windows Control Center and yet there are many features that will be added along the way. In the meantime, you can download the GA publication today for free at http://aka.ms/WACDownload, check the complete documentation here and share your feedback User Voice Windows Control Center.
Until then … Stay tuned!
Thanks for locking my blog.
If you have any questions or feedback, please leave a comment.