 Welcome to another episode of Azure Unblocked. Today, we are going to have a look of Windows Admin Center in the Azure portal, and how you can leverage it to manage your Windows servers running in Azure, but also outside of Azure as well. Welcome back. My name is Thomas Maurer, and I'm here with Prasette, Product Manager for Windows Admin Center. First of all, great to have you here. We are going to talk about Windows Admin Center in the Azure portal, and a couple of new additions to it, which is absolutely awesome and exciting to me. For the viewers who are looking at this, can you tell us a little bit more what Windows Admin Center in the Azure portal is? Yeah, absolutely. Hey, Thomas, thanks for having me here today. I'm really excited to talk about this. Yeah. In the last couple of years, as we're seeing hybrid work really grow so much and really accelerate digital transformation. Us as the Windows Admin Center team, I realized that remote management has also involved into this everyday necessity. Yet remote management as it stands does not provide that in-depth management tooling that is required to manage all of your servers, all of your clusters that are sitting in the Cloud or on-premises. Just last year, we announced Windows Admin Center in Azure. That is, if you have an Azure ISVM that's running in the Azure portal, entirely in the Cloud or running in Azure, you get the entire familiar UI of Windows Admin Center to configure, troubleshoot, networking, all of the maintenance tasks, performance monitoring, all of the tools that you're so used to using with Windows Admin Center, all available natively in the Azure portal. The entire goal of this was to be this replacement to RDP, where customers have spent all of this time, RDPing into their machines to perform all of these management tasks. With this brand new UI of Windows Admin Center, you can now perform all of those tasks natively in Azure. That's fantastic. Again, I just want to say, so I don't need to RDP into my Windows Server anymore to actually get access to it. Obviously, we used Windows Admin Center in the past to run on-premises and I could also do remote management. But especially when I had servers everywhere, basically running in Azure and running on-prem, it's difficult network-wise always to access these. I'm super excited and I already played a lot with Windows Admin Center in Azure for Azure ISVMs. Can you explain a little bit to me what we actually have built for Azure ISVMs? Right. Yeah, exactly like you said, right? If you have all of this Azure IS infrastructure, Azure Arc, you're already using the Azure portal to manage your infrastructure. Why should you require to deploy yet another tool Windows Admin Center locally on some management node? When the Azure portal is already your home base, and that's essentially what we're trying to address here, is you already have this home base of the Azure portal. Let's bring you all of the management tooling that you actually need natively in the Azure portal itself. Yeah, I'll actually go here and show you what we actually built here for Azure ISVMs. Here we are in the Azure portal. In this case, I have this workload running in Azure. It's running Windows Server 2019, our Windows Server 2019 data center. What you'll see here on the left is we've introduced this new blade called Windows Admin Center. Now, in this particular case, I've already set up Windows Admin Center, but actually setting up and using and deploying Windows Admin Center is a really simple process. There's actually a one-click setup experience where you hit setup, you hit install, and it deploys this very lightweight agent onto your Azure ISVM itself. When I hit connect here, what's actually happening here is that Azure is communicating with that lightweight agent that we've deployed onto the ISVM itself. I'll hit connect here. It'll ask me for some local administrator credentials. Once I enter those credentials, what you'll notice is that you'll see the exact same UI of Windows Admin Center that you're familiar with loading here natively in the Azure portal. It's the things like I want to view my certificates, or I want to view my files, I want to view my events, firewall, really all of those tools that you're so used to using, all the way down to you want to RDP into your machine natively in the browser in the Azure portal itself. It's all available right here in the Azure portal. That's the entire crux of what we've built here for Azure ISVMs. There is one thing I want to point out though. Windows Admin Center, what we've built here for Azure ISVMs, it was built entirely with the Cloud in mind. You don't have to worry about provisioning your own certificate. For every instance of Windows Admin Center you deploy, you generally have to provision a certificate. You don't have to worry about provisioning DNS records. You don't even have to worry about networking. In this particular case, I'm connecting over a public IP address as you'll see here. If I go here into networking in the Azure portal, you'll see that I've actually opened up a port to connect over port 6516 where we've installed Windows Admin Center. Alternatively, if I wanted to connect over a private IP address, just like you would have to set up any networking to RDP into your machine, whether it's a VPN or ExpressRoute, you would use the exact same technology to actually connect to your ISVMs over that same VPN or ExpressRoute. Windows Admin Center will actually use the exact same thing to connect to it. That's awesome. Again, it's very fantastic to have this management experience Windows Admin Center can deliver but run it basically as a service in the Azure portal, and I don't need to think and deploy and any of that, I just can use it when I need to actually perform some management tasks on the machine itself. This is actually great. I mean, you showed me that now for Azure ISVMs, but we know that customers are not just running Windows Server in Azure. They're also running Windows Server on-premises at the Edge or even at other Cloud Providers. We have obviously solutions for that. Maybe you can a little bit tell us about our hybrid story in terms of what Azure Arc enabled servers and Azure Stack HCI clusters are. Sure. Yeah, absolutely. Folks that are not aware, we've not used Azure Arc in the past. Azure Arc for servers lets you manage your Windows and Linux physical servers and virtual machines running outside of Azure. So if it's on-premises running in another Cloud, and manage it as if it is running in Azure. So this management experience is designed to provide you with the same consistent interface that you're used to using for all of your other Azure services, whether it's right here like an Azure IS Virtual Machine, whether it's a storage account or really any other Azure service with the same things like using tags, using resource groups, all of those same awesome capabilities that have been built for every other Azure service you can now use to manage your on-premises infrastructure, or any of your infrastructure running outside of Azure. So essentially giving you the entire power of Azure for your on-premises machines. The Azure Arc team has built a ton of experiences to really make it feel like you're managing a real Azure service. So you can use things like Azure Policy to govern at scale, you can use things like Azure Monitor to monitor at scale, Azure Security Center, Azure Endpoint to do security at scale. All of those services that you're used to using for your Azure IS infrastructure, you can now use and bring those to your on-premise infrastructure, all again in the Azure portal or using Azure CLI, just natively all built in Azure for your on-premise infrastructure. Similarly, Azure Stack HCI is a solution that's also built on top of Azure Arc that provides all of these same Azure services for your hyper-converged infrastructure. So if you have an Azure Stack HCI cluster now running locally or really in the past folks may have been using those server clusters, you can now use an Azure Stack HCI cluster to do the same things I used to, running Windows and Linux workloads locally, but now manage it all in the Azure portal or using Azure CLI natively in Azure itself. That's fantastic. Again, I love how we actually leverage Azure, the Azure Control Plane, to not just manage Azure services but also things which are running outside of Azure, such as servers, in this case, Windows servers, but we also support obviously Linux servers and Azure Stack HCI clusters as well. I'm thinking how cool that is actually to manage that, especially if I have a distributed environment where I don't have just one location, but really multiple locations that can bring that all together. Now, with having these services, you're obviously here to announce a couple of things. So what are we actually announcing for Azure Arc-enabled servers and Azure Stack HCI? Yeah. Today, we're excited to announce the public preview of Windows Admin Center in Azure for your on-prem infrastructure. So for all of your Azure Stack HCI clusters and your Arc-enabled servers, you can now use the same experience of Windows Admin Center natively in the Azure portal. With actually one distinct change, and as I get to the demo, I'll let you know, but essentially, this entire capability enables you to do exactly what we showed you for IaaS here, like seamless and granular management of your on-prem Windows Server Arc-enabled servers, or your Azure Stack HCI clusters all from within the Azure portal. And it's all the same functionality, the same certificates, event viewer, performance monitor, RDP, all of the same access that we have here for your IaaS VMs, now for your Arc-enabled servers. So let's actually take a look at what this looks like. If I move on here, here you'll see I have an Azure Arc-enabled server. It's running, in this case, again, Windows Server 2019 data center. You'll see that it's an Arc-enabled server. And very similar to what I just showed you for IaaS VMs, we have this new blade called Windows Admin Center. In this case, I did wanna show just how easy it is to set up Windows Admin Center. So for this particular server, I'll actually go through the setup and install experience. You'll really see that it's a one-click setup button, followed by a simple one-click install button. In this case, very similar to IaaS VMs, it'll ask you to specify the port on which you want to deploy Windows Admin Center. By default, it's port 6516. Now, while this deploys in the background, there's actually one big thing I wanted to mention, one big difference between what we introduced here, what we introduced last year for IaaS VMs and what we're introducing here for Arc-enabled servers. The way IaaS infrastructure is built, it's all running in the cloud. You have access to all of your networking in the cloud. You can easily set up various Azure things like VPN, ExpressRoute to actually gain access to your IaaS VMs. Now, for on-prem infrastructure, it's kind of different, right? You own the networking. You own all of these various networking components that are not controlled from within Azure itself. And so what we've built here for Windows Admin Center in Azure that's actually different from IaaS VMs is that you can now connect to these on-prem machines using Windows Admin Center in Azure without needing any sort of VPN, without needing any public IP address, without needing any inbound connectivity to your ports, to your machines itself. So your on-prem server could be sitting in your office and you could be on a trip halfway across the world and you could be on your phone with no VPN and we could be on like the 5G network and you can still use Windows Admin Center and the Azure portal to fully manage your servers truly from anywhere. You don't need any inbound connectivity. Really none of that networking setup is required. Azure Arc takes care of all of that networking setup for you. So I'll actually move on here to just a server that I've already deployed just to show you what this looks like. Same thing here. In this case, it's a Windows Server 2022 machine. I already have Windows Admin Center deployed on this particular machine. You see this like simple connect button, really nothing else to do besides just hitting this little connect button. Very similarly, it'll ask for credentials to actually access the machine. I'll enter these very quickly. And what you'll see is that you'll see the same full UI of Windows Admin Center that you just saw for your IaaS VMs, except now for this on-prem Arc enabled machine. It's the same set of tools, the same set of everything that you would really need to manage your Windows Server machine certificates, devices, all of the same tools. Again, natively in the Azure portal. And this time, truly from anywhere. As I mentioned earlier, there's no networking requirement, no inbound port connectivity requirement. None of that is required to manage this particular Arc enabled server. It's fantastic, I love. So just from like for everyone watching, this is now, you are in the Azure portal, like you could be basically sitting anywhere and this is a server running like somewhere else in the world and you can connect to it. And you can obviously do all of these awesome management tasks with the extensions we have it from Windows Admin Center. And if you needed to, you could even directly open up a secure PowerShell or remote desktop connection to that server. So that is amazing. I really love that, especially, I mean, I love our tooling we have to manage services scale, but in some cases, right, you need to go in and you'd actually need to troubleshoot and connect to that server and figure out what is happening. And if you don't have network connectivity to that server, it can be troubling. Right, and I mean, that's exactly what we hear from customers, right? People love to use Windows Admin Center for that in-depth single server or single cluster management. That's exactly what Windows Admin Center thrives and builds for. And so getting all of that in-depth management from the portal is exactly what we're trying to show. I'll actually show you a similar thing here for Azure Stack ATI clusters. So here, if I switch tabs here a little bit. In this case, what you'll see here, I have an Azure Stack ATI cluster. In this case, it's a two-node ARC-enabled Azure Stack ATI cluster. You'll see that there's two nodes. And very similarly, we've introduced kind of the same thing. There's the Windows Admin Center blade. In this case, it's already set up here. So I'll just go ahead and hit this little connect button. Enter the admin credentials for my cluster this time. And now what you'll see here is you'll see the same familiar UI except now for managing clusters. So as I'm sure a lot of you are aware of, or if you've not used Windows Admin Center in the past, we have a whole separate UI built in Windows Admin Center for managing clusters. And so this goes all the way down to deploying workloads using our virtual machines tool, managing your servers themselves, deploying new volumes, managing your drives, deploying SDN. I mean, this is so incredibly powerful, right? It's a huge paradigm shift of how customers see the Azure portal for managing their on-prem infrastructure. In the past, for Azure Stack ATI in particular, it's been about billing or it's been about monitoring at scale. But let's say you are using Azure Monitor to monitor at scale. How do you actually fix an issue that Azure Monitor is telling you is wrong? How do you actually bring that volume back up that Azure Monitor tells you is down? And now you can use Windows Admin Center to actually do all of those tasks that Azure Monitor, all of these other at scale tooling is actually telling you that needs to be fixed. I mean, it gets all the way down to like a very weird specific thing, right? I want to update a storage space and pool on one particular cluster, on this cluster that's running in Texas, for example, right? Such like weird specific settings that only an IT admin would want to do or wouldn't even understand to do is now possible here natively in the Azure portal. So it really expands the depth and breadth of what the Azure portal can do. Yeah, no, that's incredible. I'm thinking about like, I work with a lot of customers which have deployed these hyperconverged clusters in different locations in the factories and retail stores. And until today, basically the IT admins who needed to do the administration tasks on those Azure HCI clusters, they needed to like have a VPN connection to that location and then RDP on the chump post or something like that and then start managing that. And how this really makes it super simple. And I guess with this is like, we also get additional features like benefits we get from the Azure portal like role-based access control and stuff like that for these specific clusters. So speaking of that, how does like this solution increase security? Yeah, absolutely. So the way Windows Admin Center is built it's built to really enhance security when you comes to managing servers and clusters, right? In the past, customers have had to open inbound port roles whether it's like 3389 for RDP 6516 for Windows Admin Center, for the WinRM port. There's all of these inbound connectivity ports that customers have had to open and manage themselves. Windows Admin Center in Azure only performs outbound connectivity from your machine. So it's really built to remove that need for public IP addresses, for VPNs, for inbound connectivity. Traffic is sent through the existing connection from the Azure Arc agent and Azure. So in order to arc enable a server in order to use Azure Stack ACI, you already deploy this Azure Arc agent on your machine and that Azure Arc agent has a set of end points it communicates with outbound. And Windows Admin Center leverages those same set of end points in order to perform outbound connectivity and for you to manage it from the Azure portal itself. You don't need to do any sort of extra configuration and all of the data, all of the communication that goes from the Azure portal to Azure here what you're seeing in the UI is end to end encrypted where SSL termination or TLS termination actually happens on your machine itself. There's nothing in the middle that can read your data. So that end to end encrypted communication really does enhance security for your servers and clusters. Again, this is fantastic. And again, it doesn't require a lot of things to actually set up in the cloud. It seems to be pretty straightforward by just hitting one setup button. So speaking of setting it up, I know you already talked a little bit about this, but how is this different from like deploying Windows Admin Center on-premises by myself? Right. And I'll actually give a customer example. I was just talking to a customer a couple of weeks ago and they were telling me about how they really want to get rid of this like management node that they have. They've had so many clusters that they've deployed and they have this dedicated management node for Windows Admin Center to manage our clusters. And it's a lot of maintenance is expensive to buy this management node, you know? And so Windows Admin Center, when you deploy it on-premises kind of requires that management node. It requires you to deploy it somewhere or establish connectivity if you deploy it on your local machine and whatnot. In this case, Windows Admin Center in Azure, it doesn't require any of that, right? You're just sitting in the Azure portal. It could be your phone or wherever. There's that lightweight agent that gets deployed on your cluster itself. So you already have your cluster running or your Arc-enabled server running. So it's quite different in the fact that it's a lot less maintenance. You don't have to worry about renewing your own certificates. We renew your certificates for you. You don't have to worry about your DNS records. We take care of that for you. You have to worry about managing ports. We take care of that for you. You don't have to worry about updating it. Windows Admin Center in Azure is actually always up to date like every other Azure feature. You don't worry about updating the Azure portal. You don't worry about updating Windows Admin Center. All of those like latest and greatest features are just like constantly available. We have the whole support infrastructure that we have for every other Azure service now also supporting Windows Admin Center in Azure. There's all of these awesome benefits that come with being an Azure service and being just like managing in Azure that you get now with Windows Admin Center in Azure. And my personal favorite one just because it's a super cool technology is it's actually much faster. So because of the way we've built Windows Admin Center in Azure, all of the UI for Windows Admin Center is actually hosted in the cloud. So it's pre-cached. It's significantly faster. It's actually hosting on Azure CDN, our content delivery network that runs the rest of the Azure portal. So with all the data coming from the cloud, it's significantly faster to load the UI. The only data that actually goes to your on-prem machine are those PowerShell commands that Windows Admin Center runs to actually get the data back. So really there's a lot of benefits of using Windows Admin Center in Azure as opposed to deploying it on-prem. And for those that are constantly connected to the internet or maybe not in like intermittently connected or disconnected environments, we do hope to see that Windows Admin Center in Azure will become sort of the primary way they manage their on-prem infrastructure. Yeah, no, absolutely. I mean, again, there's so many benefits to it. And speaking of that, I know now probably there's a lot of people interested in that, but before you use something in the cloud, there is usually some cost involved. So what is the cost for that? Yeah, so there's no cost associated with using Windows Admin Center in Azure, at least for public preview. There's definitely no cost associated with it right now. Okay, that's awesome. So it's a no, really I can just go and try it out without expecting any costs on that side. And so speaking of trying it out, if I'm now interested, how do I get started? Yeah, and it really is just as easy as I showed you here in the Azure portal, right? You open your Azure portal, you open your Azure ISVM or your Arc-enabled server or your Azure Stack HCI cluster resource, just like you would normally manage it in Azure, and you'll just magically see this new blade there called Windows Admin Center. If you haven't seen it before, go look for it now. At the moment, we support Windows Server 2016 and higher for both Azure ISVMs and Arc-enabled servers. And for Azure Stack HCI, we support 21, H2, or higher. So as long as you're running those operating systems, you should see the Windows Admin Center blade and you should be able to use it right away. Fantastic, thank you very much, Prasad. This was awesome and I'm super excited to try it out. And so thank you everyone watching and I hope I see you in another episode. Sweet, thanks for having me, Thomas.