Centralized management and monitoring
Whether you are installing new roles, running backups and maintenance programs, or troubleshooting and repairing a server, it is common sense that the first thing you would do is log directly into the server that you need to work on. Long ago this meant walking up to the server itself and logging on with the keyboard and mouse that were plugged right into that hardware. Then, quite a number of years ago, this became cumbersome and technology advanced to the point where we had the Remote Desktop Protocol (RDP) available to us. We quickly transitioned over to log into our servers remotely using RDP. Even though it's been around for many years, RDP is still an incredibly powerful and secure protocol, giving us the ability to quickly connect to servers from the comfort of our desk. And, as long as you have proper network topology and routing in place, you can work on a server halfway around the world just as quickly as one sitting in the cubicle next to you. In fact, I recently read that mining rights were being granted in outer space. Talk about a co-location for your datacenter! Maybe someday we will be using RDP to connect to servers in outer space. While this might be a stretch in our lifetimes, I do have the opportunity to work with dozens of new companies every year, and, while there are some other tools available for remotely managing your server infrastructure, RDP is the platform of choice for 99% of us out there.
Why talk about RDP? Because you probably all use it on a daily basis, and I needed to let you know that Windows Server 2019 includes some tools that make it much less necessary to our day-to-day workflow. The idea of centralized management in the server world has been growing through the last few Windows Server operating system rollouts. Most of us have so many servers running that checking in with them all daily would consume way too much time. We need some tools that we can utilize to make our management and monitoring, and even configuration processes, more efficient in order to free up time for more important projects.
Server Manager
If you have worked on Windows Server recently, you are familiar with the idea that logging into any of your servers automatically invokes a large window on top of the desktop. This auto-launching program is Server Manager. As the name implies, it's here to help you manage your server. However, in my experience, the majority of server administrators do not utilize Server Manager. Instead, they close it as fast as they can and curse at it under their breath, because it's been popping up and annoying them during every server login for the past 10 years.
Stop doing that! It's here to help, I promise. Figure 2.17 shows the default view of Server Manager on my new domain controller:
Figure 2.17: Server Manager on my domain controller
What I like about this opening automatically is that it gives me a quick look into what is currently installed on the server. Looking at the column on the left side shows you the list of roles installed and available for management. Clicking on each of these roles brings you into some more particular configuration and options for the role itself. I often find myself hopping back and forth between many different servers while working on a project, and leaving Server Manager open gives me a quick way of double-checking that I am working on the correct server. The ROLES AND SERVER GROUPS section at the bottom is also very interesting. You might not be able to see the colors in the picture if you are reading a printed copy of this book, but this gives you a very quick view into whether or not the services running on this server are functioning properly. Right now, both my AD DS and DHCP functions are running normally, I have a nice green bar running through them. But, if anything was amiss with either of these roles, it would be flagged bright red, and I could click on any of the links listed under those role headings in order to track down what the trouble is.
Up near the top-right corner, you see a few menus, the most useful of which, to me, is the Tools menu. Click on that, and you see a list of all the available Administrative Tools to launch on this server. Yes, this is essentially the same Administrative Tools folder that has existed in each of the previous versions of Windows Server, now stored in a different location. Based on my experience, Server Manager is now the easiest way to access this myriad of tools all from a single location:
Figure 2.18: The Tools menu in Server Manager
So far, the functions inside Server Manager that we have discussed are available on any installation of Windows Server 2019, whether it is standalone or part of a domain. Everything we have been doing is only dealing with the local server that we are logged into. Now, let's explore what options are available to us in Server Manager for the centralization of management across multiple servers. The new mentality of managing many servers from a single server is often referred to as managing from a single pane of glass. We will use Server Manager on one of our servers in the network to make connections to additional servers, and after doing that we should have much more information inside Server Manager that we can use to keep tabs on all of those servers.
Front and center inside the Server Manager console is the section entitled Welcome to Server Manager. Under that, we have a series of steps or links that can be clicked on. The first one lets you configure settings that are specific only to this local server. We have already done some work with the second step when we added a new role to our server. Now we will test out the third step, Add other servers to manage.
By the way, this same function can also be called by clicking on the Manage menu at the top, and then choosing Add Servers., as shown in Figure 2.19:
Figure 2.19: Adding servers
Most of you will be working within a domain environment where the servers are all domain-joined, which makes this next part really easy. Simply click on the Find Now button, and the machines available within your network will be displayed. From here, you can choose the servers that you want to manage, and move them over to the Selected column on the right, as shown in Figure 2.20:
Figure 2.20: Select the servers you want to manage
After clicking OK, you will see that Server Manager has transformed in order to give you more information about all of these servers and roles that are installed on them. Now when you log into this single server, you immediately see critical maintenance information about all of the systems that you have chosen to add here. You could even use one dedicated server to handle the management of your whole arsenal of servers. For example, I am currently logged into a brand new server called CA1
. I do not have any roles installed on this server, so, by default, Server Manager looks pretty basic. As soon as I add other servers (my domain controllers) to be managed, my Server Manager on the CA1
server now contains all of the details about CA1
and my domain controllers, so I can view all facets of my infrastructure from this single pane. As you can see in Figure 2.21, I even have some flags here indicating that some services are not running properly within my infrastructure:
Figure 2.21: Managing servers on Server Manager Dashboard
Clicking on the All Servers link, or into one of the specific roles, gives you even more comprehensive information collected from these remote servers. Adding multiple servers into Server Manager is not only useful for monitoring but for future configurations as well. You remember a few pages ago when we added a new role using the wizard? That process has now evolved to become more comprehensive, since we have now tapped this server into our other servers in the network.
If I now choose to add a new role from inside Server Manager that is aware of multiple servers in the network, when I get to the screen asking me where I want to install that role, I see that I can choose to install a new role or feature onto one of my other servers, even though I am not working from the console of those servers, as shown in Figure 2.22:
Figure 2.22: Selecting a server to install a new role or feature on
If I wanted to install the AD DS role onto DC2
, a server I'm prepping as a second domain controller in my environment, I would not have to log into the DC2
server. Right here, from Server Manager running on CA1
, I could run through the Add Roles wizard, define DC2
as the server that I want to manipulate, and install the role directly from here.
Remote Server Administration Tools (RSAT)
Using Server Manager on a single server to manage and monitor all of your servers is pretty handy, but what if we could take one more step out of that process? What if I told you that you didn't have to log into any of your servers, but could perform all of these tasks from the computer sitting on your desk?
This is possible by installing a toolset from Microsoft called the Remote Server Administration Tools (RSAT). I have a regular Windows 10 client computer online and running in our network, also domain-joined. I am now going to add an optional feature to this Windows 10 computer to give it the RSAT toolset.
Open up Settings on the client computer and type the word optional
into the search bar. One of the options presented will be Manage optional features. Go ahead and click that. Once inside Optional features, click the button to Add a feature. This will open a list of many optional features to choose from, including a lot of language options, but if you scroll down in the list you will eventually come to a number of different entries that start with RSAT:
. If there were only a select number of the tools that you wanted to use from this Windows 10 client, you could be selective here and only install the admin consoles that you actually need. Since this is a test lab and I want as many options as possible, I am simply going to check the box next to every item that begins with RSAT:
, as you can see in Figure 2.23:
Figure 2.23: Installing RSAT features
If your computer is running a version of Windows 10 that is older than 1809, you won't find these options on your Settings screen. Instead, you can download and install the whole RSAT package from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=45520.
After walking through the process to get these tools on my Windows 10 client computer, I can't seem to find any program that is called the Remote Server Administration Tool. That would be correct. Even though the names of these features we are installing all begin with RSAT, the components that are getting installed onto your system are the actual Windows Server system tools. If you peruse your Start menu, you will now find Server Manager, just like on a server, along with a folder full of Windows Administrative Tools! This makes sense, except that if you don't realize the name discrepancy, it can take you a few minutes to figure out why you cannot find what you just installed.
So, go ahead and launch Server Manager by finding it in the Start menu, or by using the search bar, or even by saying Hey Cortana, open Server Manager. Sorry, I couldn't resist. But whatever your method, open up Server Manager on your desktop computer and you will see that it looks and feels just like Server Manager in Windows Server 2019. And, in the same way that you work with and manipulate it within the server operating system, you can take the same steps here in order to add your servers for management.
In Figure 2.24, you can see that I have walked through the step to Add other servers to manage and selected some of the servers that are within my test network. I now have access, right here from my Windows 10 client computer, to manage and monitor all of the servers in my lab, without even having to log into them:
Figure 2.24: Centralized management via Server Manager
Does this mean RDP is dead?
With these new and improved ways to manage the underlying components of your servers without having to log into them directly, does this mean that our age-old friend RDP is going away? Certainly not! We will still have the need to access our servers directly sometimes, even if we go all-in with using the newer management tools. And I also expect that many administrators out there will continue using RDP and full desktop-based access for all management and monitoring of their servers simply because that is what they are more comfortable with, even if newer, more efficient ways now exist to accomplish the same tasks.
Remote Desktop Connection Manager
Since most of us do still utilize RDP occasionally (or often) when bouncing around between our servers, let's take a quick look at a tool that can at least make this task more manageable and centralized. I won't spend a lot of time looking over individual features or capabilities of this tool, since it is a client-side tool and not something that is specific to Windows Server 2019. You can use this to handle RDP connections for any and all of your servers, or even all of the client computers in your network. Remote Desktop Connection Manager is an incredibly useful platform for storing all of the different RDP connections that you make within your environment. You can save connections so that you don't have to spend time trying to remember server names, sort servers into categories, and even store credentials so that you don't have to type passwords when connecting to servers. Though a disclaimer should come with that one—your security folks may not be happy if you choose to employ the password storing feature.
Unfortunately, I can no longer provide you with a Microsoft download link for this tool, as the official Microsoft stance is that they are no longer making improvements to Remote Desktop Connection Manager, and that you should instead utilize the built-in MSTSC program or the universal Remote Desktop client application from the Microsoft Store. At this moment in time, these toolsets are limited in capability compared to what RDCM used to offer, and so I will leave it up to you as to which you prefer to pursue. There are still plenty of ways to find the RDCM installer if you seek it out online. You should be aware, however, that the reason it was discontinued and removed from Microsoft's own download pages is that a security vulnerability is present in the RDCM tool. This vulnerability would require an attacker to convince you, the admin, to launch an RDG file on your computer, which would then allow the attacker to extract data from your computer. So the risk is in your hands as to whether you think you could refrain from ever doing that or not. Here is a screenshot of the RDCM tool so you can have an idea of what it looks and feels like:
Figure 2.25: The RDCM tool
I almost removed this entire section from the book due to the security vulnerability and the official download no longer being available. In the end, I decided to leave it in place, not to make any official recommendations on what you should do, but to at least pass on the idea that there are options available to you for quick and easy RDP connection management when you are dealing with many different servers. There are plenty of alternative third-party toolsets that can accomplish the same thing, so while the Microsoft-provided Remote Desktop Connection Manager is no longer officially available, there are both free and paid applications that have been written by other companies that can be used to perform the same tasks.